diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java index aba15cfde..f4c23b905 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java @@ -42,9 +42,7 @@ import org.slf4j.LoggerFactory; import java.io.File; import java.io.FileFilter; import java.io.IOException; -import java.nio.file.CopyOption; import java.nio.file.Files; -import java.nio.file.StandardCopyOption; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; @@ -61,12 +59,14 @@ import java.util.concurrent.Executors; import java.util.concurrent.Future; import java.util.concurrent.TimeUnit; import javax.annotation.concurrent.NotThreadSafe; - -import static org.owasp.dependencycheck.analyzer.AnalysisPhase.*; import org.owasp.dependencycheck.exception.H2DBLockException; -import org.owasp.dependencycheck.utils.FileUtils; import org.owasp.dependencycheck.utils.H2DBLock; +//CSOFF: AvoidStarImport +import static org.owasp.dependencycheck.analyzer.AnalysisPhase.*; +//CSON: AvoidStarImport + + /** * Scans files, directories, etc. for Dependencies. Analyzers are loaded and * used to process the files found by the scan, if a file is encountered and an @@ -941,7 +941,7 @@ public class Engine implements FileFilter, AutoCloseable { && settings.getString(Settings.KEYS.DB_CONNECTION_STRING).contains("file:%s")) { H2DBLock lock = null; try { - File db = ConnectionFactory.getH2DataFile(settings); + final File db = ConnectionFactory.getH2DataFile(settings); if (db.isFile()) { database.close(); if (lockRequired) { @@ -949,12 +949,12 @@ public class Engine implements FileFilter, AutoCloseable { lock.lock(); } LOGGER.debug("copying database"); - File temp = settings.getTempDirectory(); - File tempDB = new File(temp, db.getName()); + final File temp = settings.getTempDirectory(); + final File tempDB = new File(temp, db.getName()); Files.copy(db.toPath(), tempDB.toPath()); LOGGER.debug("copying complete '{}'", temp.toPath()); settings.setString(Settings.KEYS.DATA_DIRECTORY, temp.getPath()); - String connStr = settings.getString(Settings.KEYS.DB_CONNECTION_STRING); + final String connStr = settings.getString(Settings.KEYS.DB_CONNECTION_STRING); settings.setString(Settings.KEYS.DB_CONNECTION_STRING, connStr + "ACCESS_MODE_DATA=r"); database = new CveDB(settings); } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java index 99ffd646a..442700b58 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java @@ -937,7 +937,7 @@ public class DependencyCheckScanAgent { LOGGER.error("Continuing execution"); } } - + settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate); settings.setStringIfNotEmpty(Settings.KEYS.PROXY_SERVER, proxyServer); settings.setStringIfNotEmpty(Settings.KEYS.PROXY_PORT, proxyPort); @@ -1028,7 +1028,6 @@ public class DependencyCheckScanAgent { final String msg = String.format("%n%nDependency-Check Failure:%n" + "One or more dependencies were identified with vulnerabilities that have a CVSS score greater than '%.1f': %s%n" + "See the dependency-check report for more details.%n%n", failBuildOnCVSS, ids.toString()); - throw new ScanAgentException(msg); } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/NspSearch.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/NspSearch.java index 7ca2da957..327952a25 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/NspSearch.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/NspSearch.java @@ -28,8 +28,6 @@ import java.net.URL; import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.List; -import java.util.Map; -import java.util.Set; import javax.annotation.concurrent.ThreadSafe; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.utils.Settings; @@ -40,7 +38,6 @@ import javax.json.Json; import javax.json.JsonArray; import javax.json.JsonObject; import javax.json.JsonReader; -import javax.json.JsonValue; import javax.json.JsonValue.ValueType; import static org.owasp.dependencycheck.analyzer.NspAnalyzer.DEFAULT_URL; import org.owasp.dependencycheck.utils.URLConnectionFailureException; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java index f66beb8d9..f21972f82 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java @@ -253,7 +253,7 @@ public final class ConnectionFactory { * cannot be created */ public static boolean h2DataFileExists(Settings configuration) throws IOException { - File file = getH2DataFile(configuration); + final File file = getH2DataFile(configuration); return file.exists(); } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java index 5dcfa4fab..f67ffb49d 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java @@ -50,9 +50,11 @@ import org.owasp.dependencycheck.utils.Settings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +//CSOFF: AvoidStarImport +import static org.owasp.dependencycheck.data.nvdcve.CveDB.PreparedStatementCveDb.