github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-04-30 20:24:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

sonar, checkstyle, etc. suggested changes

Browse Source
This commit is contained in:
Jeremy Long
2017-06-23 06:26:18 -04:00
parent 9b289e619a
commit b9e9c837c8
13 changed files with 52 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java
View File

@@ -170,7 +170,7 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
"Found project command match with %d groups: %s",
m.groupCount(), m.group(0)));
final String group = m.group(1);
LOGGER.debug("Group 1: " + group);
LOGGER.debug("Group 1: {}", group);
dependency.getProductEvidence().addEvidence(name, "Project",
group, Confidence.HIGH);
}
@@ -202,8 +202,8 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
m.groupCount(), m.group(0));
String product = m.group(1);
final String version = m.group(2);
LOGGER.debug("Group 1: " + product);
LOGGER.debug("Group 2: " + version);
LOGGER.debug("Group 1: {}", product);
LOGGER.debug("Group 2: {}", version);
final String aliasPrefix = "ALIASOF_";
if (product.startsWith(aliasPrefix)) {
product = product.replaceFirst(aliasPrefix, "");
@@ -231,7 +231,7 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
currentDep.getVersionEvidence().addEvidence(source, "Version",
version, Confidence.MEDIUM);
}
LOGGER.debug(String.format("Found %d matches.", count));
LOGGER.debug("Found {} matches.", count);
}
@Override

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java
View File

@@ -103,7 +103,7 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer {
*/
@Override
public void initializeFileTypeAnalyzer() throws InitializationException {
LOGGER.debug("Initializing " + getName());
LOGGER.debug("Initializing {}", getName());
final String searchUrl = Settings.getString(Settings.KEYS.ANALYZER_NSP_URL, DEFAULT_URL);
try {
searcher = new NspSearch(new URL(searchUrl));

26
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
View File

@@ -119,7 +119,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
if (bundleAuditPath != null) {
bundleAudit = new File(bundleAuditPath);
if (!bundleAudit.isFile()) {
LOGGER.warn("Supplied `bundleAudit` path is incorrect: " + bundleAuditPath);
LOGGER.warn("Supplied `bundleAudit` path is incorrect: {}", bundleAuditPath);
bundleAudit = null;
}
}
@@ -129,7 +129,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
final ProcessBuilder builder = new ProcessBuilder(args);
builder.directory(folder);
try {
LOGGER.info("Launching: " + args + " from " + folder);
LOGGER.info("Launching: {} from {}",args, folder);
return builder.start();
} catch (IOException ioe) {
throw new AnalysisException("bundle-audit initialization failure; this error can be ignored if you are not analyzing Ruby. "
@@ -183,7 +183,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
} else {
try (BufferedReader reader = new BufferedReader(new InputStreamReader(process.getErrorStream(), "UTF-8"))) {
if (!reader.ready()) {
LOGGER.warn("Bundle-audit error stream unexpectedly not ready. Disabling " + ANALYZER_NAME);
LOGGER.warn("Bundle-audit error stream unexpectedly not ready. Disabling {}", ANALYZER_NAME);
setEnabled(false);
throw new InitializationException("Bundle-audit error stream unexpectedly not ready.");
} else {
@@ -204,8 +204,8 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
}
if (isEnabled()) {
LOGGER.info(ANALYZER_NAME + " is enabled. It is necessary to manually run \"bundle-audit update\" "
+ "occasionally to keep its database up to date.");
LOGGER.info("{} is enabled. It is necessary to manually run \"bundle-audit update\" "
+ "occasionally to keep its database up to date.",ANALYZER_NAME);
}
}
@@ -274,15 +274,15 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
for (FileTypeAnalyzer analyzer : engine.getFileTypeAnalyzers()) {
if (analyzer instanceof RubyBundlerAnalyzer) {
((RubyBundlerAnalyzer) analyzer).setEnabled(false);
LOGGER.info("Disabled " + RubyBundlerAnalyzer.class.getName() + " to avoid noisy duplicate results.");
LOGGER.info("Disabled {} to avoid noisy duplicate results.",RubyBundlerAnalyzer.class.getName());
} else if (analyzer instanceof RubyGemspecAnalyzer) {
((RubyGemspecAnalyzer) analyzer).setEnabled(false);
LOGGER.info("Disabled " + className + " to avoid noisy duplicate results.");
LOGGER.info("Disabled {} to avoid noisy duplicate results.",className);
failed = false;
}
}
if (failed) {
LOGGER.warn("Did not find " + className + '.');
LOGGER.warn("Did not find {}.",className);
}
needToDisableGemspecAnalyzer = false;
}
@@ -342,7 +342,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
map.put(gem, createDependencyForGem(engine, parentName, fileName, filePath, gem));
}
dependency = map.get(gem);
LOGGER.debug(String.format("bundle-audit (%s): %s", parentName, nextLine));
LOGGER.debug("bundle-audit ({}): {}", parentName, nextLine);
} else if (nextLine.startsWith(VERSION)) {
vulnerability = createVulnerability(parentName, dependency, gem, nextLine);
} else if (nextLine.startsWith(ADVISORY)) {
@@ -380,7 +380,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
if (null != dependency) {
dependency.getVulnerabilities().add(vulnerability); // needed to wait for vulnerability name to avoid NPE
}
LOGGER.debug(String.format("bundle-audit (%s): %s", parentName, nextLine));
LOGGER.debug("bundle-audit ({}): {}", parentName, nextLine);
}
/**
@@ -399,7 +399,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
ref.setUrl(url);
vulnerability.getReferences().add(ref);
}
LOGGER.debug(String.format("bundle-audit (%s): %s", parentName, nextLine));
LOGGER.debug("bundle-audit ({}): {}", parentName, nextLine);
}
/**
@@ -430,7 +430,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
}
vulnerability.setCvssScore(score);
}
LOGGER.debug(String.format("bundle-audit (%s): %s", parentName, nextLine));
LOGGER.debug("bundle-audit ({}): {}", parentName, nextLine);
}
/**
@@ -462,7 +462,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
vulnerability.setCvssConfidentialityImpact("-");
vulnerability.setCvssIntegrityImpact("-");
}
LOGGER.debug(String.format("bundle-audit (%s): %s", parentName, nextLine));
LOGGER.debug("bundle-audit ({}): {}", parentName, nextLine);
return vulnerability;
}

