From b6b070584f79132bba0b3223fc859bbcaa656ffc Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sat, 30 Aug 2014 15:19:52 -0400 Subject: [PATCH] checkstyle corrections, added javadoc, etc. Former-commit-id: 2b806cb8527a627d400644465bcf9f04d687d729 --- .../maven/DependencyCheckMojo.java | 73 ++++++++++-------- .../maven/ReportAggregationMojo.java | 77 +++++++++++++++---- .../dependencycheck/maven/ReportingUtil.java | 15 ++-- 3 files changed, 114 insertions(+), 51 deletions(-) diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java index 6797df8a1..529ea19e7 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java @@ -68,7 +68,7 @@ public class DependencyCheckMojo extends ReportAggregationMojo { /** * Logger field reference. */ - private static final Logger logger = Logger.getLogger(DependencyCheckMojo.class.getName()); + private static final Logger LOGGER = Logger.getLogger(DependencyCheckMojo.class.getName()); /** * The properties file location. */ @@ -312,7 +312,7 @@ public class DependencyCheckMojo extends ReportAggregationMojo { * @throws DatabaseException thrown if there is an exception connecting to the database */ private Engine executeDependencyCheck(MavenProject project) throws DatabaseException { - Engine localEngine = initializeEngine(); + final Engine localEngine = initializeEngine(); final Set artifacts = project.getArtifacts(); for (Artifact a : artifacts) { @@ -327,6 +327,12 @@ public class DependencyCheckMojo extends ReportAggregationMojo { return localEngine; } + /** + * Initializes a new Engine that can be used for scanning. + * + * @return a newly instantiated Engine + * @throws DatabaseException thrown if there is a database exception + */ private Engine initializeEngine() throws DatabaseException { populateSettings(); final Engine localEngine = new Engine(); @@ -364,14 +370,14 @@ public class DependencyCheckMojo extends ReportAggregationMojo { mojoProperties = this.getClass().getClassLoader().getResourceAsStream(PROPERTIES_FILE); Settings.mergeProperties(mojoProperties); } catch (IOException ex) { - logger.log(Level.WARNING, "Unable to load the dependency-check ant task.properties file."); - logger.log(Level.FINE, null, ex); + LOGGER.log(Level.WARNING, "Unable to load the dependency-check ant task.properties file."); + LOGGER.log(Level.FINE, null, ex); } finally { if (mojoProperties != null) { try { mojoProperties.close(); } catch (IOException ex) { - logger.log(Level.FINEST, null, ex); + LOGGER.log(Level.FINEST, null, ex); } } } @@ -379,7 +385,7 @@ public class DependencyCheckMojo extends ReportAggregationMojo { Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate); if (proxyUrl != null && !proxyUrl.isEmpty()) { - logger.warning("Deprecated configuration detected, proxyUrl will be ignored; use the maven settings to configure the proxy instead"); + LOGGER.warning("Deprecated configuration detected, proxyUrl will be ignored; use the maven settings to configure the proxy instead"); } final Proxy proxy = getMavenProxy(); @@ -485,7 +491,7 @@ public class DependencyCheckMojo extends ReportAggregationMojo { } else if (proxies.size() == 1) { return proxies.get(0); } else { - logger.warning("Multiple proxy defentiions exist in the Maven settings. In the dependency-check " + LOGGER.warning("Multiple proxy defentiions exist in the Maven settings. In the dependency-check " + "configuration set the maveSettingsProxyId so that the correct proxy will be used."); throw new IllegalStateException("Ambiguous proxy definition"); } @@ -513,9 +519,9 @@ public class DependencyCheckMojo extends ReportAggregationMojo { checkForFailure(engine.getDependencies()); } } catch (DatabaseException ex) { - logger.log(Level.SEVERE, + LOGGER.log(Level.SEVERE, "Unable to connect to the dependency-check database; analysis has stopped"); - logger.log(Level.FINE, "", ex); + LOGGER.log(Level.FINE, "", ex); } } @@ -537,6 +543,9 @@ public class DependencyCheckMojo extends ReportAggregationMojo { } } + /** + * Calls engine.cleanup() to release resources. + */ private void cleanupEngine() { if (engine != null) { engine.cleanup(); @@ -554,7 +563,7 @@ public class DependencyCheckMojo extends ReportAggregationMojo { @Override protected void executeNonAggregateReport(Locale locale) throws MavenReportException { - List deps = readDataFile(); + final List deps = readDataFile(); if (deps != null) { try { engine = initializeEngine(); @@ -584,14 +593,16 @@ public class DependencyCheckMojo extends ReportAggregationMojo { engine = initializeEngine(); engine.getDependencies().addAll(deps); } catch (DatabaseException ex) { - final String msg = String.format("An unrecoverable exception with the dependency-check initialization occured while scanning %s", project.getName()); + final String msg = String.format("An unrecoverable exception with the