checkstyle corrections

dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java

@@ -18,7 +18,6 @@
 package org.owasp.dependencycheck.taskdefs;
 
 import java.io.File;
-import java.io.IOException;
 import java.util.List;
 import org.apache.tools.ant.BuildException;
 import org.apache.tools.ant.Project;

dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java

@@ -78,7 +78,7 @@ public class Purge extends Task {
     private boolean failOnError = true;
 
     /**
-     * Get the value of failOnError
+     * Get the value of failOnError.
      *
      * @return the value of failOnError
      */
@@ -87,7 +87,7 @@ public class Purge extends Task {
     }
 
     /**
-     * Set the value of failOnError
+     * Set the value of failOnError.
      *
      * @param failOnError new value of failOnError
      */

dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java

@@ -37,7 +37,6 @@ import org.owasp.dependencycheck.utils.Settings;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import ch.qos.logback.core.FileAppender;
-import java.util.logging.Level;
 import org.owasp.dependencycheck.data.update.exception.UpdateException;
 import org.owasp.dependencycheck.exception.ExceptionCollection;
 import org.owasp.dependencycheck.exception.ReportException;
@@ -77,6 +76,7 @@ public class App {
      * Main CLI entry-point into the application.
      *
      * @param args the command line arguments
+     * @return the exit code to return
      */
     public int run(String[] args) {
         int exitCode = 0;
@@ -170,10 +170,10 @@ public class App {
                 exitCode = -12;
             } catch (ExceptionCollection ex) {
                 if (ex.isFatal()) {
-                    exitCode =-13;
+                    exitCode = -13;
                     LOGGER.error("One or more fatal errors occured");
                 } else {
-                    exitCode =-14;
+                    exitCode = -14;
                 }
                 for (Throwable e : ex.getExceptions()) {
                     LOGGER.error(e.getMessage());
@@ -301,6 +301,10 @@ public class App {
 
     /**
      * Only executes the update phase of dependency-check.
+     *
+     * @throws UpdateException thrown if there is an error updating
+     * @throws DatabaseException thrown if a fatal error occurred and a
+     * connection to the database could not be established
      */
     private void runUpdateOnly() throws UpdateException, DatabaseException {
         Engine engine = null;

dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java

@@ -333,7 +333,7 @@ public class Engine implements FileFilter {
      * during analysis
      */
     public void analyzeDependencies() throws ExceptionCollection {
-        List<Throwable> exceptions = new ArrayList<Throwable>();
+        final List<Throwable> exceptions = new ArrayList<Throwable>();
         boolean autoUpdate = true;
         try {
             autoUpdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE);
@@ -359,7 +359,7 @@ public class Engine implements FileFilter {
             LOGGER.error("{}\n\nUnable to continue dependency-check analysis.", ex.getMessage());
             LOGGER.debug("", ex);
             exceptions.add(ex);
-            throw new ExceptionCollection("Unable to continue dependency-check analysis.",exceptions, true);
+            throw new ExceptionCollection("Unable to continue dependency-check analysis.", exceptions, true);
         } catch (DatabaseException ex) {
             LOGGER.error("{}\n\nUnable to continue dependency-check analysis.", ex.getMessage());
             LOGGER.debug("", ex);
@@ -480,7 +480,7 @@ public class Engine implements FileFilter {
      * Cycles through the cached web data sources and calls update on all of
      * them.
      *
-     * @throws UpdateException
+     * @throws UpdateException thrown if the operation fails
      */
     public void doUpdates() throws UpdateException {
         LOGGER.info("Checking for updates");

dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java

@@ -845,8 +845,8 @@ public class DependencyCheckScanAgent {
      * Executes the Dependency-Check on the dependent libraries.
      *
      * @return the Engine used to scan the dependencies.
-     * @throws org.owasp.dependencycheck.data.nvdcve.DatabaseException thrown if
+     * @throws ExceptionCollection a collection of one or more exceptions that
-     * there is an exception connecting to the database
+     * occurred during analysis.
      */
     private Engine executeDependencyCheck() throws ExceptionCollection {
         populateSettings();

