github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 00:03:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

codacy recommended updates

Browse Source
This commit is contained in:
Jeremy Long
2017-02-17 14:20:43 -05:00
parent 36945fb84d
commit c9e8e6cf0e
17 changed files with 102 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
dependency-check-cli/src/test/java/org/owasp/dependencycheck/AppTest.java
View File

@@ -17,10 +17,6 @@
*/
package org.owasp.dependencycheck;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
@@ -29,26 +25,6 @@ import static org.junit.Assert.*;
* @author jeremy
*/
public class AppTest {
public AppTest() {
}
@BeforeClass
public static void setUpClass() {
}
@AfterClass
public static void tearDownClass() {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of ensureCanonicalPath method, of class App.
*/

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
View File

@@ -606,7 +606,7 @@ public class Engine implements FileFilter {
* @param analyzer the analyzer to obtain an executor
* @return the executor service
*/
ExecutorService getExecutorService(Analyzer analyzer) {
protected ExecutorService getExecutorService(Analyzer analyzer) {
if (analyzer.supportsParallelProcessing()) {
// just a fair trade-off that should be reasonable for all analyzer types
final int maximumNumberOfThreads = 4 * Runtime.getRuntime().availableProcessors();

5
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
View File

@@ -810,10 +810,7 @@ public class CPEAnalyzer extends AbstractAnalyzer {
if (this.confidence != other.confidence) {
return false;
}
if (this.identifier != other.identifier && (this.identifier == null || !this.identifier.equals(other.identifier))) {
return false;
}
return true;
return !(this.identifier != other.identifier && (this.identifier == null || !this.identifier.equals(other.identifier)));
}
//</editor-fold>

5
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -168,11 +168,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
//</editor-fold>
/**
* Constructs a new JarAnalyzer.
*/
public JarAnalyzer() {
}
//<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer">
/**

5
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java
View File

@@ -44,10 +44,7 @@ public class NvdCveAnalyzer extends AbstractAnalyzer {
* The Logger for use throughout the class
*/
private static final org.slf4j.Logger LOGGER = LoggerFactory.getLogger(NvdCveAnalyzer.class);
/**
* The maximum number of query results to return.
*/
private static final int MAX_QUERY_RESULTS = 100;
/**
* The CVE Index.
*/

6
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nuget/NugetPackage.java
View File

@@ -53,12 +53,6 @@ public class NugetPackage {
*/
private String licenseUrl;
/**
* Creates an empty NugetPackage.
*/
public NugetPackage() {
}
/**
* Sets the id.
* @param id the id

5
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java
View File

@@ -138,10 +138,7 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp
return false;
}
final VulnerableSoftware other = (VulnerableSoftware) obj;
if ((this.name == null) ? (other.getName() != null) : !this.name.equals(other.getName())) {
return false;
}
return true;
return !((this.name == null) ? (other.getName() != null) : !this.name.equals(other.getName()));
}
/**

21
dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/VelocityLoggerRedirect.java
View File

@@ -24,12 +24,15 @@ import org.slf4j.LoggerFactory;
/**
* <p>
* DependencyCheck uses {@link org.slf4j.Logger} as a logging framework, and Apache Velocity uses a custom logging implementation
* that outputs to a file named velocity.log by default. This class is an implementation of a custom Velocity logger that
* redirects all velocity logging to the Java Logger class.
* DependencyCheck uses {@link org.slf4j.Logger} as a logging framework, and
* Apache Velocity uses a custom logging implementation that outputs to a file
* named velocity.log by default. This class is an implementation of a custom
* Velocity logger that redirects all velocity logging to the Java Logger class.
* </p><p>
* This class was written to address permission issues when using Dependency-Check in a server environment (such as the Jenkins
* plugin). In some circumstances, Velocity would attempt to create velocity.log in an un-writable directory.</p>
* This class was written to address permission issues when using
* Dependency-Check in a server environment (such as the Jenkins plugin). In
* some circumstances, Velocity would attempt to create velocity.log in an
* un-writable directory.</p>
*
* @author Steve Springett
*/
@@ -51,7 +54,8 @@ public class VelocityLoggerRedirect implements LogChute {
}
/**
* Given a Velocity log level and message, this method will call the appropriate Logger level and log the specified values.
* Given a Velocity log level and message, this method will call the
* appropriate Logger level and log the specified values.
*
* @param level the logging level
* @param message the message to be logged
@@ -76,12 +80,13 @@ public class VelocityLoggerRedirect implements LogChute {
break;
default:
LOGGER.info(message);
break;
}
}
/**
* Given a Velocity log level, message and Throwable, this method will call the appropriate Logger level and log the specified
* values.
* Given a Velocity log level, message and Throwable, this method will call
* the appropriate Logger level and log the specified values.
*
* @param level the logging level
* @param message the message to be logged

