diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java index d25ad57de..291c011bc 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java @@ -173,10 +173,10 @@ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer { } } else { // copy, alter and set in case some other thread is iterating over - final List deps = new ArrayList( + final List dependencies = new ArrayList( engine.getDependencies()); - deps.remove(dependency); - engine.setDependencies(deps); + dependencies.remove(dependency); + engine.setDependencies(dependencies); } } @@ -225,7 +225,7 @@ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer { contents = FileUtils.readFileToString(actualFile).trim(); } catch (IOException e) { throw new AnalysisException( - "Problem occured while reading dependency file.", e); + "Problem occurred while reading dependency file.", e); } return contents; } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java index ff2064d91..c89aaed6f 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java @@ -53,7 +53,7 @@ import org.owasp.dependencycheck.utils.UrlStringUtils; public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer { /** - * Name of egg metatdata files to analyze. + * Name of egg metadata files to analyze. */ private static final String PKG_INFO = "PKG-INFO"; @@ -269,10 +269,8 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer { * * @param dependency the dependency being analyzed * @param file a reference to the manifest/properties file - * @throws AnalysisException thrown when there is an error */ - private static void collectWheelMetadata(Dependency dependency, File file) - throws AnalysisException { + private static void collectWheelMetadata(Dependency dependency, File file) { final InternetHeaders headers = getManifestProperties(file); addPropertyToEvidence(headers, dependency.getVersionEvidence(), "Version", Confidence.HIGHEST); @@ -352,7 +350,7 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer { } /** - * Retrieves the next temporary destingation directory for extracting an archive. + * Retrieves the next temporary destination directory for extracting an archive. * * @return a directory * @throws AnalysisException thrown if unable to create temporary directory diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java index 8f909614b..f5d27e981 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java @@ -28,13 +28,10 @@ import org.owasp.dependencycheck.dependency.EvidenceCollection; import org.owasp.dependencycheck.utils.FileFilterBuilder; import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.utils.UrlStringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import java.io.File; import java.io.FileFilter; import java.io.IOException; -import java.net.MalformedURLException; import java.util.ArrayList; import java.util.List; import java.util.regex.Matcher; @@ -53,12 +50,6 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer { private static final int REGEX_OPTIONS = Pattern.DOTALL | Pattern.CASE_INSENSITIVE; - /** - * The logger. - */ - private static final Logger LOGGER = LoggerFactory - .getLogger(PythonPackageAnalyzer.class); - /** * Filename extensions for files to be analyzed. */ @@ -173,7 +164,7 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer { * Analyzes python packages and adds evidence to the dependency. * * @param dependency the dependency being analyzed - * @param engine the engine being used to perform the scan + * @param engine the engine being used to perform the scan * @throws AnalysisException thrown if there is an unrecoverable error analyzing the dependency */ @Override @@ -184,8 +175,8 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer { final String parentName = parent.getName(); boolean found = false; if (INIT_PY_FILTER.accept(file)) { - for (final File sourcefile : parent.listFiles(PY_FILTER)) { - found |= analyzeFileContents(dependency, sourcefile); + for (final File sourceFile : parent.listFiles(PY_FILTER)) { + found |= analyzeFileContents(dependency, sourceFile); } } if (found) { @@ -194,10 +185,10 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer { "PackageName", parentName, Confidence.MEDIUM); } else { // copy, alter and set in case some other thread is iterating over - final List deps = new ArrayList( + final List dependencies = new ArrayList( engine.getDependencies()); - deps.remove(dependency); - engine.setDependencies(deps); + dependencies.remove(dependency); + engine.setDependencies(dependencies); } } @@ -206,7 +197,7 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer { * __summary__, __uri__, __url__, __home*page__, __author__, and their all caps equivalents. * * @param dependency the dependency being analyzed - * @param file the file name to analyze + * @param file the file name to analyze * @return whether evidence was found * @throws AnalysisException thrown if there is an unrecoverable error */ @@ -238,14 +229,10 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer { .getVendorEvidence(); found |= gatherEvidence(AUTHOR_PATTERN, contents, source, vendorEvidence, "SourceAuthor", Confidence.MEDIUM); - try { - found |= gatherHomePageEvidence(URI_PATTERN, vendorEvidence, - source, "URL", contents); - found |= gatherHomePageEvidence(HOMEPAGE_PATTERN, - vendorEvidence, source, "HomePage", contents); - } catch (MalformedURLException e) { - LOGGER.warn(e.getMessage()); - } + found |= gatherHomePageEvidence(URI_PATTERN, vendorEvidence, + source, "URL", contents); + found |= gatherHomePageEvidence(HOMEPAGE_PATTERN, + vendorEvidence, source, "HomePage", contents); } return found; } @@ -254,15 +241,15 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer { * Adds summary information to the dependency * * @param dependency the dependency being analyzed - * @param pattern the pattern used to perform analysis - * @param group the group from the pattern that indicates the data to use - * @param contents the data being analyzed - * @param source the source name to use when recording the evidence - * @param key the key name to use when recording the evidence + * @param pattern the pattern used to perform analysis + * @param group the group from the pattern that indicates the data to use + * @param contents the data being analyzed + * @param source the source name to use when recording the evidence + * @param key the key name to use when recording the evidence * @return true if evidence was collected; otherwise false */ private boolean addSummaryInfo(Dependency dependency, Pattern pattern, - int group, String contents, String source, String key) { + int group, String contents, String source, String key) { final Matcher matcher = pattern.matcher(contents); final boolean found = matcher.find(); if (found) { @@ -275,17 +262,16 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer { /** * Collects evidence from the home page URL. * - * @param pattern the pattern to match + * @param pattern the pattern to match * @param evidence the evidence collection to add the evidence to - * @param source the source of the evidence - * @param name the name of the evidence + * @param source the source of the evidence + * @param name the name of the evidence * @param contents the home page URL * @return true if evidence was collected; otherwise false - * @throws MalformedURLException thrown if the URL is malformed */ private boolean gatherHomePageEvidence(Pattern pattern, - EvidenceCollection evidence, String source, String name, - String contents) throws MalformedURLException { + EvidenceCollection evidence, String source, String name, + String contents) { final Matcher matcher = pattern.matcher(contents); boolean found = false; if (matcher.find()) { @@ -299,19 +285,19 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer { } /** - * Gather evidence from a Python source file usin the given string assignment regex pattern. + * Gather evidence from a Python source file using the given string assignment regex pattern. * - * @param pattern to scan contents with - * @param contents of Python source file - * @param source for storing evidence - * @param evidence to store evidence in - * @param name of evidence + * @param pattern to scan contents with + * @param contents of Python source file + * @param source for storing evidence + * @param evidence to store evidence in + * @param name of evidence * @param confidence in evidence * @return whether evidence was found */ private boolean gatherEvidence(Pattern pattern, String contents, - String source, EvidenceCollection evidence, String name, - Confidence confidence) { + String source, EvidenceCollection evidence, String name, + Confidence confidence) { final Matcher matcher = pattern.matcher(contents); final boolean found = matcher.find(); if (found) { diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzerTest.java index c5fcc289e..f0ee9f7ac 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzerTest.java @@ -39,10 +39,10 @@ public class OpenSSLAnalyzerTest extends BaseTest { /** * The package analyzer to test. */ - OpenSSLAnalyzer analyzer; + private OpenSSLAnalyzer analyzer; /** - * Setup the PtyhonPackageAnalyzer. + * Setup the {@link OpenSSLAnalyzer}. * * @throws Exception if there is a problem */ diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java index ded6cb20b..954d02274 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java @@ -40,7 +40,7 @@ public class PythonDistributionAnalyzerTest extends BaseTest { /** * The analyzer to test. */ - PythonDistributionAnalyzer analyzer; + private PythonDistributionAnalyzer analyzer; /** * Correctly setup the analyzer for testing. diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzerTest.java index b132c2ec8..82bb3af09 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzerTest.java @@ -40,10 +40,10 @@ public class PythonPackageAnalyzerTest extends BaseTest { /** * The package analyzer to test. */ - PythonPackageAnalyzer analyzer; + private PythonPackageAnalyzer analyzer; /** - * Setup the PtyhonPackageAnalyzer. + * Setup the {@link PythonPackageAnalyzer}. * * @throws Exception if there is a problem */ @@ -85,14 +85,9 @@ public class PythonPackageAnalyzerTest extends BaseTest { @Test public void testAnalyzeSourceMetadata() throws AnalysisException { - eggtestAssertions(this, - "python/eggtest/__init__.py"); - } - - public void eggtestAssertions(Object context, final String resource) throws AnalysisException { boolean found = false; final Dependency result = new Dependency(BaseTest.getResourceAsFile( - context, resource)); + this, "python/eggtest/__init__.py")); analyzer.analyze(result, null); assertTrue("Expected vendor evidence to contain \"example\".", result .getVendorEvidence().toString().contains("example")); @@ -104,4 +99,5 @@ public class PythonPackageAnalyzerTest extends BaseTest { } assertTrue("Version 0.0.1 not found in EggTest dependency.", found); } + }