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java

@@ -367,7 +367,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
             final String archiveExt = FileUtils.getFileExtension(archive.getName()).toLowerCase();
             try {
                 if (ZIPPABLES.contains(archiveExt)) {
-                    BufferedInputStream in = new BufferedInputStream(fis);
+                    final BufferedInputStream in = new BufferedInputStream(fis);
                     ensureReadableJar(archiveExt, in);
                     extractArchive(new ZipArchiveInputStream(in), destination, engine);
                 } else if ("tar".equals(archiveExt)) {
@@ -413,7 +413,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
     private void ensureReadableJar(final String archiveExt, BufferedInputStream in) throws IOException {
         if ("jar".equals(archiveExt) && in.markSupported()) {
             in.mark(7);
-            byte[] b = new byte[7];
+            final byte[] b = new byte[7];
             in.read(b);
             if (b[0] == '#'
                     && b[1] == '!'

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java

@@ -574,15 +574,13 @@ public class CPEAnalyzer implements Analyzer {
                         final String url = String.format(NVD_SEARCH_URL, URLEncoder.encode(vs.getName(), "UTF-8"));
                         final IdentifierMatch match = new IdentifierMatch("cpe", vs.getName(), url, IdentifierConfidence.EXACT_MATCH, conf);
                         collected.add(match);
-                    } else //TODO the following isn't quite right is it? need to think about this guessing game a bit more.
+                    } else//TODO the following isn't quite right is it? need to think about this guessing game a bit more.
-                    {
+                    if (evVer.getVersionParts().size() <= dbVer.getVersionParts().size()
-                        if (evVer.getVersionParts().size() <= dbVer.getVersionParts().size()
+                            && evVer.matchesAtLeastThreeLevels(dbVer)) {
-                                && evVer.matchesAtLeastThreeLevels(dbVer)) {
+                        if (bestGuessConf == null || bestGuessConf.compareTo(conf) > 0) {
-                            if (bestGuessConf == null || bestGuessConf.compareTo(conf) > 0) {
+                            if (bestGuess.getVersionParts().size() < dbVer.getVersionParts().size()) {
-                                if (bestGuess.getVersionParts().size() < dbVer.getVersionParts().size()) {
+                                bestGuess = dbVer;
-                                    bestGuess = dbVer;
+                                bestGuessConf = conf;
-                                    bestGuessConf = conf;
-                                }
                             }
                         }
                     }

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java

@@ -32,7 +32,6 @@ import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.dependency.Evidence;
 import org.owasp.dependencycheck.exception.InitializationException;
 import org.owasp.dependencycheck.xml.suppression.PropertyType;
-import org.owasp.dependencycheck.xml.suppression.SuppressionParseException;
 import org.owasp.dependencycheck.utils.DownloadFailedException;
 import org.owasp.dependencycheck.utils.Downloader;
 import org.owasp.dependencycheck.utils.FileUtils;
@@ -279,7 +278,7 @@ public class HintAnalyzer extends AbstractAnalyzer implements Analyzer {
     /**
      * Loads the hint rules file.
      *
-     * @throws SuppressionParseException thrown if the XML cannot be parsed.
+     * @throws HintParseException thrown if the XML cannot be parsed.
      */
     private void loadHintRules() throws HintParseException {
         final HintParser parser = new HintParser();
@@ -327,7 +326,7 @@ public class HintAnalyzer extends AbstractAnalyzer implements Analyzer {
 
             if (file != null) {
                 try {
-                    Hints newHints = parser.parseHints(file);
+                    final Hints newHints = parser.parseHints(file);
                     hints.getHintRules().addAll(newHints.getHintRules());
                     hints.getVendorDuplicatingHintRules().addAll(newHints.getVendorDuplicatingHintRules());
                     LOGGER.debug("{} hint rules were loaded.", hints.getHintRules().size());

