checkstyle suggestions

2026-01-14 07:43:40 +01:00 · 2017-09-27 06:59:18 -04:00
parent 9c0a166b7d
commit cd018def91
7 changed files with 23 additions and 26 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
@@ -42,9 +42,7 @@ import org.slf4j.LoggerFactory;
 import java.io.File;
 import java.io.FileFilter;
 import java.io.IOException;
-import java.nio.file.CopyOption;
 import java.nio.file.Files;
-import java.nio.file.StandardCopyOption;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -61,12 +59,14 @@ import java.util.concurrent.Executors;
 import java.util.concurrent.Future;
 import java.util.concurrent.TimeUnit;
 import javax.annotation.concurrent.NotThreadSafe;
-
-import static org.owasp.dependencycheck.analyzer.AnalysisPhase.*;
 import org.owasp.dependencycheck.exception.H2DBLockException;
-import org.owasp.dependencycheck.utils.FileUtils;
 import org.owasp.dependencycheck.utils.H2DBLock;

+//CSOFF: AvoidStarImport
+import static org.owasp.dependencycheck.analyzer.AnalysisPhase.*;
+//CSON: AvoidStarImport
+
+
 /**
 * Scans files, directories, etc. for Dependencies. Analyzers are loaded and
 * used to process the files found by the scan, if a file is encountered and an
@@ -941,7 +941,7 @@ public class Engine implements FileFilter, AutoCloseable {
                    && settings.getString(Settings.KEYS.DB_CONNECTION_STRING).contains("file:%s")) {
                H2DBLock lock = null;
                try {
-                    File db = ConnectionFactory.getH2DataFile(settings);
+                    final File db = ConnectionFactory.getH2DataFile(settings);
                    if (db.isFile()) {
                        database.close();
                        if (lockRequired) {
@@ -949,12 +949,12 @@ public class Engine implements FileFilter, AutoCloseable {
                            lock.lock();
                        }
                        LOGGER.debug("copying database");
-                        File temp = settings.getTempDirectory();
-                        File tempDB = new File(temp, db.getName());
+                        final File temp = settings.getTempDirectory();
+                        final File tempDB = new File(temp, db.getName());
                        Files.copy(db.toPath(), tempDB.toPath());
                        LOGGER.debug("copying complete '{}'", temp.toPath());
                        settings.setString(Settings.KEYS.DATA_DIRECTORY, temp.getPath());
-                        String connStr = settings.getString(Settings.KEYS.DB_CONNECTION_STRING);
+                        final String connStr = settings.getString(Settings.KEYS.DB_CONNECTION_STRING);
                        settings.setString(Settings.KEYS.DB_CONNECTION_STRING, connStr + "ACCESS_MODE_DATA=r");
                        database = new CveDB(settings);
                    }
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java
@@ -937,7 +937,7 @@ public class DependencyCheckScanAgent {
                LOGGER.error("Continuing execution");
            }
        }
-        
+
        settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
        settings.setStringIfNotEmpty(Settings.KEYS.PROXY_SERVER, proxyServer);
        settings.setStringIfNotEmpty(Settings.KEYS.PROXY_PORT, proxyPort);
@@ -1028,7 +1028,6 @@ public class DependencyCheckScanAgent {
            final String msg = String.format("%n%nDependency-Check Failure:%n"
                    + "One or more dependencies were identified with vulnerabilities that have a CVSS score greater than '%.1f': %s%n"
                    + "See the dependency-check report for more details.%n%n", failBuildOnCVSS, ids.toString());
-            
            throw new ScanAgentException(msg);
        }
    }
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/NspSearch.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/NspSearch.java
@@ -28,8 +28,6 @@ import java.net.URL;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Map;
-import java.util.Set;
 import javax.annotation.concurrent.ThreadSafe;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.utils.Settings;
@@ -40,7 +38,6 @@ import javax.json.Json;
 import javax.json.JsonArray;
 import javax.json.JsonObject;
 import javax.json.JsonReader;
-import javax.json.JsonValue;
 import javax.json.JsonValue.ValueType;
 import static org.owasp.dependencycheck.analyzer.NspAnalyzer.DEFAULT_URL;
 import org.owasp.dependencycheck.utils.URLConnectionFailureException;
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java
@@ -253,7 +253,7 @@ public final class ConnectionFactory {
     * cannot be created
     */
    public static boolean h2DataFileExists(Settings configuration) throws IOException {
-        File file = getH2DataFile(configuration);
+        final File file = getH2DataFile(configuration);
        return file.exists();
    }