23
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerIntegrationTest.java
View File

@@ -26,6 +26,7 @@ import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.BaseDBTestCase;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.exception.InitializationException;
import org.owasp.dependencycheck.utils.Settings;
/**
@@ -94,15 +95,21 @@ public class ArchiveAnalyzerIntegrationTest extends BaseDBTestCase {
* Test of initialize and close methods, of class ArchiveAnalyzer.
*/
@Test
public void testInitialize() throws Exception {
public void testInitialize() {
ArchiveAnalyzer instance = new ArchiveAnalyzer();
instance.setEnabled(true);
instance.setFilesMatched(true);
instance.initialize();
instance.close();
//no exception means things worked.
try {
instance.setEnabled(true);
instance.setFilesMatched(true);
instance.initialize();
} catch (InitializationException ex) {
fail(ex.getMessage());
} finally {
try {
instance.close();
} catch (Exception ex) {
fail(ex.getMessage());
}
}
}
/**

32
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java
View File

@@ -24,7 +24,7 @@ import java.util.List;
import java.util.Set;
import org.apache.lucene.index.CorruptIndexException;
import org.apache.lucene.queryparser.classic.ParseException;
import org.junit.Assert;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
@@ -61,19 +61,19 @@ public class CPEAnalyzerIntegrationTest extends BaseDBTestCase {
String queryText = instance.buildSearch(vendor, product, null, null);
String expResult = " product:( struts 2 core ) AND vendor:( apache software foundation ) ";
Assert.assertTrue(expResult.equals(queryText));
assertTrue(expResult.equals(queryText));
queryText = instance.buildSearch(vendor, product, null, productWeightings);
expResult = " product:( struts^5 struts2^5 2 core ) AND vendor:( apache software foundation ) ";
Assert.assertTrue(expResult.equals(queryText));
assertTrue(expResult.equals(queryText));
queryText = instance.buildSearch(vendor, product, vendorWeightings, null);
expResult = " product:( struts 2 core ) AND vendor:( apache^5 software foundation ) ";
Assert.assertTrue(expResult.equals(queryText));
assertTrue(expResult.equals(queryText));
queryText = instance.buildSearch(vendor, product, vendorWeightings, productWeightings);
expResult = " product:( struts^5 struts2^5 2 core ) AND vendor:( apache^5 software foundation ) ";
Assert.assertTrue(expResult.equals(queryText));
assertTrue(expResult.equals(queryText));
}
/**
@@ -133,10 +133,10 @@ public class CPEAnalyzerIntegrationTest extends BaseDBTestCase {
if (expResult != null) {
Identifier expIdentifier = new Identifier("cpe", expResult, expResult);
Assert.assertTrue("Incorrect match: { dep:'" + dep.getFileName() + "' }", dep.getIdentifiers().contains(expIdentifier));
assertTrue("Incorrect match: { dep:'" + dep.getFileName() + "' }", dep.getIdentifiers().contains(expIdentifier));
} else {
for (Identifier i : dep.getIdentifiers()) {
Assert.assertFalse(String.format("%s - found a CPE identifier when should have been none (found '%s')", dep.getFileName(), i.getValue()), "cpe".equals(i.getType()));
assertFalse(String.format("%s - found a CPE identifier when should have been none (found '%s')", dep.getFileName(), i.getValue()), "cpe".equals(i.getType()));
}
}
}
@@ -189,24 +189,18 @@ public class CPEAnalyzerIntegrationTest extends BaseDBTestCase {
instance.determineCPE(spring);
instance.determineCPE(spring3);
instance.close();
String expResult = "cpe:/a:apache:struts:2.1.2";
Identifier expIdentifier = new Identifier("cpe", expResult, expResult);
String expResultSpring = "cpe:/a:springsource:spring_framework:2.5.5";
String expResultSpring3 = "cpe:/a:vmware:springsource_spring_framework:3.0.0";
for (Identifier i : commonValidator.getIdentifiers()) {
Assert.assertFalse("Apache Common Validator - found a CPE identifier?", "cpe".equals(i.getType()));
assertFalse("Apache Common Validator - found a CPE identifier?", "cpe".equals(i.getType()));
}
Assert.assertTrue("Incorrect match size - struts", struts.getIdentifiers().size() >= 1);
Assert.assertTrue("Incorrect match - struts", struts.getIdentifiers().contains(expIdentifier));
Assert.assertTrue("Incorrect match size - spring3 - " + spring3.getIdentifiers().size(), spring3.getIdentifiers().size() >= 1);
assertTrue("Incorrect match size - struts", struts.getIdentifiers().size() >= 1);
assertTrue("Incorrect match - struts", struts.getIdentifiers().contains(expIdentifier));
assertTrue("Incorrect match size - spring3 - " + spring3.getIdentifiers().size(), spring3.getIdentifiers().size() >= 1);
//the following two only work if the HintAnalyzer is used.
//Assert.assertTrue("Incorrect match size - spring", spring.getIdentifiers().size() == 1);
//Assert.assertTrue("Incorrect match - spring", spring.getIdentifiers().get(0).getValue().equals(expResultSpring));
jarAnalyzer.close();
}
@@ -243,7 +237,6 @@ public class CPEAnalyzerIntegrationTest extends BaseDBTestCase {
public void testSearchCPE() throws Exception {
String vendor = "apache software foundation";
String product = "struts 2 core";
String version = "2.1.2";
String expVendor = "apache";
String expProduct = "struts";
@@ -251,9 +244,7 @@ public class CPEAnalyzerIntegrationTest extends BaseDBTestCase {
instance.open();
Set<String> productWeightings = Collections.singleton("struts2");
Set<String> vendorWeightings = Collections.singleton("apache");
List<IndexEntry> result = instance.searchCPE(vendor, product, vendorWeightings, productWeightings);
instance.close();
@@ -265,6 +256,5 @@ public class CPEAnalyzerIntegrationTest extends BaseDBTestCase {
}
}
assertTrue("apache:struts was not identified", found);
}
}

