github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-25 02:21:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

checkstyle suggestions

Browse Source
This commit is contained in:
Jeremy Long
2017-09-27 06:59:18 -04:00
parent 9c0a166b7d
commit cd018def91
7 changed files with 23 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
View File

@@ -42,9 +42,7 @@ import org.slf4j.LoggerFactory;
import java.io.File; import java.io.File;
import java.io.FileFilter; import java.io.FileFilter;
import java.io.IOException; import java.io.IOException;
import java.nio.file.CopyOption;
import java.nio.file.Files; import java.nio.file.Files;
import java.nio.file.StandardCopyOption;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
@@ -61,12 +59,14 @@ import java.util.concurrent.Executors;
import java.util.concurrent.Future; import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import javax.annotation.concurrent.NotThreadSafe; import javax.annotation.concurrent.NotThreadSafe;
import static org.owasp.dependencycheck.analyzer.AnalysisPhase.*;
import org.owasp.dependencycheck.exception.H2DBLockException; import org.owasp.dependencycheck.exception.H2DBLockException;
import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.H2DBLock; import org.owasp.dependencycheck.utils.H2DBLock;
//CSOFF: AvoidStarImport
import static org.owasp.dependencycheck.analyzer.AnalysisPhase.*;
//CSON: AvoidStarImport
/** /**
* Scans files, directories, etc. for Dependencies. Analyzers are loaded and * Scans files, directories, etc. for Dependencies. Analyzers are loaded and
* used to process the files found by the scan, if a file is encountered and an * used to process the files found by the scan, if a file is encountered and an
@@ -941,7 +941,7 @@ public class Engine implements FileFilter, AutoCloseable {
&& settings.getString(Settings.KEYS.DB_CONNECTION_STRING).contains("file:%s")) { && settings.getString(Settings.KEYS.DB_CONNECTION_STRING).contains("file:%s")) {
H2DBLock lock = null; H2DBLock lock = null;
try { try {
File db = ConnectionFactory.getH2DataFile(settings); final File db = ConnectionFactory.getH2DataFile(settings);
if (db.isFile()) { if (db.isFile()) {
database.close(); database.close();
if (lockRequired) { if (lockRequired) {
@@ -949,12 +949,12 @@ public class Engine implements FileFilter, AutoCloseable {
lock.lock(); lock.lock();
} }
LOGGER.debug("copying database"); LOGGER.debug("copying database");
File temp = settings.getTempDirectory(); final File temp = settings.getTempDirectory();
File tempDB = new File(temp, db.getName()); final File tempDB = new File(temp, db.getName());
Files.copy(db.toPath(), tempDB.toPath()); Files.copy(db.toPath(), tempDB.toPath());
LOGGER.debug("copying complete '{}'", temp.toPath()); LOGGER.debug("copying complete '{}'", temp.toPath());
settings.setString(Settings.KEYS.DATA_DIRECTORY, temp.getPath()); settings.setString(Settings.KEYS.DATA_DIRECTORY, temp.getPath());
String connStr = settings.getString(Settings.KEYS.DB_CONNECTION_STRING); final String connStr = settings.getString(Settings.KEYS.DB_CONNECTION_STRING);
settings.setString(Settings.KEYS.DB_CONNECTION_STRING, connStr + "ACCESS_MODE_DATA=r"); settings.setString(Settings.KEYS.DB_CONNECTION_STRING, connStr + "ACCESS_MODE_DATA=r");
database = new CveDB(settings); database = new CveDB(settings);
} }

1
dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java
View File

@@ -1028,7 +1028,6 @@ public class DependencyCheckScanAgent {
final String msg = String.format("%n%nDependency-Check Failure:%n" final String msg = String.format("%n%nDependency-Check Failure:%n"
+ "One or more dependencies were identified with vulnerabilities that have a CVSS score greater than '%.1f': %s%n" + "One or more dependencies were identified with vulnerabilities that have a CVSS score greater than '%.1f': %s%n"
+ "See the dependency-check report for more details.%n%n", failBuildOnCVSS, ids.toString()); + "See the dependency-check report for more details.%n%n", failBuildOnCVSS, ids.toString());
throw new ScanAgentException(msg); throw new ScanAgentException(msg);
} }
} }

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/NspSearch.java
View File

@@ -28,8 +28,6 @@ import java.net.URL;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.concurrent.ThreadSafe; import javax.annotation.concurrent.ThreadSafe;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.utils.Settings;
@@ -40,7 +38,6 @@ import javax.json.Json;
import javax.json.JsonArray; import javax.json.JsonArray;
import javax.json.JsonObject; import javax.json.JsonObject;
import javax.json.JsonReader; import javax.json.JsonReader;
import javax.json.JsonValue;
import javax.json.JsonValue.ValueType; import javax.json.JsonValue.ValueType;
import static org.owasp.dependencycheck.analyzer.NspAnalyzer.DEFAULT_URL; import static org.owasp.dependencycheck.analyzer.NspAnalyzer.DEFAULT_URL;
import org.owasp.dependencycheck.utils.URLConnectionFailureException; import org.owasp.dependencycheck.utils.URLConnectionFailureException;

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java
View File

@@ -253,7 +253,7 @@ public final class ConnectionFactory {
* cannot be created * cannot be created
*/ */
public static boolean h2DataFileExists(Settings configuration) throws IOException { public static boolean h2DataFileExists(Settings configuration) throws IOException {
File file = getH2DataFile(configuration); final File file = getH2DataFile(configuration);
return file.exists(); return file.exists();
} }