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java

@@ -39,7 +39,6 @@ import java.util.jar.Attributes;
 import java.util.jar.JarEntry;
 import java.util.jar.JarFile;
 import java.util.jar.Manifest;
-import java.util.logging.Level;
 import java.util.regex.Pattern;
 import java.util.zip.ZipEntry;
 import org.apache.commons.compress.utils.IOUtils;
@@ -646,9 +645,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
      * @return whether evidence was identified parsing the manifest
      * @throws IOException if there is an issue reading the JAR file
      */
-    protected boolean parseManifest(Dependency dependency,
+    protected boolean parseManifest(Dependency dependency, List<ClassNameInformation> classInformation) throws IOException {
-            List<ClassNameInformation> classInformation)
-            throws IOException {
         boolean foundSomething = false;
         JarFile jar = null;
         try {
@@ -667,7 +664,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
             final EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
             final EvidenceCollection productEvidence = dependency.getProductEvidence();
             final EvidenceCollection versionEvidence = dependency.getVersionEvidence();
-
             String source = "Manifest";
             String specificationVersion = null;
             boolean hasImplementationVersion = false;
@@ -784,7 +780,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
                     }
                 }
             }
-
             for (Map.Entry<String, Attributes> item : manifest.getEntries().entrySet()) {
                 final String name = item.getKey();
                 source = "manifest: " + name;

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java

@@ -52,6 +52,9 @@ import org.owasp.dependencycheck.exception.InitializationException;
 @Experimental
 public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
 
+    /**
+     * The logger.
+     */
     private static final Logger LOGGER = LoggerFactory.getLogger(RubyBundleAuditAnalyzer.class);
 
     /**
@@ -150,7 +153,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
             setEnabled(false);
             cvedb.close();
             cvedb = null;
-            String msg = String.format("Exception from bundle-audit process: %s. Disabling %s", ae.getCause(), ANALYZER_NAME);
+            final String msg = String.format("Exception from bundle-audit process: %s. Disabling %s", ae.getCause(), ANALYZER_NAME);
             throw new InitializationException(msg, ae);
         } catch (IOException ex) {
             setEnabled(false);
@@ -162,12 +165,12 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
             exitValue = process.waitFor();
         } catch (InterruptedException ex) {
             setEnabled(false);
-            String msg = String.format("Bundle-audit process was interupted. Disabling %s", ANALYZER_NAME);
+            final String msg = String.format("Bundle-audit process was interupted. Disabling %s", ANALYZER_NAME);
             throw new InitializationException(msg);
         }
         if (0 == exitValue) {
             setEnabled(false);
-            String msg = String.format("Unexpected exit code from bundle-audit process. Disabling %s: %s", ANALYZER_NAME, exitValue);
+            final String msg = String.format("Unexpected exit code from bundle-audit process. Disabling %s: %s", ANALYZER_NAME, exitValue);
             throw new InitializationException(msg);
         } else {
             BufferedReader reader = null;

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java

@@ -48,8 +48,8 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 /**
- * An in memory lucene index that contains the vendor/product combinations from the CPE (application) identifiers within the NVD
+ * An in memory lucene index that contains the vendor/product combinations from
- * CVE data.
+ * the CPE (application) identifiers within the NVD CVE data.
  *
  * @author Jeremy Long
  */
@@ -144,19 +144,6 @@ public final class CpeMemoryIndex {
         return openState;
     }
 
-    /**
-     * Creates the indexing analyzer for the CPE Index.
-     *
-     * @return the CPE Analyzer.
-     * @deprecated the search field analyzer must be used to include the token concatenating filter.
-     */
-    @Deprecated
-    private Analyzer createIndexingAnalyzer() {
-        final Map<String, Analyzer> fieldAnalyzers = new HashMap<String, Analyzer>();
-        fieldAnalyzers.put(Fields.DOCUMENT_KEY, new KeywordAnalyzer());
-        return new PerFieldAnalyzerWrapper(new FieldAnalyzer(LuceneUtils.CURRENT_VERSION), fieldAnalyzers);
-    }
-
     /**
      * Creates an Analyzer for searching the CPE Index.
      *
@@ -275,7 +262,8 @@ public final class CpeMemoryIndex {
      * @param maxQueryResults the maximum number of documents to return
      * @return the TopDocs found by the search
      * @throws ParseException thrown when the searchString is invalid
-     * @throws IOException is thrown if there is an issue with the underlying Index
+     * @throws IOException is thrown if there is an issue with the underlying
+     * Index
      */
     public TopDocs search(String searchString, int maxQueryResults) throws ParseException, IOException {
         if (searchString == null || searchString.trim().isEmpty()) {

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/FieldAnalyzer.java

@@ -34,7 +34,7 @@ import org.apache.lucene.util.Version;
  * index the CPE fields vendor and product.</p>
  *
  * @author Jeremy Long
- * @Deprecated the field analyzer should not be used, instead use the
+ * @deprecated the field analyzer should not be used, instead use the
  * SearchFieldAnalyzer so that the token analyzing filter is used.
  */
 @Deprecated

