checkstyle recommended updates

Former-commit-id: 17e3e4580553c07b33533f1e9f6cb5f33177f78e
2026-03-27 11:31:24 +01:00 · 2015-07-09 07:07:36 -04:00
parent 0a4c3102dd
commit b227cf890b
23 changed files with 208 additions and 105 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
@@ -331,8 +331,8 @@ public class Engine implements FileFilter{
    /**
     * Runs the analyzers against all of the dependencies. Since the mutable dependencies list is exposed via
     * {@link #getDependencies()}, this method iterates over a copy of the dependencies list. Thus, the potential for
-     * {@link java.util.ConcurrentModificationException}s is avoided, and analyzers may safely add or remove entries
+     * {@link java.util.ConcurrentModificationException}s is avoided, and analyzers may safely add or remove entries from the
-     * from the dependencies list.
+     * dependencies list.
     */
    public void analyzeDependencies() {
        boolean autoUpdate = true;
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java
@@ -1058,7 +1058,8 @@ public class DependencyCheckScanAgent {
            }
        }
        if (summary.length() > 0) {
-            LOGGER.warn("\n\nOne or more dependencies were identified with known vulnerabilities:\n\n{}\n\nSee the dependency-check report for more details.\n\n",
+            LOGGER.warn("\n\nOne or more dependencies were identified with known vulnerabilities:\n\n{}\n\n"
                    + "See the dependency-check report for more details.\n\n",
                    summary.toString());
        }
    }
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java
@@ -39,10 +39,8 @@ import java.util.Set;
 public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implements FileTypeAnalyzer {
    //<editor-fold defaultstate="collapsed" desc="Constructor">
    /**
-     * Base constructor that all children must call. This checks the configuration to determine if the analyzer is
+     * Base constructor that all children must call. This checks the configuration to determine if the analyzer is enabled.
     * enabled.
     */
    public AbstractFileTypeAnalyzer() {
        reset();
@@ -102,18 +100,16 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
 //</editor-fold>
    //<editor-fold defaultstate="collapsed" desc="Abstract methods children must implement">
    /**
     * <p>
-     * Returns the {@link java.io.FileFilter} used to determine which files are to be analyzed.
+     * Returns the {@link java.io.FileFilter} used to determine which files are to be analyzed. An example would be an analyzer
-     * An example would be an analyzer that inspected Java jar files. Implementors may use
+     * that inspected Java jar files. Implementors may use {@link org.owasp.dependencycheck.utils.FileFilterBuilder}.</p>
     * {@link org.owasp.dependencycheck.utils.FileFilterBuilder}.</p>
     *
     * @return the file filter used to determine which files are to be analyzed
     * <p/>
     * <p>
-     * If the analyzer returns null it will not cause additional files to be analyzed, but will be executed against
+     * If the analyzer returns null it will not cause additional files to be analyzed, but will be executed against every file
-     * every file loaded.</p>
+     * loaded.</p>
     */
    protected abstract FileFilter getFileFilter();
@@ -125,8 +121,8 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
    protected abstract void initializeFileTypeAnalyzer() throws Exception;
    /**
-     * Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted,
+     * Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted, scanned,
-     * scanned, and added to the list of dependencies within the engine.
+     * and added to the list of dependencies within the engine.
     *
     * @param dependency the dependency to analyze
     * @param engine the engine scanning
@@ -144,7 +140,6 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
 //</editor-fold>
    //<editor-fold defaultstate="collapsed" desc="Final implementations for the Analyzer interface">
    /**
     * Initializes the analyzer.
     *
@@ -175,8 +170,8 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
    }
    /**
-     * Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted,
+     * Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted, scanned,
-     * scanned, and added to the list of dependencies within the engine.
+     * and added to the list of dependencies within the engine.
