mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-16 00:33:46 +01:00
Jeremy Long
@@ -147,7 +147,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
|
||||
// First, see if there was an error
|
||||
final String error = xpath.evaluate("/assembly/error", doc);
|
||||
if (error != null && !"".equals(error)) {
|
||||
if (error != null && !error.isEmpty()) {
|
||||
throw new AnalysisException(error);
|
||||
}
|
||||
|
||||
@@ -246,7 +246,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
final Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(p.getInputStream());
|
||||
final XPath xpath = XPathFactory.newInstance().newXPath();
|
||||
final String error = xpath.evaluate("/assembly/error", doc);
|
||||
if (p.waitFor() != 1 || error == null || "".equals(error)) {
|
||||
if (p.waitFor() != 1 || error == null || error.isEmpty()) {
|
||||
LOGGER.warn("An error occurred with the .NET AssemblyAnalyzer, please see the log for more details.");
|
||||
LOGGER.debug("GrokAssembly.exe is not working properly");
|
||||
grokAssemblyExe = null;
|
||||
|
||||
@@ -339,7 +339,7 @@ public class CPEAnalyzer implements Analyzer {
|
||||
|
||||
final String cleanText = cleanseText(searchText);
|
||||
|
||||
if ("".equals(cleanText)) {
|
||||
if (cleanText.isEmpty()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@@ -151,7 +151,7 @@ public final class CpeMemoryIndex {
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
private Analyzer createIndexingAnalyzer() {
|
||||
final Map fieldAnalyzers = new HashMap();
|
||||
final Map<String,Analyzer> fieldAnalyzers = new HashMap<String, Analyzer>();
|
||||
fieldAnalyzers.put(Fields.DOCUMENT_KEY, new KeywordAnalyzer());
|
||||
return new PerFieldAnalyzerWrapper(new FieldAnalyzer(LuceneUtils.CURRENT_VERSION), fieldAnalyzers);
|
||||
}
|
||||
|
||||
@@ -132,10 +132,10 @@ public class NexusSearch {
|
||||
"/org.sonatype.nexus.rest.model.NexusArtifact/pomLink",
|
||||
doc);
|
||||
final MavenArtifact ma = new MavenArtifact(groupId, artifactId, version);
|
||||
if (link != null && !"".equals(link)) {
|
||||
if (link != null && !link.isEmpty()) {
|
||||
ma.setArtifactUrl(link);
|
||||
}
|
||||
if (pomLink != null && !"".equals(pomLink)) {
|
||||
if (pomLink != null && !pomLink.isEmpty()) {
|
||||
ma.setPomUrl(pomLink);
|
||||
}
|
||||
return ma;
|
||||
|
||||
@@ -340,7 +340,6 @@ public class CveDB {
|
||||
* @throws DatabaseException thrown if there is an exception retrieving data
|
||||
*/
|
||||
public List<Vulnerability> getVulnerabilities(String cpeStr) throws DatabaseException {
|
||||
ResultSet rs = null;
|
||||
final VulnerableSoftware cpe = new VulnerableSoftware();
|
||||
try {
|
||||
cpe.parseName(cpeStr);
|
||||
@@ -350,7 +349,8 @@ public class CveDB {
|
||||
final DependencyVersion detectedVersion = parseDependencyVersion(cpe);
|
||||
final List<Vulnerability> vulnerabilities = new ArrayList<Vulnerability>();
|
||||
|
||||
PreparedStatement ps;
|
||||
PreparedStatement ps = null;
|
||||
ResultSet rs = null;
|
||||
try {
|
||||
ps = getConnection().prepareStatement(statementBundle.getString("SELECT_CVE_FROM_SOFTWARE"));
|
||||
ps.setString(1, cpe.getVendor());
|
||||
@@ -384,12 +384,11 @@ public class CveDB {
|
||||
v.setMatchedCPE(matchedCPE.getKey(), matchedCPE.getValue() ? "Y" : null);
|
||||
vulnerabilities.add(v);
|
||||
}
|
||||
DBUtils.closeResultSet(rs);
|
||||
DBUtils.closeStatement(ps);
|
||||
} catch (SQLException ex) {
|
||||
throw new DatabaseException("Exception retrieving vulnerability for " + cpeStr, ex);
|
||||
} finally {