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java

@@ -68,10 +68,9 @@ public class CveDB {
     private ResourceBundle statementBundle = null;
 
     /**
-     * Creates a new CveDB object and opens the database
+     * Creates a new CveDB object and opens the database connection. Note, the
-     * connection. Note, the connection must be closed by the caller by calling
+     * connection must be closed by the caller by calling the close method.
-     * the close method. ======= Does the underlying connection support batch
+     * ======= Does the underlying connection support batch operations?
-     * operations?
      */
     private boolean batchSupported;
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/cpe/CPEHandler.java

@@ -43,9 +43,10 @@ public class CPEHandler extends DefaultHandler {
     /**
      * The Starts with expression to filter CVE entries by CPE.
      */
-    private static final String CPE_STARTS_WITH = Settings.getString(Settings.KEYS.CVE_CPE_STARTS_WITH_FILTER,"cpe:/a:");
+    private static final String CPE_STARTS_WITH = Settings.getString(Settings.KEYS.CVE_CPE_STARTS_WITH_FILTER, "cpe:/a:");
     /**
-     * The text content of the node being processed. This can be used during the end element event.
+     * The text content of the node being processed. This can be used during the
+     * end element event.
      */
     private StringBuilder nodeText = null;
     /**
@@ -77,7 +78,8 @@ public class CPEHandler extends DefaultHandler {
      * @param localName the local name
      * @param qName the qualified name
      * @param attributes the attributes
-     * @throws SAXException thrown if there is an exception processing the element
+     * @throws SAXException thrown if there is an exception processing the
+     * element
      */
     @Override
     public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
@@ -128,7 +130,8 @@ public class CPEHandler extends DefaultHandler {
      * @param ch the char array
      * @param start the start position of the data read
      * @param length the length of the data read
-     * @throws SAXException thrown if there is an exception processing the characters
+     * @throws SAXException thrown if there is an exception processing the
+     * characters
      */
     @Override
     public void characters(char[] ch, int start, int length) throws SAXException {
@@ -138,12 +141,14 @@ public class CPEHandler extends DefaultHandler {
     }
 
     /**
-     * Handles the end element event. Stores the CPE data in the Cve Database if the cpe item node is ending.
+     * Handles the end element event. Stores the CPE data in the Cve Database if
+     * the cpe item node is ending.
      *
      * @param uri the element's uri
      * @param localName the local name
      * @param qName the qualified name
-     * @throws SAXException thrown if there is an exception processing the element
+     * @throws SAXException thrown if there is an exception processing the
+     * element
      */
     @Override
     public void endElement(String uri, String localName, String qName) throws SAXException {
@@ -182,7 +187,8 @@ public class CPEHandler extends DefaultHandler {
 
     // <editor-fold defaultstate="collapsed" desc="The Element Class that maintains state information about the current node">
     /**
-     * A simple class to maintain information about the current element while parsing the CPE XML.
+     * A simple class to maintain information about the current element while
+     * parsing the CPE XML.
      */
     protected static final class Element {
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/UpdateableNvdCve.java

@@ -36,6 +36,9 @@ import org.slf4j.LoggerFactory;
  */
 public class UpdateableNvdCve implements Iterable<NvdCveInfo>, Iterator<NvdCveInfo> {
 
+    /**
+     * A reference to the logger.
+     */
     private static final Logger LOGGER = LoggerFactory.getLogger(UpdateableNvdCve.class);
     /**
      * A collection of sources of data.

dependency-check-core/src/main/java/org/owasp/dependencycheck/exception/ExceptionCollection.java

@@ -140,6 +140,7 @@ public class ExceptionCollection extends Exception {
      * Adds an exception to the collection.
      *
      * @param ex the exception to add
+     * @param fatal flag indicating if this is a fatal error
      */
     public void addException(Throwable ex, boolean fatal) {
         addException(ex);
@@ -153,7 +154,7 @@ public class ExceptionCollection extends Exception {
     private boolean fatal = false;
 
     /**
-     * Get the value of fatal
+     * Get the value of fatal.
      *
      * @return the value of fatal
      */
@@ -162,7 +163,7 @@ public class ExceptionCollection extends Exception {
     }
 