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java
View File

@@ -154,8 +154,7 @@ public final class ConnectionFactory {
try {
conn = DriverManager.getConnection(connectionString, userName, password);
Settings.setString(Settings.KEYS.DB_CONNECTION_STRING, connectionString);
LOGGER.debug(
"Unable to start the database in server mode; reverting to single user mode");
LOGGER.debug("Unable to start the database in server mode; reverting to single user mode");
} catch (SQLException sqlex) {
LOGGER.debug("Unable to connect to the database", ex);
throw new DatabaseException("Unable to connect to the database");

12
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java
View File

@@ -128,14 +128,14 @@ public class NvdCveUpdater implements CachedWebDataSource {
} catch (IOException ex) {
LOGGER.trace("Expected error as another thread has likely locked the file", ex);
} finally {
if (lock==null && ulFile!=null) {
if (lock == null && ulFile != null) {
ulFile.close();
}
}
if (lock == null || !lock.isValid()) {
try {
LOGGER.debug(String.format("Sleeping thread %s for 5 seconds because we could not obtain the update lock.",
Thread.currentThread().getName()));
LOGGER.debug("Sleeping thread {} for 5 seconds because we could not obtain the update lock.",
Thread.currentThread().getName());
Thread.sleep(5000);
} catch (InterruptedException ex) {
LOGGER.trace("ignorable error, sleep was interrupted.", ex);
@@ -161,11 +161,9 @@ public class NvdCveUpdater implements CachedWebDataSource {
} catch (MalformedURLException ex) {
throw new UpdateException("NVD CVE properties files contain an invalid URL, unable to update the data to use the most current data.", ex);
} catch (DownloadFailedException ex) {
LOGGER.warn(
"Unable to download the NVD CVE data; the results may not include the most recent CPE/CVEs from the NVD.");
LOGGER.warn("Unable to download the NVD CVE data; the results may not include the most recent CPE/CVEs from the NVD.");
if (Settings.getString(Settings.KEYS.PROXY_SERVER) == null) {
LOGGER.info(
"If you are behind a proxy you may need to configure dependency-check to use the proxy.");
LOGGER.info("If you are behind a proxy you may need to configure dependency-check to use the proxy.");
}
throw new UpdateException("Unable to download the NVD CVE data.", ex);
} catch (DatabaseException ex) {

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/DownloadTask.java
View File