     *
     * @param dependency the dependency to analyze
     * @param engine the engine scanning
@@ -191,7 +186,7 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
    @Override
    public boolean accept(File pathname) {
-        FileFilter filter = getFileFilter();
+        final FileFilter filter = getFileFilter();
        boolean accepted = false;
        if (null == filter) {
            LOGGER.error("The '{}' analyzer is misconfigured and does not have a file filter; it will be disabled", getName());
@@ -205,13 +200,11 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
    }
    //</editor-fold>
    //<editor-fold defaultstate="collapsed" desc="Static utility methods">
    /**
     * <p>
-     * Utility method to help in the creation of the extensions set. This constructs a new Set that can be used in a
+     * Utility method to help in the creation of the extensions set. This constructs a new Set that can be used in a final static
-     * final static declaration.</p>
+     * declaration.</p>
     * <p/>
     * <p>
     * This implementation was copied from
@@ -226,6 +219,5 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen
        return set;
    }
 //</editor-fold>
 }
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
@@ -17,7 +17,14 @@
 */
 package org.owasp.dependencycheck.analyzer;
-import java.io.*;
+import java.io.BufferedInputStream;
 import java.io.BufferedOutputStream;
 import java.io.File;
 import java.io.FileFilter;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
@@ -47,8 +54,8 @@ import org.slf4j.LoggerFactory;
 /**
 * <p>
- * An analyzer that extracts files from archives and ensures any supported files contained within the archive are added
+ * An analyzer that extracts files from archives and ensures any supported files contained within the archive are added to the
- * to the dependency list.</p>
+ * dependency list.</p>
 *
 * @author Jeremy Long
 */
@@ -93,8 +100,8 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
     */
    private static final Set<String> ZIPPABLES = newHashSet("zip", "ear", "war", "jar", "sar", "apk", "nupkg");
    /**
-     * The set of file extensions supported by this analyzer. Note for developers, any additions to this list will need
+     * The set of file extensions supported by this analyzer. Note for developers, any additions to this list will need to be
-     * to be explicitly handled in extractFiles().
+     * explicitly handled in extractFiles().
     */
    private static final Set<String> EXTENSIONS = newHashSet("tar", "gz", "tgz");
@@ -186,8 +193,8 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
    }
    /**
-     * Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted,
+     * Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted, scanned,
-     * scanned, and added to the list of dependencies within the engine.
+     * and added to the list of dependencies within the engine.
     *
     * @param dependency the dependency to analyze
     * @param engine the engine scanning
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
@@ -19,6 +19,13 @@ package org.owasp.dependencycheck.analyzer;
 import ch.qos.cal10n.IMessageConveyor;
 import ch.qos.cal10n.MessageConveyor;
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileFilter;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.dependency.Confidence;
@@ -37,7 +44,6 @@ import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.xpath.XPath;
 import javax.xml.xpath.XPathExpressionException;
 import javax.xml.xpath.XPathFactory;
 import java.io.*;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Locale;
@@ -73,15 +79,15 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
    /**
     * Message Conveyer
     */
-    private final IMessageConveyor MESSAGE_CONVERYOR = new MessageConveyor(Locale.getDefault());
+    private static final IMessageConveyor MESSAGE_CONVERYOR = new MessageConveyor(Locale.getDefault());
    /**
     * LocLoggerFactory for localized logger
     */
-    private final LocLoggerFactory LLFACTORY = new LocLoggerFactory(MESSAGE_CONVERYOR);
+    private static final LocLoggerFactory LLFACTORY = new LocLoggerFactory(MESSAGE_CONVERYOR);
    /**
     * Logger
     */
-    private final LocLogger LOGGER = LLFACTORY.getLocLogger(AssemblyAnalyzer.class);
+    private static final LocLogger LOGGER = LLFACTORY.getLocLogger(AssemblyAnalyzer.class);
    /**
     * Builds the beginnings of a List for ProcessBuilder
@@ -279,6 +285,11 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
        builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
    }
    /**
     * Removes resources used from the local file system.
     *
     * @throws Exception thrown if there is a problem closing the analyzer
     */
    @Override
    public void close() throws Exception {
        super.close();
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java
@@ -103,9 +103,17 @@ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer {
                | Pattern.CASE_INSENSITIVE);
    }
    /**
     * The file filter used to determine which files this analyzer supports.
     */
    private static final FileFilter FILTER = FileFilterBuilder.newInstance().addFilenames(CONFIGURE).addExtensions(
            EXTENSIONS).build();
    /**
     * Returns the FileFilter
     *
     * @return the FileFilter
     */
    @Override
    protected FileFilter getFileFilter() {
        return FILTER;
@@ -126,6 +134,7 @@ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer {
     *
     * @return the phase that the analyzer is intended to run in.
