mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-24 10:01:35 +01:00
checkstyle/pmd suggested corrections
This commit is contained in:
Jeremy Long
@@ -528,8 +528,7 @@ public class Engine implements FileFilter {
|
|||||||
final long analyzerDurationMillis = System.currentTimeMillis() - analyzerStart;
|
final long analyzerDurationMillis = System.currentTimeMillis() - analyzerStart;
|
||||||
final long analyzerDurationSeconds = TimeUnit.MILLISECONDS.toSeconds(analyzerDurationMillis);
|
final long analyzerDurationSeconds = TimeUnit.MILLISECONDS.toSeconds(analyzerDurationMillis);
|
||||||
LOGGER.info("Finished {} ({} seconds)", analyzer.getName(), analyzerDurationSeconds);
|
LOGGER.info("Finished {} ({} seconds)", analyzer.getName(), analyzerDurationSeconds);
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
LOGGER.debug("Skipping {} (not enabled)", analyzer.getName());
|
LOGGER.debug("Skipping {} (not enabled)", analyzer.getName());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -107,7 +107,7 @@ public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer {
|
|||||||
final SuppressionParser parser = new SuppressionParser();
|
final SuppressionParser parser = new SuppressionParser();
|
||||||
File file = null;
|
File file = null;
|
||||||
try {
|
try {
|
||||||
InputStream in = this.getClass().getClassLoader().getResourceAsStream("dependencycheck-base-suppression.xml");
|
final InputStream in = this.getClass().getClassLoader().getResourceAsStream("dependencycheck-base-suppression.xml");
|
||||||
rules = parser.parseSuppressionRules(in);
|
rules = parser.parseSuppressionRules(in);
|
||||||
} catch (SAXException ex) {
|
} catch (SAXException ex) {
|
||||||
throw new SuppressionParseException("Unable to parse the base suppression data file", ex);
|
throw new SuppressionParseException("Unable to parse the base suppression data file", ex);
|
||||||
|
|||||||
@@ -243,7 +243,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
|||||||
final boolean addPackagesAsEvidence = !(hasManifest && hasPOM);
|
final boolean addPackagesAsEvidence = !(hasManifest && hasPOM);
|
||||||
analyzePackageNames(classNames, dependency, addPackagesAsEvidence);
|
analyzePackageNames(classNames, dependency, addPackagesAsEvidence);
|
||||||
} catch (IOException ex) {
|
} catch (IOException ex) {
|
||||||
throw new AnalysisException("Exception occurred reading the JAR file (" + dependency.getFileName() +").", ex);
|
throw new AnalysisException("Exception occurred reading the JAR file (" + dependency.getFileName() + ").", ex);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -100,20 +100,21 @@ public class VersionFilterAnalyzer extends AbstractAnalyzer {
|
|||||||
for (Evidence e : dependency.getVersionEvidence()) {
|
for (Evidence e : dependency.getVersionEvidence()) {
|
||||||
if ("file".equals(e.getSource()) && "version".equals(e.getName())) {
|
if ("file".equals(e.getSource()) && "version".equals(e.getName())) {
|
||||||
fileVersion = e.getValue(Boolean.FALSE);
|
fileVersion = e.getValue(Boolean.FALSE);
|
||||||
} else if (("nexus".equals(e.getSource()) || "central".equals(e.getSource()) || "pom".equals(e.getSource())) && "version".equals(e.getName())) {
|
} else if (("nexus".equals(e.getSource()) || "central".equals(e.getSource())
|
||||||
|
|| "pom".equals(e.getSource())) && "version".equals(e.getName())) {
|
||||||
pomVersion = e.getValue(Boolean.FALSE);
|
pomVersion = e.getValue(Boolean.FALSE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (fileVersion != null && pomVersion != null) {
|
if (fileVersion != null && pomVersion != null) {
|
||||||
DependencyVersion dvFile = new DependencyVersion(fileVersion);
|
final DependencyVersion dvFile = new DependencyVersion(fileVersion);
|
||||||
DependencyVersion dvPom = new DependencyVersion(pomVersion);
|
final DependencyVersion dvPom = new DependencyVersion(pomVersion);
|
||||||
if (dvPom.equals(dvFile)) {
|
if (dvPom.equals(dvFile)) {
|
||||||
LOGGER.debug("filtering evidence from {}", dependency.getFileName());
|
LOGGER.debug("filtering evidence from {}", dependency.getFileName());
|
||||||