@@ -169,8 +169,7 @@ public class DownloadTask implements Callable<Future<ProcessTask>> {
} catch (DownloadFailedException ex) {
LOGGER.warn("Download Failed for NVD CVE - {}\nSome CVEs may not be reported.", nvdCveInfo.getId());
if (Settings.getString(Settings.KEYS.PROXY_SERVER) == null) {
LOGGER.info(
"If you are behind a proxy you may need to configure dependency-check to use the proxy.");
LOGGER.info("If you are behind a proxy you may need to configure dependency-check to use the proxy.");
}
LOGGER.debug("", ex);
return null;

9
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java
View File

@@ -263,9 +263,12 @@ public class EvidenceCollection implements Serializable, Iterable<Evidence> {
//TODO consider changing the regex to only compare alpha-numeric (i.e. strip everything else)
String item = e.getValue();
if (item != null) {
final String value = urlCorrection(item.toLowerCase()).replaceAll("[\\s_-]", "");
if (value.contains(textToTest)) {
return true;
final String uc = urlCorrection(item.toLowerCase());
if (uc != null) {
final String value = uc.replaceAll("[\\s_-]", "");
if (value.contains(textToTest)) {
return true;
}
}
}
}

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java
View File

@@ -538,6 +538,7 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
/**
* Retruns the source that identified the vulnerability.
*
* @return the source
*/
public Source getSource() {
@@ -546,6 +547,7 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
/**
* Sets the source that identified the vulnerability.
*
* @param source the source
*/
public void setSource(Source source) {

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/UrlStringUtils.java
View File

@@ -31,6 +31,7 @@ import java.util.regex.Pattern;
* @author Jeremy Long
*/
public final class UrlStringUtils {
/**
* A regular expression to test if a string contains a URL.
*/
@@ -51,6 +52,7 @@ public final class UrlStringUtils {
*/
private UrlStringUtils() {
}
/**
* Tests if the text provided contains a URL. This is somewhat limited
* search in that it only looks for (ftp|http|https)://

12
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java
View File

@@ -197,37 +197,37 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
return;
}
List<Dependency> dependencies = engine.getDependencies();
LOGGER.info(dependencies.size() + " dependencies found.");
LOGGER.info("{} dependencies found.", dependencies.size());
Iterator<Dependency> dIterator = dependencies.iterator();
while (dIterator.hasNext()) {
Dependency dept = dIterator.next();
LOGGER.info("dept path: " + dept.getActualFilePath());
LOGGER.info("dept path: {}", dept.getActualFilePath());
Set<Identifier> identifiers = dept.getIdentifiers();
Iterator<Identifier> idIterator = identifiers.iterator();
while (idIterator.hasNext()) {
Identifier id = idIterator.next();
LOGGER.info(" Identifier: " + id.getValue() + ", type=" + id.getType() + ", url=" + id.getUrl() + ", conf=" + id.getConfidence());
LOGGER.info(" Identifier: {}, type={}, url={}, conf={}", id.getValue(), id.getType(), id.getUrl(), id.getConfidence());
}
Set<Evidence> prodEv = dept.getProductEvidence().getEvidence();
Iterator<Evidence> it = prodEv.iterator();
while (it.hasNext()) {
Evidence e = it.next();
LOGGER.info(" prod: name=" + e.getName() + ", value=" + e.getValue() + ", source=" + e.getSource() + ", confidence=" + e.getConfidence());
LOGGER.info(" prod: name={}, value={}, source={}, confidence={}", e.getName(), e.getValue(), e.getSource(), e.getConfidence());
}
Set<Evidence> versionEv = dept.getVersionEvidence().getEvidence();
Iterator<Evidence> vIt = versionEv.iterator();
while (vIt.hasNext()) {
Evidence e = vIt.next();
LOGGER.info(" version: name=" + e.getName() + ", value=" + e.getValue() + ", source=" + e.getSource() + ", confidence=" + e.getConfidence());
LOGGER.info(" version: name={}, value={}, source={}, confidence={}", e.getName(), e.getValue(), e.getSource(), e.getConfidence());
}
Set<Evidence> vendorEv = dept.getVendorEvidence().getEvidence();
Iterator<Evidence> vendorIt = vendorEv.iterator();
while (vendorIt.hasNext()) {
Evidence e = vendorIt.next();
LOGGER.info(" vendor: name=" + e.getName() + ", value=" + e.getValue() + ", source=" + e.getSource() + ", confidence=" + e.getConfidence());
LOGGER.info(" vendor: name={}, value={}, source={}, confidence={}", e.getName(), e.getValue(), e.getSource(), e.getConfidence());
}
}
}