*; +//CSON: AvoidStarImport import static org.apache.commons.collections.map.AbstractReferenceMap.HARD; import static org.apache.commons.collections.map.AbstractReferenceMap.SOFT; -import static org.owasp.dependencycheck.data.nvdcve.CveDB.PreparedStatementCveDb.*; /** * The database holding information about the NVD CVE data. This class is safe diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve20Handler.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve20Handler.java index 4e715c32b..eaba27b78 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve20Handler.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve20Handler.java @@ -33,8 +33,9 @@ import org.xml.sax.Attributes; import org.xml.sax.SAXException; import org.xml.sax.SAXNotSupportedException; import org.xml.sax.helpers.DefaultHandler; - +//CSOFF: AvoidStarImport import static org.owasp.dependencycheck.data.update.nvd.NvdCve20Handler.AttributeValues.*; +//CSON: AvoidStarImport /** * A SAX Handler that will parse the NVD CVE XML (schema version 2.0). diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBLock.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBLock.java index 4f7b83307..001d9141c 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBLock.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBLock.java @@ -18,8 +18,6 @@ package org.owasp.dependencycheck.utils; import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; import java.io.IOException; import java.io.RandomAccessFile; import java.nio.channels.FileLock; @@ -78,8 +76,8 @@ public class H2DBLock { */ public H2DBLock(Settings settings) { this.settings = settings; - byte[] random = new byte[16]; - SecureRandom gen = new SecureRandom(); + final byte[] random = new byte[16]; + final SecureRandom gen = new SecureRandom(); gen.nextBytes(random); magic = Checksum.getHex(random); } @@ -122,13 +120,13 @@ public class H2DBLock { file.getChannel().force(true); Thread.sleep(20); file.seek(0); - String current = file.readLine(); + final String current = file.readLine(); if (current != null && !current.equals(magic)) { lock.close(); lock = null; LOGGER.debug("Another process obtained a lock first ({})", Thread.currentThread().getName()); } else { - Timestamp timestamp = new Timestamp(System.currentTimeMillis()); + final Timestamp timestamp = new Timestamp(System.currentTimeMillis()); LOGGER.debug("Lock file created ({}) {} @ {}", Thread.currentThread().getName(), magic, timestamp.toString()); } } @@ -146,7 +144,7 @@ public class H2DBLock { } if (lock == null || !lock.isValid()) { try { - Timestamp timestamp = new Timestamp(System.currentTimeMillis()); + final Timestamp timestamp = new Timestamp(System.currentTimeMillis()); LOGGER.debug("Sleeping thread {} ({}) for 10 seconds because an exclusive lock on the database could not be obtained ({})", Thread.currentThread().getName(), magic, timestamp.toString()); Thread.sleep(SLEEP_DURATION); @@ -186,7 +184,7 @@ public class H2DBLock { } if (lockFile != null && lockFile.isFile()) { try (RandomAccessFile f = new RandomAccessFile(lockFile, "rw")) { - String m = f.readLine(); + final String m = f.readLine(); //yes, we are explicitly calling close on an auto-closable object - this is so we can delete the file. f.close(); if (m != null && m.equals(magic) && !lockFile.delete()) { @@ -198,7 +196,7 @@ public class H2DBLock { } } lockFile = null; - Timestamp timestamp = new Timestamp(System.currentTimeMillis()); + final Timestamp timestamp = new Timestamp(System.currentTimeMillis()); LOGGER.debug("Lock released ({}) {} @ {}", Thread.currentThread().getName(), magic, timestamp.toString()); }