EvidenceCollection versionEvidence = dependency.getVersionEvidence();
|
final EvidenceCollection versionEvidence = dependency.getVersionEvidence();
|
||||||
synchronized (versionEvidence) {
|
synchronized (versionEvidence) {
|
||||||
final Iterator<Evidence> itr = versionEvidence.iterator();
|
final Iterator<Evidence> itr = versionEvidence.iterator();
|
||||||
while (itr.hasNext()) {
|
while (itr.hasNext()) {
|
||||||
Evidence e = itr.next();
|
final Evidence e = itr.next();
|
||||||
if (!("version".equals(e.getName())
|
if (!("version".equals(e.getName())
|
||||||
&& ("file".equals(e.getSource())
|
&& ("file".equals(e.getSource())
|
||||||
|| "nexus".equals(e.getSource())
|
|| "nexus".equals(e.getSource())
|
||||||
|
|||||||
@@ -18,17 +18,12 @@
|
|||||||
package org.owasp.dependencycheck.data.update;
|
package org.owasp.dependencycheck.data.update;
|
||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.FileInputStream;
|
|
||||||
import java.io.FileNotFoundException;
|
|
||||||
import java.io.FileOutputStream;
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.net.MalformedURLException;
|
import java.net.MalformedURLException;
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.zip.GZIPInputStream;
|
|
||||||
import javax.xml.parsers.ParserConfigurationException;
|
import javax.xml.parsers.ParserConfigurationException;
|
||||||
import javax.xml.parsers.SAXParser;
|
import javax.xml.parsers.SAXParser;
|
||||||
import org.apache.commons.io.FileUtils;
|
|
||||||
import static org.owasp.dependencycheck.data.nvdcve.DatabaseProperties.LAST_CPE_UPDATE;
|
import static org.owasp.dependencycheck.data.nvdcve.DatabaseProperties.LAST_CPE_UPDATE;
|
||||||
import org.owasp.dependencycheck.data.update.cpe.CPEHandler;
|
import org.owasp.dependencycheck.data.update.cpe.CPEHandler;
|
||||||
import org.owasp.dependencycheck.data.update.cpe.Cpe;
|
import org.owasp.dependencycheck.data.update.cpe.Cpe;
|
||||||
|
|||||||
@@ -20,15 +20,12 @@ package org.owasp.dependencycheck.data.update.nvd;
|
|||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.FileInputStream;
|
import java.io.FileInputStream;
|
||||||
import java.io.FileNotFoundException;
|
import java.io.FileNotFoundException;
|
||||||
import java.io.FileOutputStream;
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
import java.util.concurrent.Callable;
|
import java.util.concurrent.Callable;
|
||||||
import java.util.concurrent.ExecutorService;
|
import java.util.concurrent.ExecutorService;
|
||||||
import java.util.concurrent.Future;
|
import java.util.concurrent.Future;
|
||||||
import java.util.zip.GZIPInputStream;
|
|
||||||
import org.apache.commons.io.FileUtils;
|
|
||||||
import org.owasp.dependencycheck.data.nvdcve.CveDB;
|
import org.owasp.dependencycheck.data.nvdcve.CveDB;
|
||||||
import org.owasp.dependencycheck.data.update.exception.UpdateException;
|
import org.owasp.dependencycheck.data.update.exception.UpdateException;
|
||||||
import org.owasp.dependencycheck.utils.DownloadFailedException;
|
import org.owasp.dependencycheck.utils.DownloadFailedException;
|
||||||
|
|||||||
@@ -105,7 +105,7 @@ public class ReportGenerator {
|
|||||||
velocityEngine.init();
|
velocityEngine.init();
|
||||||
final EscapeTool enc = new EscapeTool();
|
final EscapeTool enc = new EscapeTool();
|
||||||
|
|
||||||
final DateTime dt = new DateTime();//.now();
|
final DateTime dt = new DateTime();
|
||||||
final DateTimeFormatter dateFormat = DateTimeFormat.forPattern("MMM d, yyyy 'at' HH:mm:ss z");
|
final DateTimeFormatter dateFormat = DateTimeFormat.forPattern("MMM d, yyyy 'at' HH:mm:ss z");
|
||||||
final DateTimeFormatter dateFormatXML = DateTimeFormat.forPattern("yyyy-MM-dd'T'HH:mm:ss.SSSZ");
|
final DateTimeFormatter dateFormatXML = DateTimeFormat.forPattern("yyyy-MM-dd'T'HH:mm:ss.SSSZ");
|
||||||
|
|
||||||
|
|||||||
@@ -100,7 +100,6 @@ public class SuppressionParser {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Parses the given XML stream and returns a list of the suppression rules
|
* Parses the given XML stream and returns a list of the suppression rules
|
||||||
* contained.
