Merge pull request #344 from awhitford/DbOpts

Db opts

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java

@@ -147,7 +147,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
 
             // First, see if there was an error
             final String error = xpath.evaluate("/assembly/error", doc);
-            if (error != null && !"".equals(error)) {
+            if (error != null && !error.isEmpty()) {
                 throw new AnalysisException(error);
             }
 
@@ -246,7 +246,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
             final Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(p.getInputStream());
             final XPath xpath = XPathFactory.newInstance().newXPath();
             final String error = xpath.evaluate("/assembly/error", doc);
-            if (p.waitFor() != 1 || error == null || "".equals(error)) {
+            if (p.waitFor() != 1 || error == null || error.isEmpty()) {
                 LOGGER.warn("An error occurred with the .NET AssemblyAnalyzer, please see the log for more details.");
                 LOGGER.debug("GrokAssembly.exe is not working properly");
                 grokAssemblyExe = null;

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java

@@ -339,7 +339,7 @@ public class CPEAnalyzer implements Analyzer {
 
         final String cleanText = cleanseText(searchText);
 
-        if ("".equals(cleanText)) {
+        if (cleanText.isEmpty()) {
             return false;
         }
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java

@@ -151,7 +151,7 @@ public final class CpeMemoryIndex {
      */
     @SuppressWarnings("unchecked")
     private Analyzer createIndexingAnalyzer() {
-        final Map fieldAnalyzers = new HashMap();
+        final Map<String,Analyzer> fieldAnalyzers = new HashMap<String, Analyzer>();
         fieldAnalyzers.put(Fields.DOCUMENT_KEY, new KeywordAnalyzer());
         return new PerFieldAnalyzerWrapper(new FieldAnalyzer(LuceneUtils.CURRENT_VERSION), fieldAnalyzers);
     }

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusSearch.java

@@ -132,10 +132,10 @@ public class NexusSearch {
                                 "/org.sonatype.nexus.rest.model.NexusArtifact/pomLink",
                                 doc);
                 final MavenArtifact ma = new MavenArtifact(groupId, artifactId, version);
-                if (link != null && !"".equals(link)) {
+                if (link != null && !link.isEmpty()) {
                     ma.setArtifactUrl(link);
                 }
-                if (pomLink != null && !"".equals(pomLink)) {
+                if (pomLink != null && !pomLink.isEmpty()) {
                     ma.setPomUrl(pomLink);
                 }
                 return ma;

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java

@@ -340,7 +340,6 @@ public class CveDB {
      * @throws DatabaseException thrown if there is an exception retrieving data
      */
     public List<Vulnerability> getVulnerabilities(String cpeStr) throws DatabaseException {
-        ResultSet rs = null;
         final VulnerableSoftware cpe = new VulnerableSoftware();
         try {
             cpe.parseName(cpeStr);
@@ -350,7 +349,8 @@ public class CveDB {
         final DependencyVersion detectedVersion = parseDependencyVersion(cpe);
         final List<Vulnerability> vulnerabilities = new ArrayList<Vulnerability>();
 
-        PreparedStatement ps;
+        PreparedStatement ps = null;
+        ResultSet rs = null;
         try {
             ps = getConnection().prepareStatement(statementBundle.getString("SELECT_CVE_FROM_SOFTWARE"));
             ps.setString(1, cpe.getVendor());
@@ -384,12 +384,11 @@ public class CveDB {
                 v.setMatchedCPE(matchedCPE.getKey(), matchedCPE.getValue() ? "Y" : null);
                 vulnerabilities.add(v);
             }
-            DBUtils.closeResultSet(rs);
-            DBUtils.closeStatement(ps);
         } catch (SQLException ex) {
             throw new DatabaseException("Exception retrieving vulnerability for " + cpeStr, ex);
         } finally {
             DBUtils.closeResultSet(rs);
+            DBUtils.closeStatement(ps);
         }
         return vulnerabilities;
     }
@@ -767,9 +766,9 @@ public class CveDB {
      * @return a dependency version
      */
     private DependencyVersion parseDependencyVersion(VulnerableSoftware cpe) {
-        DependencyVersion cpeVersion;
+        final DependencyVersion cpeVersion;
         if (cpe.getVersion() != null && !cpe.getVersion().isEmpty()) {
-            String versionText;
+            final String versionText;
             if (cpe.getUpdate() != null && !cpe.getUpdate().isEmpty()) {
                 versionText = String.format("%s.%s", cpe.getVersion(), cpe.getUpdate());
             } else {

dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java

@@ -43,6 +43,10 @@ import org.slf4j.LoggerFactory;
  */
 public class Dependency implements Serializable, Comparable<Dependency> {
 
+    /**
+     * The serial version UID for serialization.
+     */
+    private static final long serialVersionUID = 1L;
     /**
      * The logger.
      */

dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java

@@ -29,6 +29,10 @@ import java.io.Serializable;
  */
 public class Evidence implements Serializable, Comparable<Evidence> {
 
+    /**
+     * The serial version UID for serialization.
+     */
+    private static final long serialVersionUID = 1L;
     /**
      * Used as starting point for generating the value in {@link #hashCode()}.
      */

dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java

@@ -39,6 +39,10 @@ import org.slf4j.LoggerFactory;
  */
 public class EvidenceCollection implements Serializable, Iterable<Evidence> {
 
+    /**
+     * The serial version UID for serialization.
+     */
+    private static final long serialVersionUID = 1L;
     /**
      * The logger.
      */

dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Identifier.java

@@ -25,6 +25,11 @@ import java.io.Serializable;
  */
 public class Identifier implements Serializable, Comparable<Identifier> {
 
+    /**
+     * The serial version UID for serialization.
+     */
+    private static final long serialVersionUID = 1L;
+
     /**
      * Default constructor. Should only be used for automatic class
      * creation as is the case with many XML parsers (for the parsing

dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionParseException.java

@@ -26,6 +26,11 @@ import java.io.IOException;
  */
 public class SuppressionParseException extends IOException {
 
+    /**
+     * The serial version UID for serialization.
+     */
+    private static final long serialVersionUID = 1L;
+
     /**
      * Creates a new SuppressionParseException.
      */

dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java

@@ -37,7 +37,7 @@ import org.apache.commons.lang3.StringUtils;
  *
  * @author Jeremy Long
  */
-public class DependencyVersion implements Iterable, Comparable<DependencyVersion> {
+public class DependencyVersion implements Iterable<String>, Comparable<DependencyVersion> {
 
     /**
      * Constructor for a empty DependencyVersion.
@@ -103,7 +103,7 @@ public class DependencyVersion implements Iterable, Comparable<DependencyVersion
      *
      * @return an iterator for the version parts
      */
-    public Iterator iterator() {
+    public Iterator<String> iterator() {
         return versionParts.iterator();
     }
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/PomParseException.java

@@ -26,6 +26,11 @@ import java.io.IOException;
  */
 public class PomParseException extends IOException {
 
+    /**
+     * The serial version UID for serialization.
+     */
+    private static final long serialVersionUID = 1L;
+
     /**
      * Creates a new SuppressionParseException.
      */