     */
    @Override
    public AnalysisPhase getAnalysisPhase() {
        return ANALYSIS_PHASE;
    }
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java
@@ -25,7 +25,6 @@ import org.owasp.dependencycheck.data.nexus.MavenArtifact;
 import org.owasp.dependencycheck.dependency.Confidence;
 import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.dependency.Evidence;
 import org.owasp.dependencycheck.utils.*;
 import org.owasp.dependencycheck.xml.pom.PomUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -36,6 +35,11 @@ import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.net.URL;
 import java.util.List;
 import org.owasp.dependencycheck.utils.DownloadFailedException;
 import org.owasp.dependencycheck.utils.Downloader;
 import org.owasp.dependencycheck.utils.FileFilterBuilder;
 import org.owasp.dependencycheck.utils.InvalidSettingException;
 import org.owasp.dependencycheck.utils.Settings;
 /**
 * Analyzer which will attempt to locate a dependency, and the GAV information, by querying Central for the dependency's SHA-1
@@ -161,6 +165,9 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
        return ANALYSIS_PHASE;
    }
    /**
     * The file filter used to determine which files this analyzer supports.
     */
    private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(SUPPORTED_EXTENSIONS).build();
    @Override
@@ -228,5 +235,4 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
            errorFlag = true;
        }
    }
 }
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
@@ -164,8 +164,16 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
     */
    private static final String[] EXTENSIONS = {"jar", "war"};
    /**
     * The file filter used to determine which files this analyzer supports.
     */
    private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
    /**
     * Returns the FileFilter.
     *
     * @return the FileFilter
     */
    @Override
    protected FileFilter getFileFilter() {
        return FILTER;
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
@@ -25,7 +25,6 @@ import org.owasp.dependencycheck.data.nexus.NexusSearch;
 import org.owasp.dependencycheck.dependency.Confidence;
 import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.dependency.Evidence;
 import org.owasp.dependencycheck.utils.*;
 import org.owasp.dependencycheck.xml.pom.PomUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -36,6 +35,11 @@ import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.net.MalformedURLException;
 import java.net.URL;
 import org.owasp.dependencycheck.utils.DownloadFailedException;
 import org.owasp.dependencycheck.utils.Downloader;
 import org.owasp.dependencycheck.utils.FileFilterBuilder;
 import org.owasp.dependencycheck.utils.InvalidSettingException;
 import org.owasp.dependencycheck.utils.Settings;
 /**
 * Analyzer which will attempt to locate a dependency on a Nexus service by SHA-1 digest of the dependency.
@@ -181,8 +185,16 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
        return ANALYSIS_PHASE;
    }
    /**
     * The file filter used to determine which files this analyzer supports.
     */
    private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(SUPPORTED_EXTENSIONS).build();
    /**
     * Returns the FileFilter
     *
     * @return the FileFilter
     */
    @Override
    protected FileFilter getFileFilter() {
        return FILTER;
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java
@@ -101,9 +101,17 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
        return ANALYSIS_PHASE;
    }
    /**
     * The file filter used to determine which files this analyzer supports.
     */
    private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(
            SUPPORTED_EXTENSIONS).build();
    /**
     * Returns the FileFilter
     *
     * @return the FileFilter
     */
    @Override
    protected FileFilter getFileFilter() {
        return FILTER;
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java
@@ -26,7 +26,6 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.dependency.Confidence;
 import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.dependency.EvidenceCollection;
 import org.owasp.dependencycheck.utils.*;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -34,6 +33,12 @@ import javax.mail.MessagingException;
 import javax.mail.internet.InternetHeaders;
 import java.io.*;
 import java.util.regex.Pattern;
 import org.owasp.dependencycheck.utils.ExtractionException;
 import org.owasp.dependencycheck.utils.ExtractionUtil;
 import org.owasp.dependencycheck.utils.FileFilterBuilder;
 import org.owasp.dependencycheck.utils.FileUtils;
 import org.owasp.dependencycheck.utils.Settings;
 import org.owasp.dependencycheck.utils.UrlStringUtils;
 /**
 * Used to analyze a Wheel or egg distribution files, or their contents in unzipped form, and collect information that can be used
@@ -112,9 +117,17 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
    private static final NameFileFilter PKG_INFO_FILTER = new NameFileFilter(
            PKG_INFO);
    /**
     * The file filter used to determine which files this analyzer supports.
     */
    private static final FileFilter FILTER = FileFilterBuilder.newInstance().addFileFilters(
            METADATA_FILTER, PKG_INFO_FILTER).addExtensions(EXTENSIONS).build();
    /**
     * Returns the FileFilter
     *
     * @return the FileFilter
     */
    @Override
    protected FileFilter getFileFilter() {
        return FILTER;
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java
@@ -132,8 +132,16 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
        return AnalysisPhase.INFORMATION_COLLECTION;
    }
    /**
     * The file filter used to determine which files this analyzer supports.