23
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzerTest.java
View File

@@ -20,15 +20,17 @@ package org.owasp.dependencycheck.analyzer;
import java.io.File;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.exception.InitializationException;
/**
*
* @author Jeremy Long
*/
public class FileNameAnalyzerTest extends BaseTest {
public class FileNameAnalyzerTest extends BaseTest {
/**
* Test of getName method, of class FileNameAnalyzer.
@@ -76,19 +78,26 @@ public class FileNameAnalyzerTest extends BaseTest {
* Test of initialize method, of class FileNameAnalyzer.
*/
@Test
public void testInitialize() throws Exception {
public void testInitialize() {
FileNameAnalyzer instance = new FileNameAnalyzer();
instance.initialize();
assertTrue(true); //initialize does nothing.
try {
instance.initialize();
} catch (InitializationException ex) {
fail(ex.getMessage());
}
assertTrue(instance.isEnabled());
}
/**
* Test of close method, of class FileNameAnalyzer.
*/
@Test
public void testClose() throws Exception {
public void testClose() {
FileNameAnalyzer instance = new FileNameAnalyzer();
instance.close();
assertTrue(true); //close does nothing.
try {
instance.close();
} catch (Exception ex) {
fail(ex.getMessage());
}
}
}

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/HintAnalyzerTest.java
View File

@@ -63,8 +63,6 @@ public class HintAnalyzerTest extends BaseDBTestCase {
*/
@Test
public void testAnalyze() throws Exception {
HintAnalyzer instance = new HintAnalyzer();
//File guice = new File(this.getClass().getClassLoader().getResource("guice-3.0.jar").getPath());
File guice = BaseTest.getResourceAsFile(this, "guice-3.0.jar");
//Dependency guice = new Dependency(fileg);