|
||||
DBUtils.closeResultSet(rs);
|
||||
DBUtils.closeStatement(ps);
|
||||
}
|
||||
return vulnerabilities;
|
||||
}
|
||||
@@ -767,9 +766,9 @@ public class CveDB {
|
||||
* @return a dependency version
|
||||
*/
|
||||
private DependencyVersion parseDependencyVersion(VulnerableSoftware cpe) {
|
||||
DependencyVersion cpeVersion;
|
||||
final DependencyVersion cpeVersion;
|
||||
if (cpe.getVersion() != null && !cpe.getVersion().isEmpty()) {
|
||||
String versionText;
|
||||
final String versionText;
|
||||
if (cpe.getUpdate() != null && !cpe.getUpdate().isEmpty()) {
|
||||
versionText = String.format("%s.%s", cpe.getVersion(), cpe.getUpdate());
|
||||
} else {
|
||||
|
||||
@@ -43,6 +43,10 @@ import org.slf4j.LoggerFactory;
|
||||
*/
|
||||
public class Dependency implements Serializable, Comparable<Dependency> {
|
||||
|
||||
/**
|
||||
* The serial version UID for serialization.
|
||||
*/
|
||||
private static final long serialVersionUID = 1L;
|
||||
/**
|
||||
* The logger.
|
||||
*/
|
||||
|
||||
@@ -29,6 +29,10 @@ import java.io.Serializable;
|
||||
*/
|
||||
public class Evidence implements Serializable, Comparable<Evidence> {
|
||||
|
||||
/**
|
||||
* The serial version UID for serialization.
|
||||
*/
|
||||
private static final long serialVersionUID = 1L;
|
||||
/**
|
||||
* Used as starting point for generating the value in {@link #hashCode()}.
|
||||
*/
|
||||
|
||||
@@ -39,6 +39,10 @@ import org.slf4j.LoggerFactory;
|
||||
*/
|
||||
public class EvidenceCollection implements Serializable, Iterable<Evidence> {
|
||||
|
||||
/**
|
||||
* The serial version UID for serialization.
|
||||
*/
|
||||
private static final long serialVersionUID = 1L;
|
||||
/**
|
||||
* The logger.
|
||||
*/
|
||||
|
||||
@@ -25,6 +25,11 @@ import java.io.Serializable;
|
||||
*/
|
||||
public class Identifier implements Serializable, Comparable<Identifier> {
|
||||
|
||||
/**
|
||||
* The serial version UID for serialization.
|
||||
*/
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
* Default constructor. Should only be used for automatic class
|
||||
* creation as is the case with many XML parsers (for the parsing
|
||||
|
||||
@@ -26,6 +26,11 @@ import java.io.IOException;
|
||||
*/
|
||||
public class SuppressionParseException extends IOException {
|
||||
|
||||
/**
|
||||
* The serial version UID for serialization.
|
||||
*/
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
* Creates a new SuppressionParseException.
|
||||
*/
|
||||
|
||||
@@ -37,7 +37,7 @@ import org.apache.commons.lang3.StringUtils;
|
||||
*
|
||||
* @author Jeremy Long
|
||||
*/
|
||||
public class DependencyVersion implements Iterable, Comparable<DependencyVersion> {
|
||||
public class DependencyVersion implements Iterable<String>, Comparable<DependencyVersion> {
|
||||
|
||||
/**
|
||||
* Constructor for a empty DependencyVersion.
|
||||
@@ -103,7 +103,7 @@ public class DependencyVersion implements Iterable, Comparable<DependencyVersion
|
||||
*
|
||||
* @return an iterator for the version parts
|
||||
*/
|
||||
public Iterator iterator() {
|
||||
public Iterator<String> iterator() {
|
||||
return versionParts.iterator();
|
||||
}
|
||||
|
||||
|
||||
@@ -26,6 +26,11 @@ import java.io.IOException;
|
||||
*/
|
||||
public class PomParseException extends IOException {
|
||||
|
||||
/**
|
||||
* The serial version UID for serialization.
|
||||
*/
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
* Creates a new SuppressionParseException.
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user