     */
    private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
    /**
     * Returns the FileFilter
     *
     * @return the FileFilter
     */
    @Override
    protected FileFilter getFileFilter() {
        return FILTER;
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java
@@ -278,6 +278,15 @@ public final class ConnectionFactory {
        }
    }
    /**
     * Updates the database schema by loading the upgrade script for the version specified. The intended use is that if the
     * current schema version is 2.9 then we would call updateSchema(conn, "2.9"). This would load the upgrade_2.9.sql file and
     * execute it against the database. The upgrade script must update the 'version' in the properties table.
     *
     * @param conn the database connection object
     * @param schema the current schema version that is being upgraded
     * @throws DatabaseException thrown if there is an exception upgrading the database schema
     */
    private static void updateSchema(Connection conn, String schema) throws DatabaseException {
        LOGGER.debug("Updating database structure");
        InputStream is;
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
@@ -34,7 +34,6 @@ import java.util.Map.Entry;
 import java.util.Properties;
 import java.util.ResourceBundle;
 import java.util.Set;
 import java.util.logging.Level;
 import org.owasp.dependencycheck.data.cwe.CweDB;
 import org.owasp.dependencycheck.dependency.Reference;
 import org.owasp.dependencycheck.dependency.Vulnerability;
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CpeUpdater.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CpeUpdater.java
@@ -64,7 +64,7 @@ public class CpeUpdater extends BaseUpdater implements CachedWebDataSource {
            if (updateNeeded()) {
                LOGGER.info("Updating the Common Platform Enumeration (CPE)");
                final File xml = downloadCpe();
-                List<Cpe> cpes = processXML(xml);
+                final List<Cpe> cpes = processXML(xml);
                getCveDB().deleteUnusedCpe();
                for (Cpe cpe : cpes) {
                    getCveDB().addCpe(cpe.getValue(), cpe.getVendor(), cpe.getProduct());
@@ -116,7 +116,7 @@ public class CpeUpdater extends BaseUpdater implements CachedWebDataSource {
        try {
            final SAXParserFactory factory = SAXParserFactory.newInstance();
            final SAXParser saxParser = factory.newSAXParser();
-            CPEHandler handler = new CPEHandler();
+            final CPEHandler handler = new CPEHandler();
            saxParser.parse(xml, handler);
            return handler.getData();
        } catch (ParserConfigurationException ex) {
@@ -137,7 +137,7 @@ public class CpeUpdater extends BaseUpdater implements CachedWebDataSource {
        final Date now = new Date();
        final int days = Settings.getInt(Settings.KEYS.CVE_MODIFIED_VALID_FOR_DAYS, 30);
        long timestamp = 0;
-        String ts = getProperties().getProperty(LAST_CPE_UPDATE);
+        final String ts = getProperties().getProperty(LAST_CPE_UPDATE);
        if (ts != null && ts.matches("^[0-9]+$")) {
            timestamp = Long.parseLong(ts);
        }
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java
@@ -67,7 +67,7 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
    public void update() throws UpdateException {
        try {
            openDataStores();
-            UpdateableNvdCve updateable = getUpdatesNeeded();
+            final UpdateableNvdCve updateable = getUpdatesNeeded();
            if (updateable.isUpdateNeeded()) {
                performUpdate(updateable);
            }
@@ -233,7 +233,8 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
                        } else {
                            long currentTimestamp = 0;
                            try {
-                                currentTimestamp = Long.parseLong(getProperties().getProperty(DatabaseProperties.LAST_UPDATED_BASE + entry.getId(), "0"));
+                                currentTimestamp = Long.parseLong(getProperties().getProperty(DatabaseProperties.LAST_UPDATED_BASE
                                        + entry.getId(), "0"));
                            } catch (NumberFormatException ex) {
                                LOGGER.debug("Error parsing '{}' '{}' from nvdcve.lastupdated",
                                        DatabaseProperties.LAST_UPDATED_BASE, entry.getId(), ex);
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/UpdateService.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/UpdateService.java
@@ -19,7 +19,6 @@ package org.owasp.dependencycheck.data.update;
 import java.util.Iterator;
 import java.util.ServiceLoader;
 import org.owasp.dependencycheck.data.update.CachedWebDataSource;
 /**
 * The CachedWebDataSource Service Loader. This class loads all services that implement
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/cpe/CPEHandler.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/cpe/CPEHandler.java
@@ -18,7 +18,6 @@
 package org.owasp.dependencycheck.data.update.cpe;
 import java.io.UnsupportedEncodingException;
 import java.net.URLDecoder;
 import java.util.ArrayList;
 import java.util.List;
 import org.owasp.dependencycheck.data.update.NvdCveUpdater;
@@ -43,11 +42,11 @@ public class CPEHandler extends DefaultHandler {
    /**
     * The text content of the node being processed. This can be used during the end element event.