45
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java
View File

@@ -29,6 +29,7 @@ import java.io.File;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
/**
* Unit tests for PythonDistributionAnalyzer.
@@ -93,13 +94,15 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
/**
* Test of inspect method, of class PythonDistributionAnalyzer.
*
* @throws AnalysisException is thrown when an exception occurs.
*/
@Test
public void testAnalyzeWheel() throws AnalysisException {
djangoAssertions(new Dependency(BaseTest.getResourceAsFile(this,
"python/Django-1.7.2-py2.py3-none-any.whl")));
public void testAnalyzeWheel() {
try {
djangoAssertions(new Dependency(BaseTest.getResourceAsFile(this,
"python/Django-1.7.2-py2.py3-none-any.whl")));
} catch (AnalysisException ex) {
fail(ex.getMessage());
}
}
/**
@@ -131,23 +134,39 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
}
@Test
public void testAnalyzeEggInfoFolder() throws AnalysisException {
eggtestAssertions(this, "python/site-packages/EggTest.egg-info/PKG-INFO");
public void testAnalyzeEggInfoFolder() {
try {
eggtestAssertions(this, "python/site-packages/EggTest.egg-info/PKG-INFO");
} catch (AnalysisException ex) {
fail(ex.getMessage());
}
}
@Test
public void testAnalyzeEggArchive() throws AnalysisException {
eggtestAssertions(this, "python/dist/EggTest-0.0.1-py2.7.egg");
public void testAnalyzeEggArchive() {
try {
eggtestAssertions(this, "python/dist/EggTest-0.0.1-py2.7.egg");
} catch (AnalysisException ex) {
fail(ex.getMessage());
}
}
@Test
public void testAnalyzeEggArchiveNamedZip() throws AnalysisException {
eggtestAssertions(this, "python/dist/EggTest-0.0.1-py2.7.zip");
public void testAnalyzeEggArchiveNamedZip() {
try {
eggtestAssertions(this, "python/dist/EggTest-0.0.1-py2.7.zip");
} catch (AnalysisException ex) {
fail(ex.getMessage());
}
}
@Test
public void testAnalyzeEggFolder() throws AnalysisException {
eggtestAssertions(this, "python/site-packages/EggTest-0.0.1-py2.7.egg/EGG-INFO/PKG-INFO");
public void testAnalyzeEggFolder() {
try {
eggtestAssertions(this, "python/site-packages/EggTest-0.0.1-py2.7.egg/EGG-INFO/PKG-INFO");
} catch (AnalysisException ex) {
fail(ex.getMessage());
}
}
public void eggtestAssertions(Object context, final String resource) throws AnalysisException {

3
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java
View File

@@ -44,6 +44,7 @@ import org.owasp.dependencycheck.exception.ExceptionCollection;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import static org.junit.Assert.fail;
/**
* Unit tests for {@link RubyBundleAuditAnalyzer}.
@@ -187,7 +188,7 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
engine.analyzeDependencies();
} catch (NullPointerException ex) {
LOGGER.error("NPE", ex);
throw ex;
fail(ex.getMessage());
} catch (ExceptionCollection ex) {
Assume.assumeNoException("Exception setting up RubyBundleAuditAnalyzer; bundle audit may not be installed, or property \"analyzer.bundle.audit.path\" may not be set.", ex);
}

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nuget/XPathNuspecParserTest.java
View File

@@ -65,7 +65,7 @@ public class XPathNuspecParserTest extends BaseTest {
final ByteArrayOutputStream myOut = new ByteArrayOutputStream();
System.setErr(new PrintStream(myOut));
NugetPackage np = parser.parse(is);
parser.parse(is);
}
/**

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DriverLoaderTest.java
View File

@@ -144,6 +144,6 @@ public class DriverLoaderTest extends BaseTest {
//File testClassPath = (new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath())).getParentFile();
File testClassPath = BaseTest.getResourceAsFile(this, "org.mortbay.jetty.jar").getParentFile();
File driver = new File(testClassPath, "../../src/test/bad/mysql-connector-java-5.1.27-bin.jar");
Driver d = DriverLoader.load(className, driver.getAbsolutePath());
DriverLoader.load(className, driver.getAbsolutePath());
}
}

13
dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/ChecksumTest.java
View File

@@ -21,7 +21,8 @@ import java.io.File;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import org.junit.Assert;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import org.junit.Rule;
import org.junit.Test;
@@ -53,9 +54,9 @@ public class ChecksumTest {
arraysAreEqual = result[i] == expResult[i];
}
} else {
Assert.fail("Checksum results do not match expected results.");
fail("Checksum results do not match expected results.");
}
Assert.assertTrue(arraysAreEqual);
assertTrue(arraysAreEqual);
}
/**
@@ -99,7 +100,7 @@ public class ChecksumTest {
//String expResult = "F0915C5F46B8CFA283E5AD67A09B3793";
String expResult = "f0915c5f46b8cfa283e5ad67a09b3793";
String result = Checksum.getMD5Checksum(file);
Assert.assertEquals(expResult, result);
assertEquals(expResult, result);
}
/**
@@ -113,7 +114,7 @@ public class ChecksumTest {
//String expResult = "B8A9FF28B21BCB1D0B50E24A5243D8B51766851A";
String expResult = "b8a9ff28b21bcb1d0b50e24a5243d8b51766851a";
String result = Checksum.getSHA1Checksum(file);
Assert.assertEquals(expResult, result);
assertEquals(expResult, result);
}
/**
@@ -125,6 +126,6 @@ public class ChecksumTest {
//String expResult = "000102030405060708090A0B0C0D0E0F10";
String expResult = "000102030405060708090a0b0c0d0e0f10";
String result = Checksum.getHex(raw);
Assert.assertEquals(expResult, result);
assertEquals(expResult, result);
}
}