     /**
-     * Set the value of fatal
+     * Set the value of fatal.
      *
      * @param fatal new value of fatal
      */

dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintHandler.java

@@ -201,7 +201,7 @@ public class HintHandler extends DefaultHandler {
     /**
      * Handles the end element event.
      *
-     * @param uri the element's uri
+     * @param uri the element's URI
      * @param localName the local name
      * @param qName the qualified name
      * @throws SAXException thrown if there is an exception processing the

dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/Hints.java

@@ -32,7 +32,7 @@ public class Hints {
     private List<HintRule> hintRules;
 
     /**
-     * Get the value of hintRules
+     * Get the value of hintRules.
      *
      * @return the value of hintRules
      */
@@ -41,7 +41,7 @@ public class Hints {
     }
 
     /**
-     * Set the value of hintRules
+     * Set the value of hintRules.
      *
      * @param hintRules new value of hintRules
      */
@@ -55,7 +55,7 @@ public class Hints {
     private List<VendorDuplicatingHintRule> vendorDuplicatingHintRules;
 
     /**
-     * Get the value of vendorDuplicatingHintRules
+     * Get the value of vendorDuplicatingHintRules.
      *
      * @return the value of vendorDuplicatingHintRules
      */
@@ -64,12 +64,11 @@ public class Hints {
     }
 
     /**
-     * Set the value of vendorDuplicatingHintRules
+     * Set the value of vendorDuplicatingHintRules.
      *
      * @param vendorDuplicatingHintRules new value of vendorDuplicatingHintRules
      */
     public void setVendorDuplicatingHintRules(List<VendorDuplicatingHintRule> vendorDuplicatingHintRules) {
         this.vendorDuplicatingHintRules = vendorDuplicatingHintRules;
     }
-
 }

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java

@@ -25,7 +25,6 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Locale;
 import java.util.Set;
-import org.apache.maven.MavenExecutionException;
 import org.apache.maven.plugin.MojoExecutionException;
 import org.apache.maven.plugin.MojoFailureException;
 import org.apache.maven.plugins.annotations.LifecyclePhase;
@@ -130,9 +129,9 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
                 try {
                     writeReports(engine, current, outputDir);
                 } catch (ReportException ex) {
-                    ExceptionCollection exCol =  (ExceptionCollection) engine.getExecutionRoot().getContextValue(AGGREGATE_EXCEPTIONS);
+                    ExceptionCollection exCol = (ExceptionCollection) engine.getExecutionRoot().getContextValue(AGGREGATE_EXCEPTIONS);
                     if (exCol == null) {
-                        exCol = new ExceptionCollection("Error writing aggregate report",ex);
+                        exCol = new ExceptionCollection("Error writing aggregate report", ex);
                     } else {
                         exCol.addException(ex);
                     }

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java

@@ -85,6 +85,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
 
     /**
      * Returns if the mojo should fail the build if an exception occurs.
+     *
      * @return whether or not the mojo should fail the build
      */
     protected boolean isFailOnError() {
@@ -1079,8 +1080,8 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
      * scan data between the "check" and "aggregate" phase.
      *
      * @param project the Maven project to read the data file from
-     * @return a <code>MavenEngine</code> object populated with dependencies if the
+     * @return a <code>MavenEngine</code> object populated with dependencies if
-     * serialized data file exists; otherwise <code>null</code> is returned
+     * the serialized data file exists; otherwise <code>null</code> is returned
      */
     protected List<Dependency> readDataFile(MavenProject project) {
         final Object oPath = project.getContextValue(this.getDataFileContextKey());

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java

@@ -106,7 +106,7 @@ public class CheckMojo extends BaseDependencyCheckMojo {
                         writeReports(engine, getProject(), getCorrectOutputDirectory());
                     } catch (ReportException ex) {
                         if (this.isFailOnError()) {
-                            if (exCol!= null) {
+                            if (exCol != null) {
                                 exCol.addException(ex);
                             } else {
                                 exCol = new ExceptionCollection("Unable to write the dependency-check report", ex);

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/UpdateMojo.java

@@ -111,5 +111,4 @@ public class UpdateMojo extends BaseDependencyCheckMojo {
     public String getDescription(Locale locale) {
         return "Updates the local cache of the NVD data from NIST.";
     }
-    
 }