|
* contained.
|
||||||
@@ -113,7 +112,7 @@ public class SuppressionParser {
|
|||||||
public List<SuppressionRule> parseSuppressionRules(InputStream inputStream) throws SuppressionParseException, SAXException {
|
public List<SuppressionRule> parseSuppressionRules(InputStream inputStream) throws SuppressionParseException, SAXException {
|
||||||
return parseSuppressionRules(inputStream, SUPPRESSION_SCHEMA);
|
return parseSuppressionRules(inputStream, SUPPRESSION_SCHEMA);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Parses the given XML stream and returns a list of the suppression rules
|
* Parses the given XML stream and returns a list of the suppression rules
|
||||||
* contained.
|
* contained.
|
||||||
|
|||||||
@@ -19,7 +19,6 @@ package org.owasp.dependencycheck.maven;
|
|||||||
|
|
||||||
import java.io.BufferedOutputStream;
|
import java.io.BufferedOutputStream;
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.FileInputStream;
|
|
||||||
import java.io.FileNotFoundException;
|
import java.io.FileNotFoundException;
|
||||||
import java.io.FileOutputStream;
|
import java.io.FileOutputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
@@ -61,7 +60,6 @@ import org.owasp.dependencycheck.dependency.Vulnerability;
|
|||||||
import org.owasp.dependencycheck.exception.ExceptionCollection;
|
import org.owasp.dependencycheck.exception.ExceptionCollection;
|
||||||
import org.owasp.dependencycheck.exception.ReportException;
|
import org.owasp.dependencycheck.exception.ReportException;
|
||||||
import org.owasp.dependencycheck.reporting.ReportGenerator;
|
import org.owasp.dependencycheck.reporting.ReportGenerator;
|
||||||
import org.owasp.dependencycheck.utils.ExpectedOjectInputStream;
|
|
||||||
import org.owasp.dependencycheck.utils.Settings;
|
import org.owasp.dependencycheck.utils.Settings;
|
||||||
import org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher;
|
import org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher;
|
||||||
import org.sonatype.plexus.components.sec.dispatcher.SecDispatcher;
|
import org.sonatype.plexus.components.sec.dispatcher.SecDispatcher;
|
||||||
|
|||||||
@@ -68,7 +68,7 @@ public final class Checksum {
|
|||||||
ch = fis.getChannel();
|
ch = fis.getChannel();
|
||||||
final ByteBuffer buf = ByteBuffer.allocateDirect(8192);
|
final ByteBuffer buf = ByteBuffer.allocateDirect(8192);
|
||||||
int b = ch.read(buf);
|
int b = ch.read(buf);
|
||||||
while ((b != -1) && (b != 0)) {
|
while (b != -1 && b != 0) {
|
||||||
buf.flip();
|
buf.flip();
|
||||||
final byte[] bytes = new byte[b];
|
final byte[] bytes = new byte[b];
|
||||||
buf.get(bytes);
|
buf.get(bytes);
|
||||||
|
|||||||
Reference in New Issue
Block a user