     */
-    StringBuilder nodeText = null;
+    private StringBuilder nodeText = null;
    /**
     * A reference to the current element.
     */
-    Element current = new Element();
+    private Element current = new Element();
    /**
     * The logger.
     */
@@ -55,7 +54,7 @@ public class CPEHandler extends DefaultHandler {
    /**
     * The list of CPE values.
     */
-    List<Cpe> data = new ArrayList<Cpe>();
+    private List<Cpe> data = new ArrayList<Cpe>();
    /**
     * Returns the list of CPE values.
@@ -67,7 +66,7 @@ public class CPEHandler extends DefaultHandler {
    }
    /**
-     * Handles the start element event
+     * Handles the start element event.
     *
     * @param uri the elements uri
     * @param localName the local name
@@ -80,12 +79,12 @@ public class CPEHandler extends DefaultHandler {
        nodeText = null;
        current.setNode(qName);
        if (current.isCpeItemNode()) {
-            String temp = attributes.getValue("deprecated");
+            final String temp = attributes.getValue("deprecated");
-            String value = attributes.getValue("name");
+            final String value = attributes.getValue("name");
-            boolean delete = (temp != null && temp.equalsIgnoreCase("true"));
+            final boolean delete = "true".equalsIgnoreCase(temp);
            if (!delete && value.startsWith("cpe:/a:") && value.length() > 7) {
                try {
-                    Cpe cpe = new Cpe(value);
+                    final Cpe cpe = new Cpe(value);
                    data.add(cpe);
                } catch (UnsupportedEncodingException ex) {
                    LOGGER.debug("Unable to parse the CPE", ex);
@@ -230,6 +229,9 @@ public class CPEHandler extends DefaultHandler {
         * A node type in the CPE Schema 2.2
         */
        public static final String TIMESTAMP = "timestamp";
        /**
         * A reference to the current node.
         */
        private String node = null;
        /**
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/cpe/Cpe.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/cpe/Cpe.java
@@ -27,6 +27,13 @@ import org.owasp.dependencycheck.data.update.exception.InvalidDataException;
 */
 public class Cpe {
    /**
     * Constructs a new Cpe Object by parsing the vendor and product from the CPE identifier value.
     *
     * @param value the cpe identifier (cpe:/a:vendor:product:version:....)
     * @throws UnsupportedEncodingException thrown if UTF-8 is not supported
     * @throws InvalidDataException thrown if the CPE provided is not the correct format
     */
    public Cpe(String value) throws UnsupportedEncodingException, InvalidDataException {
        this.value = value;
        final String[] data = value.substring(7).split(":");
@@ -66,7 +73,7 @@ public class Cpe {
    private String vendor;
    /**
-     * Get the value of vendor
+     * Get the value of vendor.
     *
     * @return the value of vendor
     */
@@ -75,7 +82,7 @@ public class Cpe {
    }
    /**
-     * Set the value of vendor
+     * Set the value of vendor.
     *
     * @param vendor new value of vendor
     */
@@ -89,7 +96,7 @@ public class Cpe {
    private String product;
    /**
-     * Get the value of product
+     * Get the value of product.
     *
     * @return the value of product
     */
@@ -98,7 +105,7 @@ public class Cpe {
    }
    /**
-     * Set the value of product
+     * Set the value of product.
     *
     * @param product new value of product
     */
@@ -106,9 +113,13 @@ public class Cpe {
        this.product = product;
    }
    /**
     * Returns the full CPE identifier.