4
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
View File

@@ -50,9 +50,11 @@ import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
//CSOFF: AvoidStarImport
import static org.owasp.dependencycheck.data.nvdcve.CveDB.PreparedStatementCveDb.*;
//CSON: AvoidStarImport
import static org.apache.commons.collections.map.AbstractReferenceMap.HARD; import static org.apache.commons.collections.map.AbstractReferenceMap.HARD;
import static org.apache.commons.collections.map.AbstractReferenceMap.SOFT; import static org.apache.commons.collections.map.AbstractReferenceMap.SOFT;
import static org.owasp.dependencycheck.data.nvdcve.CveDB.PreparedStatementCveDb.*;
/** /**
* The database holding information about the NVD CVE data. This class is safe * The database holding information about the NVD CVE data. This class is safe

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve20Handler.java
View File

@@ -33,8 +33,9 @@ import org.xml.sax.Attributes;
import org.xml.sax.SAXException; import org.xml.sax.SAXException;
import org.xml.sax.SAXNotSupportedException; import org.xml.sax.SAXNotSupportedException;
import org.xml.sax.helpers.DefaultHandler; import org.xml.sax.helpers.DefaultHandler;
//CSOFF: AvoidStarImport
import static org.owasp.dependencycheck.data.update.nvd.NvdCve20Handler.AttributeValues.*; import static org.owasp.dependencycheck.data.update.nvd.NvdCve20Handler.AttributeValues.*;
//CSON: AvoidStarImport
/** /**
* A SAX Handler that will parse the NVD CVE XML (schema version 2.0). * A SAX Handler that will parse the NVD CVE XML (schema version 2.0).

16
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBLock.java
View File

@@ -18,8 +18,6 @@
package org.owasp.dependencycheck.utils; package org.owasp.dependencycheck.utils;
import java.io.File; import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException; import java.io.IOException;
import java.io.RandomAccessFile; import java.io.RandomAccessFile;
import java.nio.channels.FileLock; import java.nio.channels.FileLock;
@@ -78,8 +76,8 @@ public class H2DBLock {
*/ */
public H2DBLock(Settings settings) { public H2DBLock(Settings settings) {
this.settings = settings; this.settings = settings;
byte[] random = new byte[16]; final byte[] random = new byte[16];
SecureRandom gen = new SecureRandom(); final SecureRandom gen = new SecureRandom();
gen.nextBytes(random); gen.nextBytes(random);
magic = Checksum.getHex(random); magic = Checksum.getHex(random);
} }
@@ -122,13 +120,13 @@ public class H2DBLock {
file.getChannel().force(true); file.getChannel().force(true);
Thread.sleep(20); Thread.sleep(20);
file.seek(0); file.seek(0);
String current = file.readLine(); final String current = file.readLine();
if (current != null && !current.equals(magic)) { if (current != null && !current.equals(magic)) {
lock.close(); lock.close();
lock = null; lock = null;
LOGGER.debug("Another process obtained a lock first ({})", Thread.currentThread().getName()); LOGGER.debug("Another process obtained a lock first ({})", Thread.currentThread().getName());
} else { } else {
Timestamp timestamp = new Timestamp(System.currentTimeMillis()); final Timestamp timestamp = new Timestamp(System.currentTimeMillis());
LOGGER.debug("Lock file created ({}) {} @ {}", Thread.currentThread().getName(), magic, timestamp.toString()); LOGGER.debug("Lock file created ({}) {} @ {}", Thread.currentThread().getName(), magic, timestamp.toString());
} }
} }
@@ -146,7 +144,7 @@ public class H2DBLock {
} }
if (lock == null || !lock.isValid()) { if (lock == null || !lock.isValid()) {
try { try {
Timestamp timestamp = new Timestamp(System.currentTimeMillis()); final Timestamp timestamp = new Timestamp(System.currentTimeMillis());
LOGGER.debug("Sleeping thread {} ({}) for 10 seconds because an exclusive lock on the database could not be obtained ({})", LOGGER.debug("Sleeping thread {} ({}) for 10 seconds because an exclusive lock on the database could not be obtained ({})",
Thread.currentThread().getName(), magic, timestamp.toString()); Thread.currentThread().getName(), magic, timestamp.toString());
Thread.sleep(SLEEP_DURATION); Thread.sleep(SLEEP_DURATION);
@@ -186,7 +184,7 @@ public class H2DBLock {
} }
if (lockFile != null && lockFile.isFile()) { if (lockFile != null && lockFile.isFile()) {
try (RandomAccessFile f = new RandomAccessFile(lockFile, "rw")) { try (RandomAccessFile f = new RandomAccessFile(lockFile, "rw")) {
String m = f.readLine(); final String m = f.readLine();
//yes, we are explicitly calling close on an auto-closable object - this is so we can delete the file. //yes, we are explicitly calling close on an auto-closable object - this is so we can delete the file.
f.close(); f.close();
if (m != null && m.equals(magic) && !lockFile.delete()) { if (m != null && m.equals(magic) && !lockFile.delete()) {
@@ -198,7 +196,7 @@ public class H2DBLock {
} }
} }
lockFile = null; lockFile = null;
Timestamp timestamp = new Timestamp(System.currentTimeMillis()); final Timestamp timestamp = new Timestamp(System.currentTimeMillis());
LOGGER.debug("Lock released ({}) {} @ {}", Thread.currentThread().getName(), magic, timestamp.toString()); LOGGER.debug("Lock released ({}) {} @ {}", Thread.currentThread().getName(), magic, timestamp.toString());
} }