--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
@@ -50,9 +50,11 @@ import org.owasp.dependencycheck.utils.Settings;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

+//CSOFF: AvoidStarImport
+import static org.owasp.dependencycheck.data.nvdcve.CveDB.PreparedStatementCveDb.*;
+//CSON: AvoidStarImport
 import static org.apache.commons.collections.map.AbstractReferenceMap.HARD;
 import static org.apache.commons.collections.map.AbstractReferenceMap.SOFT;
-import static org.owasp.dependencycheck.data.nvdcve.CveDB.PreparedStatementCveDb.*;

 /**
 * The database holding information about the NVD CVE data. This class is safe
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve20Handler.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve20Handler.java
@@ -33,8 +33,9 @@ import org.xml.sax.Attributes;
 import org.xml.sax.SAXException;
 import org.xml.sax.SAXNotSupportedException;
 import org.xml.sax.helpers.DefaultHandler;
-
+//CSOFF: AvoidStarImport
 import static org.owasp.dependencycheck.data.update.nvd.NvdCve20Handler.AttributeValues.*;
+//CSON: AvoidStarImport

 /**
 * A SAX Handler that will parse the NVD CVE XML (schema version 2.0).
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBLock.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBLock.java
@@ -18,8 +18,6 @@
 package org.owasp.dependencycheck.utils;

 import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.RandomAccessFile;
 import java.nio.channels.FileLock;
@@ -78,8 +76,8 @@ public class H2DBLock {
     */
    public H2DBLock(Settings settings) {
        this.settings = settings;
-        byte[] random = new byte[16];
-        SecureRandom gen = new SecureRandom();
+        final byte[] random = new byte[16];
+        final SecureRandom gen = new SecureRandom();
        gen.nextBytes(random);
        magic = Checksum.getHex(random);
    }
@@ -122,13 +120,13 @@ public class H2DBLock {
                        file.getChannel().force(true);
                        Thread.sleep(20);
                        file.seek(0);
-                        String current = file.readLine();
+                        final String current = file.readLine();
                        if (current != null && !current.equals(magic)) {
                            lock.close();
                            lock = null;
                            LOGGER.debug("Another process obtained a lock first ({})", Thread.currentThread().getName());
                        } else {
-                            Timestamp timestamp = new Timestamp(System.currentTimeMillis());
+                            final Timestamp timestamp = new Timestamp(System.currentTimeMillis());
                            LOGGER.debug("Lock file created ({}) {} @ {}", Thread.currentThread().getName(), magic, timestamp.toString());
                        }
                    }
@@ -146,7 +144,7 @@ public class H2DBLock {
                }
                if (lock == null || !lock.isValid()) {
                    try {
-                        Timestamp timestamp = new Timestamp(System.currentTimeMillis());
+                        final Timestamp timestamp = new Timestamp(System.currentTimeMillis());
                        LOGGER.debug("Sleeping thread {} ({}) for 10 seconds because an exclusive lock on the database could not be obtained ({})",
                                Thread.currentThread().getName(), magic, timestamp.toString());
                        Thread.sleep(SLEEP_DURATION);
@@ -186,7 +184,7 @@ public class H2DBLock {
        }
        if (lockFile != null && lockFile.isFile()) {
            try (RandomAccessFile f = new RandomAccessFile(lockFile, "rw")) {
-                String m = f.readLine();
+                final String m = f.readLine();
                //yes, we are explicitly calling close on an auto-closable object - this is so we can delete the file.
                f.close();
                if (m != null && m.equals(magic) && !lockFile.delete()) {
@@ -198,7 +196,7 @@ public class H2DBLock {
            }
        }
        lockFile = null;
-        Timestamp timestamp = new Timestamp(System.currentTimeMillis());
+        final Timestamp timestamp = new Timestamp(System.currentTimeMillis());
        LOGGER.debug("Lock released ({}) {} @ {}", Thread.currentThread().getName(), magic, timestamp.toString());
    }