     *
     * @return the full CPE identifier
     */
    @Override
    public String toString() {
        return value;
    }
 }
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/ProcessTask.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/ProcessTask.java
@@ -31,8 +31,6 @@ import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
 import org.owasp.dependencycheck.data.update.exception.UpdateException;
 import org.owasp.dependencycheck.data.update.nvd.NvdCve12Handler;
 import org.owasp.dependencycheck.data.update.nvd.NvdCve20Handler;
 import org.owasp.dependencycheck.dependency.VulnerableSoftware;
 import org.owasp.dependencycheck.utils.Settings;
 import org.slf4j.Logger;
@@ -94,8 +92,8 @@ public class ProcessTask implements Callable<ProcessTask> {
     *
     * @param cveDB the data store object
     * @param filePair the download task that contains the URL references to download
-     * @param settings a reference to the global settings object; this is necessary so that when the thread is started
+     * @param settings a reference to the global settings object; this is necessary so that when the thread is started the
-     * the dependencies have a correct reference to the global settings.
+     * dependencies have a correct reference to the global settings.
     */
    public ProcessTask(final CveDB cveDB, final DownloadTask filePair, Settings settings) {
        this.cveDB = cveDB;
@@ -108,8 +106,8 @@ public class ProcessTask implements Callable<ProcessTask> {
     * Implements the callable interface.
     *
     * @return this object
-     * @throws Exception thrown if there is an exception; note that any UpdateExceptions are simply added to the tasks
+     * @throws Exception thrown if there is an exception; note that any UpdateExceptions are simply added to the tasks exception
-     * exception collection
+     * collection
     */
    @Override
    public ProcessTask call() throws Exception {
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DCResources.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DCResources.java
@@ -22,7 +22,7 @@ import ch.qos.cal10n.Locale;
 import ch.qos.cal10n.LocaleData;
 /**
- * Created by colezlaw on 6/13/15.
+ * @author colezlaw
 */
@BaseName("dependencycheck-resources")
@LocaleData(defaultCharset = "UTF-8",
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java
@@ -17,8 +17,6 @@
 */
 package org.owasp.dependencycheck.utils;
 import static org.owasp.dependencycheck.utils.FileUtils.getFileExtension;
 import java.io.BufferedInputStream;
 import java.io.BufferedOutputStream;
 import java.io.Closeable;
@@ -302,5 +300,4 @@ public final class ExtractionUtil {
            }
        }
    }
 }
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileFilterBuilder.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileFilterBuilder.java
@@ -15,7 +15,6 @@
 *
 * Copyright (c) 2015 Institute for Defense Analyses. All Rights Reserved.
 */
 package org.owasp.dependencycheck.utils;
 import org.apache.commons.io.IOCase;
@@ -25,12 +24,17 @@ import org.apache.commons.io.filefilter.OrFileFilter;
 import org.apache.commons.io.filefilter.SuffixFileFilter;
 import java.io.FileFilter;
-import java.util.*;
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
 /**
- * <p>Utility class for building useful {@link FileFilter} instances for
+ * <p>
- * {@link org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer} implementations. The built filter uses
+ * Utility class for building useful {@link FileFilter} instances for
- * {@link OrFileFilter} to logically OR the given filter conditions. Example usage:</p>
+ * {@link org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer} implementations. The built filter uses {@link OrFileFilter}
 * to logically OR the given filter conditions. Example usage:</p>
 *
 * <pre>
 *     FileFilter filter = FileFilterBuilder.newInstance().addExtensions("jar", "war").build();
@@ -41,13 +45,21 @@ import java.util.*;
 */
 public class FileFilterBuilder {
-    private Set<String> filenames = new HashSet<String>();
+    /**
-    private Set<String> extensions = new HashSet<String>();
+     * A set of filenames to filter.
-    private List<IOFileFilter> fileFilters = new ArrayList<IOFileFilter>();
+     */
    private final Set<String> filenames = new HashSet<String>();
    /**
     * A set of extensions to filter.
     */
    private final Set<String> extensions = new HashSet<String>();
    /**
     * An array list of file filters.
     */
    private final List<IOFileFilter> fileFilters = new ArrayList<IOFileFilter>();
    /**
-     * Create a new instance and return it. This method is for convenience in using the builder pattern within a single
+     * Create a new instance and return it. This method is for convenience in using the builder pattern within a single statement.
     * statement.
     *
     * @return a new builder instance
     */
@@ -111,7 +123,7 @@ public class FileFilterBuilder {
        if (filenames.isEmpty() && extensions.isEmpty() && fileFilters.isEmpty()) {
            throw new IllegalStateException("May only be invoked after at least one add... method has been invoked.");
        }
-        OrFileFilter filter = new OrFileFilter();
+        final OrFileFilter filter = new OrFileFilter();
        if (!filenames.isEmpty()) {
            filter.addFileFilter(new NameFileFilter(new ArrayList<String>(filenames)));
        }