From bcd9fb0be9a22f0e1c865e8c8e241247aa4773a3 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Tue, 7 Apr 2015 06:58:58 -0400
Subject: [PATCH] updated to correctly use utility class PomUtils

Former-commit-id: 4c8cb205df42785aa71fa5f0621a52946000c200
---
 .../analyzer/CentralAnalyzer.java                |  8 ++------
 .../dependencycheck/analyzer/NexusAnalyzer.java  | 16 ++++++----------
 2 files changed, 8 insertions(+), 16 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java
index 244358fa1..4654145f2 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java
@@ -33,7 +33,7 @@ import org.owasp.dependencycheck.data.nexus.MavenArtifact;
 import org.owasp.dependencycheck.dependency.Confidence;
 import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.dependency.Evidence;
-import org.owasp.dependencycheck.jaxb.pom.PomUtils;
+import org.owasp.dependencycheck.xml.pom.PomUtils;
 import org.owasp.dependencycheck.utils.DownloadFailedException;
 import org.owasp.dependencycheck.utils.Downloader;
 import org.owasp.dependencycheck.utils.InvalidSettingException;
@@ -76,10 +76,6 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
      * The searcher itself.
      */
     private CentralSearch searcher;
-    /**
-     * Utility to read POM files.
-     */
-    private PomUtils pomUtil = new PomUtils();
     /**
      * Field indicating if the analyzer is enabled.
      */
@@ -216,7 +212,7 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
                         }
                         LOGGER.fine(String.format("Downloading %s", ma.getPomUrl()));
                         Downloader.fetchFile(new URL(ma.getPomUrl()), pomFile);
-                        pomUtil.analyzePOM(dependency, pomFile);
+                        PomUtils.analyzePOM(dependency, pomFile);
 
                     } catch (DownloadFailedException ex) {
                         final String msg = String.format("Unable to download pom.xml for %s from Central; "
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
index 7d5650db6..e2f2fa107 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
@@ -33,7 +33,7 @@ import org.owasp.dependencycheck.data.nexus.NexusSearch;
 import org.owasp.dependencycheck.dependency.Confidence;
 import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.dependency.Evidence;
-import org.owasp.dependencycheck.jaxb.pom.PomUtils;
+import org.owasp.dependencycheck.xml.pom.PomUtils;
 import org.owasp.dependencycheck.utils.InvalidSettingException;
 import org.owasp.dependencycheck.utils.DownloadFailedException;
 import org.owasp.dependencycheck.utils.Downloader;
@@ -45,10 +45,10 @@ import org.owasp.dependencycheck.utils.Settings;
  * There are two settings which govern this behavior:
  *
  * <ul>
- * <li>{@link org.owasp.dependencycheck.utils.Settings.KEYS#ANALYZER_NEXUS_ENABLED} determines whether this analyzer is
- * even enabled. This can be overridden by setting the system property.</li>
- * <li>{@link org.owasp.dependencycheck.utils.Settings.KEYS#ANALYZER_NEXUS_URL} the URL to a Nexus service to search by
- * SHA-1. There is an expected <code>%s</code> in this where the SHA-1 will get entered.</li>
+ * <li>{@link org.owasp.dependencycheck.utils.Settings.KEYS#ANALYZER_NEXUS_ENABLED} determines whether this analyzer is even
+ * enabled. This can be overridden by setting the system property.</li>
+ * <li>{@link org.owasp.dependencycheck.utils.Settings.KEYS#ANALYZER_NEXUS_URL} the URL to a Nexus service to search by SHA-1.
+ * There is an expected <code>%s</code> in this where the SHA-1 will get entered.</li>
  * </ul>
  *
  * @author colezlaw
@@ -89,10 +89,6 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
      * Field indicating if the analyzer is enabled.
      */
     private final boolean enabled = checkEnabled();
-    /**
-     * Field for doing POM work
-     */
-    private final PomUtils pomUtil = new PomUtils();
 
     /**
      * Determines if this analyzer is enabled
@@ -233,7 +229,7 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
                     }
                     LOGGER.fine(String.format("Downloading %s", ma.getPomUrl()));
                     Downloader.fetchFile(new URL(ma.getPomUrl()), pomFile);
-                    pomUtil.analyzePOM(dependency, pomFile);
+                    PomUtils.analyzePOM(dependency, pomFile);
                 } catch (DownloadFailedException ex) {
                     final String msg = String.format("Unable to download pom.xml for %s from Nexus repository; "
                             + "this could result in undetected CPE/CVEs.", dependency.getFileName());