From 5b1f632035eed407af0c1a9885875304e7e4520a Mon Sep 17 00:00:00 2001 From: Dale Visser Date: Wed, 17 Jun 2015 15:51:06 -0400 Subject: [PATCH] Isolated sources of deprecation warnings, and added warning suppression annotations. Also added a minor Enumeration -> Enumeration "fix" Former-commit-id: ccfe52d9ed50977ce73b928b09232d8635d7fcf2 --- .../dependencycheck/analyzer/JarAnalyzer.java | 13 ++++++++++--- .../dependency/VulnerableSoftware.java | 15 ++++++++++++++- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index a424d1d79..9446f5fe2 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -122,6 +122,13 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { "ipojo-components", "ipojo-extension", "eclipse-sourcereferences"); + /** + * Deprecated Jar manifest attribute, that is, nonetheless, useful for + * analysis. + */ + @SuppressWarnings("deprecation") + private static final String IMPLEMENTATION_VENDOR_ID = Attributes.Name.IMPLEMENTATION_VENDOR_ID + .toString(); /** * item in some manifest, should be considered medium confidence. */ @@ -677,7 +684,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { foundSomething = true; vendorEvidence.addEvidence(source, key, value, Confidence.HIGH); addMatchingValues(classInformation, value, vendorEvidence); - } else if (key.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_VENDOR_ID.toString())) { + } else if (key.equalsIgnoreCase(IMPLEMENTATION_VENDOR_ID)) { foundSomething = true; vendorEvidence.addEvidence(source, key, value, Confidence.MEDIUM); addMatchingValues(classInformation, value, vendorEvidence); @@ -926,9 +933,9 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { JarFile jar = null; try { jar = new JarFile(dependency.getActualFilePath()); - final Enumeration entries = jar.entries(); + final Enumeration entries = jar.entries(); while (entries.hasMoreElements()) { - final JarEntry entry = (JarEntry) entries.nextElement(); + final JarEntry entry = entries.nextElement(); final String name = entry.getName().toLowerCase(); //no longer stripping "|com\\.sun" - there are some com.sun jar files with CVEs. if (name.endsWith(".class") && !name.matches("^javax?\\..*$")) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java index 83fb20e08..5dee1cbf2 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java @@ -357,9 +357,22 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp try { result = URLDecoder.decode(text, "ASCII"); } catch (UnsupportedEncodingException ex1) { - result = URLDecoder.decode(text); + result = defaultUrlDecode(text); } } return result; } + + /** + * Call {@link java.net.URLDecoder#decode(String)} to URL decode using the + * default encoding. + * + * @param text + * www-form-encoded URL to decode + * @return the newly decoded String + */ + @SuppressWarnings("deprecation") + private String defaultUrlDecode(final String text) { + return URLDecoder.decode(text); + } }