code cleanup, checkstyle, codacy, findbugs, etc.

2026-01-15 08:13:43 +01:00 · 2017-12-02 08:06:16 -05:00
parent a7dddfa905
commit c6363fde7a
5 changed files with 23 additions and 49 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractNpmAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractNpmAnalyzer.java
@@ -77,7 +77,7 @@ public abstract class AbstractNpmAnalyzer extends AbstractFileTypeAnalyzer {
                    accept = false;
                }
            } catch (IOException ex) {
-                throw new RuntimeException(ex);
+                throw new RuntimeException("Unable to process dependency", ex);
            }
        }

@@ -211,38 +211,6 @@ public abstract class AbstractNpmAnalyzer extends AbstractFileTypeAnalyzer {
                if (DependencyBundlingAnalyzer.npmVersionsMatch(version, dependencyVersion)) {
                    return d;
                }
-//                if (dependencyVersion.startsWith("^") || dependencyVersion.startsWith("~")) {
-//                    dependencyVersion = dependencyVersion.substring(1);
-//                }
-//
-//                if (version.equals(dependencyVersion)) {
-//                    return d;
-//                }
-//                if (version.startsWith("^") || version.startsWith("~") || version.contains("*")) {
-//                    String type;
-//                    String tmp;
-//                    if (version.startsWith("^") || version.startsWith("~")) {
-//                        type = version.substring(0, 1);
-//                        tmp = version.substring(1);
-//                    } else {
-//                        type = "*";
-//                        tmp = version;
-//                    }
-//                    final String[] v = tmp.split(" ")[0].split("\\.");
-//                    final String[] depVersion = dependencyVersion.split("\\.");
-//
-//                    if ("^".equals(type) && v[0].equals(depVersion[0])) {
-//                        return d;
-//                    } else if ("~".equals(type) && v.length >= 2 && depVersion.length >= 2
-//                            && v[0].equals(depVersion[0]) && v[1].equals(depVersion[1])) {
-//                        return d;
-//                    } else if (v[0].equals("*")
-//                            || (v.length >= 2 && v[0].equals(depVersion[0]) && v[1].equals("*"))
-//                            || (v.length >= 3 && depVersion.length >= 2 && v[0].equals(depVersion[0])
-//                            && v[1].equals(depVersion[1]) && v[2].equals("*"))) {
-//                        return d;
-//                    }
-//                }
            }
        }
        return null;
@@ -295,6 +263,7 @@ public abstract class AbstractNpmAnalyzer extends AbstractFileTypeAnalyzer {
                        sb.append(array.getString(x));
                    }
                }
+                dependency.setLicense(sb.toString());
            } else {
                dependency.setLicense(json.getJsonObject("license").getString("type"));
            }
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
@@ -85,7 +85,8 @@ public class NodePackageAnalyzer extends AbstractNpmAnalyzer {
     */
    public static final String SHRINKWRAP_JSON = "npm-shrinkwrap.json";
    /**
-     * Filter that detects files named "package-lock.json" or "npm-shrinkwrap.json".
+     * Filter that detects files named "package-lock.json" or
+     * "npm-shrinkwrap.json".
     */
    private static final FileFilter PACKAGE_JSON_FILTER = FileFilterBuilder.newInstance()
            .addFilenames(PACKAGE_LOCK_JSON, SHRINKWRAP_JSON).build();
@@ -176,7 +177,7 @@ public class NodePackageAnalyzer extends AbstractNpmAnalyzer {
                return;
            }
        } catch (IOException ex) {
-            throw new RuntimeException(ex);
+            throw new AnalysisException("Unable to process dependency", ex);
        }
        final File baseDir = dependencyFile.getParentFile();
        if (PACKAGE_LOCK_JSON.equals(dependency.getFileName())) {
@@ -210,14 +211,15 @@ public class NodePackageAnalyzer extends AbstractNpmAnalyzer {
     * dependencies and then finding the package.json for the module and adding
     * it as a dependency.
     *
-     * @param json
-     * @param baseDir
-     * @param rootFile
-     * @param parentPackage
-     * @param engine
-     * @throws AnalysisException
+     * @param json the data to process
+     * @param baseDir the base directory being scanned
+     * @param rootFile the root package-lock/npm-shrinkwrap being analyzed
+     * @param parentPackage the parent package name of the current node
+     * @param engine a reference to the dependency-check engine
+     * @throws AnalysisException thrown if there is an exception
     */
-    private void processDependencies(final JsonObject json, File baseDir, File rootFile, final String parentPackage, Engine engine) throws AnalysisException {
+    private void processDependencies(JsonObject json, File baseDir, File rootFile,
+            String parentPackage, Engine engine) throws AnalysisException {
        if (json.containsKey("dependencies")) {
            final JsonObject deps = json.getJsonObject("dependencies");
            for (Map.Entry<String, JsonValue> entry : deps.entrySet()) {
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java
@@ -169,7 +169,7 @@ public class NspAnalyzer extends AbstractNpmAnalyzer {
                return;
            }
        } catch (IOException ex) {
-            throw new RuntimeException(ex);
+            throw new AnalysisException("Unable to process dependency", ex);
        }

        try (JsonReader jsonReader = Json.createReader(FileUtils.openInputStream(file))) {
@@ -206,7 +206,7 @@ public class NspAnalyzer extends AbstractNpmAnalyzer {
                 * Create a single vulnerable software object - these do not use CPEs unlike the NVD.
                 */
                final VulnerableSoftware vs = new VulnerableSoftware();
-                //TODO consider changing this to available versions on the dependency 
+                //TODO consider changing this to available versions on the dependency
                //  - the update is a part of the version, not versions to update to
                //vs.setUpdate(advisory.getPatchedVersions());

--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java
@@ -126,7 +126,7 @@ public class EscapeTool {
            return "\"\"";
        }
        final String str = text.trim().replace("\n", " ");
-        if (str.length()==0) {
+        if (str.length() == 0) {
            return "\"\"";
        }
        return StringEscapeUtils.escapeCsv(str);
@@ -155,7 +155,7 @@ public class EscapeTool {
                sb.append(id.getValue());
            }
        }
-        if (sb.length()==0) {
+        if (sb.length() == 0) {
            return "\"\"";
        }
        return StringEscapeUtils.escapeCsv(sb.toString());
@@ -184,7 +184,7 @@ public class EscapeTool {
                sb.append(id.getValue());
            }
        }
-        if (sb.length()==0) {
+        if (sb.length() == 0) {
            return "\"\"";
        }
        return StringEscapeUtils.escapeCsv(sb.toString());
@@ -213,7 +213,7 @@ public class EscapeTool {
                sb.append(id.getConfidence());
            }
        }
-        if (sb.length()==0) {
+        if (sb.length() == 0) {
            return "\"\"";
        }
        return StringEscapeUtils.escapeCsv(sb.toString());
@@ -242,7 +242,7 @@ public class EscapeTool {
                sb.append(id.getValue());
            }
        }
-        if (sb.length()==0) {
+        if (sb.length() == 0) {
            return "\"\"";
        }
        return StringEscapeUtils.escapeCsv(sb.toString());
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NspAnalyzerTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NspAnalyzerTest.java
@@ -91,6 +91,9 @@ public class NspAnalyzerTest extends BaseTest {
            final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "nsp/minimal-invalid.json"));
            analyzer.analyze(result, engine);
            // Upon analysis, not throwing an exception in this case, is all that's required to pass this test
+        } catch(Throwable ex) {
+            fail("This test should not throw an exception");
+            throw ex;
        }
    }
 }