dependency-check initialization occured while scanning %s", + project.getName()); throw new MavenReportException(msg, ex); } } else { try { engine = executeDependencyCheck(project); } catch (DatabaseException ex) { - final String msg = String.format("An unrecoverable exception with the dependency-check scan occured while scanning %s", project.getName()); + final String msg = String.format("An unrecoverable exception with the dependency-check scan occured while scanning %s", + project.getName()); throw new MavenReportException(msg, ex); } } @@ -599,19 +610,19 @@ public class DependencyCheckMojo extends ReportAggregationMojo { deps = readDataFile(child); if (deps == null) { final String msg = String.format("Unable to include information on %s in the dependency-check aggregate report", child.getName()); - logger.severe(msg); + LOGGER.severe(msg); } else { engine.getDependencies().addAll(deps); } } - DependencyBundlingAnalyzer bundler = new DependencyBundlingAnalyzer(); + final DependencyBundlingAnalyzer bundler = new DependencyBundlingAnalyzer(); try { bundler.analyze(null, engine); } catch (AnalysisException ex) { - logger.log(Level.WARNING, "An error occured grouping the dependencies; duplicate entries may exist in the report", ex); - logger.log(Level.FINE, "Bundling Exception", ex); + LOGGER.log(Level.WARNING, "An error occured grouping the dependencies; duplicate entries may exist in the report", ex); + LOGGER.log(Level.FINE, "Bundling Exception", ex); } - File outputDir = getReportOutputDirectory(project); + final File outputDir = getReportOutputDirectory(project); if (outputDir != null) { ReportingUtil.generateExternalReports(engine, outputDir, project.getName(), format); } @@ -632,7 +643,7 @@ public class DependencyCheckMojo extends ReportAggregationMojo { } else if ("VULN".equalsIgnoreCase(this.format)) { return "dependency-check-vulnerability"; } else { - logger.log(Level.WARNING, "Unknown report format used during site generation."); + LOGGER.log(Level.WARNING, "Unknown report format used during site generation."); return "dependency-check-report"; } } @@ -686,7 +697,7 @@ public class DependencyCheckMojo extends ReportAggregationMojo { } else { msg = "No project dependencies exist - dependency-check:check is unable to generate a report."; } - logger.warning(msg); + LOGGER.warning(msg); } return false; @@ -788,7 +799,7 @@ public class DependencyCheckMojo extends ReportAggregationMojo { final String msg = String.format("%n%n" + "One or more dependencies were identified with known vulnerabilities:%n%n%s" + "%n%nSee the dependency-check report for more details.%n%n", summary.toString()); - logger.log(Level.WARNING, msg); + LOGGER.log(Level.WARNING, msg); } } // @@ -805,9 +816,9 @@ public class DependencyCheckMojo extends ReportAggregationMojo { if (engine != null && getProject().getContextValue(this.getDataFileContextKey()) == null) { file = new File(getProject().getBuild().getDirectory(), getDataFileName()); try { - OutputStream os = new FileOutputStream(file); - OutputStream bos = new BufferedOutputStream(os); - ObjectOutput out = new ObjectOutputStream(bos); + final OutputStream os = new FileOutputStream(file); + final OutputStream bos = new BufferedOutputStream(os); + final ObjectOutput out = new ObjectOutputStream(bos); try { out.writeObject(engine.getDependencies()); out.flush(); @@ -816,9 +827,9 @@ public class DependencyCheckMojo extends ReportAggregationMojo { } //getProject().setContextValue(this.getDataFileContextKey(), file.getAbsolutePath()); } catch (IOException ex) { - logger.log(Level.WARNING, "Unable to create data file used for report aggregation; " + LOGGER.log(Level.WARNING, "Unable to create data file used for report aggregation; " + "if report aggregation is being used the results may be incomplete."); - logger.log(Level.FINE, ex.getMessage(), ex); + LOGGER.log(Level.FINE, ex.getMessage(), ex); } } return file; @@ -844,29 +855,29 @@ public class DependencyCheckMojo extends ReportAggregationMojo { * null is returned */ protected List readDataFile(MavenProject project) { - Object oPath = project.getContextValue(this.getDataFileContextKey()); + final Object oPath = project.getContextValue(this.getDataFileContextKey()); if (oPath == null) { return null; } List ret = null; - String path = (String) oPath; + final String path = (String) oPath; ObjectInputStream ois = null; try { ois = new ObjectInputStream(new FileInputStream(path)); ret = (List) ois.readObject(); } catch (FileNotFoundException ex) { //TODO fix logging - logger.log(Level.SEVERE, null, ex); + LOGGER.log(Level.SEVERE, null, ex); } catch (IOException ex) { - logger.log(Level.SEVERE, null, ex); + LOGGER.log(Level.SEVERE, null, ex); } catch (ClassNotFoundException ex) { - logger.log(Level.SEVERE, null, ex); + LOGGER.log(Level.SEVERE, null, ex); } finally { if (ois != null) { try { ois.close(); } catch (IOException ex) { - logger.log(Level.SEVERE, null, ex); + LOGGER.log(Level.SEVERE, null, ex); } } } diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/ReportAggregationMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/ReportAggregationMojo.java index eed113cac..a1b49aeb1 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/ReportAggregationMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/ReportAggregationMojo.java @@ -68,7 +68,7 @@ public abstract class ReportAggregationMojo extends AbstractMojo implements Mave /** * Logger field reference. */ - private static final Logger logger = Logger.getLogger(ReportAggregationMojo.class.getName()); + private static final Logger LOGGER = Logger.getLogger(ReportAggregationMojo.class.getName()); /** * List of Maven project of the current build @@ -114,8 +114,14 @@ public abstract class ReportAggregationMojo extends AbstractMojo implements Mave return reportOutputDirectory; } + /** + * Returns the output directory for the given project. + * + * @param project the Maven project to get the output directory for + * @return the output directory for the given project + */ public File getReportOutputDirectory(MavenProject project) { - Object o = project.getContextValue(getOutputDirectoryContextKey()); + final Object o = project.getContextValue(getOutputDirectoryContextKey()); if (o != null && o instanceof File) { return (File) o; } @@ -135,29 +141,67 @@ public abstract class ReportAggregationMojo extends AbstractMojo implements Mave /** * The collection of child projects. */ - private final Map< MavenProject, Set> projectChildren = new HashMap>(); + private final Map> projectChildren = new HashMap>(); + /** + * Called before execute; allows for any setup that is needed. If this is overridden you must call + * super.preExecute(). + * + * @throws MojoExecutionException thrown if there is an issue executing the mojo + * @throws MojoFailureException thrown if there is an issue executing the mojo + */ protected void preExecute() throws MojoExecutionException, MojoFailureException { buildAggregateInfo(); } + /** + * Called when the mojo is being executed. + * + * @throws MojoExecutionException thrown if there is an issue executing the mojo + * @throws MojoFailureException thrown if there is an issue executing the mojo + */ protected abstract void performExecute() throws MojoExecutionException, MojoFailureException; + /** + * Runs after the mojo has executed. This implementation will call writeDataFile(). As such, it is + * important that if this method is overriden that super.postExecute() is called. + * + * @throws MojoExecutionException thrown if there is an issue executing the mojo + * @throws MojoFailureException thrown if there is an issue executing the mojo + */ protected void postExecute() throws MojoExecutionException, MojoFailureException { - File written = writeDataFile(); + final File written = writeDataFile(); if (written != null) { project.setContextValue(getDataFileContextKey(), written.getAbsolutePath()); } } + /** + * Returns the key used to store the path to the data file that is saved by writeDataFile(). This key + * is used in the MavenProject.(set|get)ContextValue. + * + * @return the key used to store the path to the data file + */ protected String getDataFileContextKey() { return "dependency-check-path-" + this.getDataFileName(); } + /** + * Returns the key used to store the path to the output directory. When generating the report in the + * executeAggregateReport() the output directory should be obtained by using this key. + * + * @return the key used to store the path to the output directory + */ protected String getOutputDirectoryContextKey() { return "dependency-output-dir-" + this.getDataFileName(); } + /** + * Is called by Maven to execute the mojo. + * + * @throws MojoExecutionException thrown if there is an issue executing the mojo + * @throws MojoFailureException thrown if there is an issue executing the mojo + */ public final void execute() throws MojoExecutionException, MojoFailureException { try { preExecute(); @@ -184,7 +228,7 @@ public abstract class ReportAggregationMojo extends AbstractMojo implements Mave * @throws MavenReportException if a maven report exception occurs */ protected void postGenerate() throws MavenReportException { - File written = writeDataFile(); + final File written = writeDataFile(); if (written != null) { project.setContextValue(getDataFileContextKey(), written.getAbsolutePath()); } @@ -308,12 +352,12 @@ public abstract class ReportAggregationMojo extends AbstractMojo implements Mave * @return a list of child projects */ protected List getAllChildren(MavenProject parentProject) { - Set children = projectChildren.get(parentProject); + final Set children = projectChildren.get(parentProject); if (children == null) { return Collections.emptyList(); } - List result = new ArrayList(); + final List result = new ArrayList(); for (MavenProject child : children) { if (isMultiModule(child)) { result.addAll(getAllChildren(child)); @@ -324,8 +368,14 @@ public abstract class ReportAggregationMojo extends AbstractMojo implements Mave return result; } + /** + * Returns a list of data files that were produced by the direct children of the given MavenProject. + * + * @param project the Maven project to obtain the child data files from + * @return a list of the data files + */ protected List getAllChildDataFiles(MavenProject project) { - List children = getAllChildren(project); + final List children = getAllChildren(project); return getDataFiles(children); } @@ -336,13 +386,13 @@ public abstract class ReportAggregationMojo extends AbstractMojo implements Mave * @return a list of output files */ protected List getDataFiles(List projects) { - List files = new ArrayList(); + final List files = new ArrayList(); for (MavenProject proj : projects) { - Object path = project.getContextValue(getDataFileContextKey()); + final Object path = project.getContextValue(getDataFileContextKey()); if (path == null) { final String msg = String.format("Unable to aggregate data for '%s' - aggregate data file was not generated", proj.getName()); - logger.warning(msg); + LOGGER.warning(msg); } else { File outputFile = new File((String) path); if (outputFile.exists()) { @@ -351,7 +401,7 @@ public abstract class ReportAggregationMojo extends AbstractMojo implements Mave if (!isMultiModule(project)) { final String msg = String.format("Unable to aggregate data for '%s' - missing data file '%s'", proj.getName(), outputFile.getPath()); - logger.warning(msg); + LOGGER.warning(msg); } } } @@ -372,7 +422,6 @@ public abstract class ReportAggregationMojo extends AbstractMojo implements Mave /** * Test if the current project has pom packaging * - * @param mavenProject Project to test * @return true if it has a pom packaging; otherwise false */ protected boolean isMultiModule() { @@ -405,7 +454,7 @@ public abstract class ReportAggregationMojo extends AbstractMojo implements Mave * defined then the abstract class (i.e. this class) will not have access to the current project (just the way Maven * works with the binding). * - * @return + * @return returns a reference to the current project */ protected MavenProject getProject() { return project; diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/ReportingUtil.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/ReportingUtil.java index 04495db4e..d26e9b18e 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/ReportingUtil.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/ReportingUtil.java @@ -50,7 +50,7 @@ final class ReportingUtil { /** * Logger field reference. */ - private static final Logger logger = Logger.getLogger(ReportingUtil.class.getName()); + private static final Logger LOGGER = Logger.getLogger(ReportingUtil.class.getName()); /** * Empty private constructor for this utility class. @@ -63,6 +63,8 @@ final class ReportingUtil { * * @param engine a dependency-check engine * @param outDirectory the directory to write the reports to + * @param projectName the name of the project that a report is being generated for + * @param format the format of the report to generate */ static void generateExternalReports(Engine engine, File outDirectory, String projectName, String format) { DatabaseProperties prop = null; @@ -72,7 +74,7 @@ final class ReportingUtil { cve.open(); prop = cve.getDatabaseProperties(); } catch (DatabaseException ex) { - logger.log(Level.FINE, "Unable to retrieve DB Properties", ex); + LOGGER.log(Level.FINE, "Unable to retrieve DB Properties", ex); } finally { if (cve != null) { cve.close(); @@ -82,13 +84,13 @@ final class ReportingUtil { try { r.generateReports(outDirectory.getCanonicalPath(), format); } catch (IOException ex) { - logger.log(Level.SEVERE, + LOGGER.log(Level.SEVERE, "Unexpected exception occurred during analysis; please see the verbose error log for more details."); - logger.log(Level.FINE, null, ex); + LOGGER.log(Level.FINE, null, ex); } catch (Throwable ex) { - logger.log(Level.SEVERE, + LOGGER.log(Level.SEVERE, "Unexpected exception occurred during analysis; please see the verbose error log for more details."); - logger.log(Level.FINE, null, ex); + LOGGER.log(Level.FINE, null, ex); } } @@ -97,6 +99,7 @@ final class ReportingUtil { * * @param engine the engine used to scan the dependencies * @param sink the sink to write the data to + * @param projectName the name of the project */ static void generateMavenSiteReport(final Engine engine, Sink sink, String projectName) { final List dependencies = engine.getDependencies();