github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-06 08:00:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

formating and codacy recommended updates

Browse Source
This commit is contained in:
Jeremy Long
2017-02-17 12:03:11 -05:00
parent d6f1351f6b
commit d6c9fea354
32 changed files with 444 additions and 524 deletions
Download Patch File Download Diff File Expand all files Collapse all files

329
dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java
View File

@@ -53,16 +53,159 @@ public class Check extends Update {
* System specific new line character.
*/
private static final String NEW_LINE = System.getProperty("line.separator", "\n").intern();
/**
* Whether the ruby gemspec analyzer should be enabled.
*/
private Boolean rubygemsAnalyzerEnabled;
/**
* Whether or not the Node.js Analyzer is enabled.
*/
private Boolean nodeAnalyzerEnabled;
/**
* Whether or not the Ruby Bundle Audit Analyzer is enabled.
*/
private Boolean bundleAuditAnalyzerEnabled;
/**
* Whether the CMake analyzer should be enabled.
*/
private Boolean cmakeAnalyzerEnabled;
/**
* Construct a new DependencyCheckTask.
* Whether or not the openssl analyzer is enabled.
*/
public Check() {
super();
// Call this before Dependency Check Core starts logging anything - this way, all SLF4J messages from
// core end up coming through this tasks logger
StaticLoggerBinder.getSingleton().setTask(this);
}
private Boolean opensslAnalyzerEnabled;
/**
* Whether the python package analyzer should be enabled.
*/
private Boolean pyPackageAnalyzerEnabled;
/**
* Whether the python distribution analyzer should be enabled.
*/
private Boolean pyDistributionAnalyzerEnabled;
/**
* Whether or not the central analyzer is enabled.
*/
private Boolean centralAnalyzerEnabled;
/**
* Whether or not the nexus analyzer is enabled.
*/
private Boolean nexusAnalyzerEnabled;
/**
* The URL of a Nexus server's REST API end point
* (http://domain/nexus/service/local).
*/
private String nexusUrl;
/**
* Whether or not the defined proxy should be used when connecting to Nexus.
*/
private Boolean nexusUsesProxy;
/**
* Additional ZIP File extensions to add analyze. This should be a
* comma-separated list of file extensions to treat like ZIP files.
*/
private String zipExtensions;
/**
* The path to Mono for .NET assembly analysis on non-windows systems.
*/
private String pathToMono;
/**
* The application name for the report.
*
* @deprecated use projectName instead.
*/
@Deprecated
private String applicationName = null;
/**
* The name of the project being analyzed.
*/
private String projectName = "dependency-check";
/**
* Specifies the destination directory for the generated Dependency-Check
* report.
*/
private String reportOutputDirectory = ".";
/**
* Specifies if the build should be failed if a CVSS score above a specified
* level is identified. The default is 11 which means since the CVSS scores
* are 0-10, by default the build will never fail and the CVSS score is set
* to 11. The valid range for the fail build on CVSS is 0 to 11, where
* anything above 10 will not cause the build to fail.
*/
private float failBuildOnCVSS = 11;
/**
* Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not
* recommended that this be turned to false. Default is true.
*/
private Boolean autoUpdate;
/**
* Whether only the update phase should be executed.
*
* @deprecated Use the update task instead
*/
@Deprecated
private boolean updateOnly = false;
/**
* The report format to be generated (HTML, XML, VULN, ALL). Default is
* HTML.
*/
private String reportFormat = "HTML";
/**
* The path to the suppression file.
*/
private String suppressionFile;
/**
* The path to the suppression file.
*/
private String hintsFile;
/**
* flag indicating whether or not to show a summary of findings.
*/
private boolean showSummary = true;
/**
* Whether experimental analyzers are enabled.
*/
private Boolean enableExperimental;
/**
* Whether or not the Jar Analyzer is enabled.
*/
private Boolean jarAnalyzerEnabled;
/**
* Whether or not the Archive Analyzer is enabled.
*/
private Boolean archiveAnalyzerEnabled;
/**
* Whether or not the .NET Nuspec Analyzer is enabled.
*/
private Boolean nuspecAnalyzerEnabled;
/**
* Whether or not the PHP Composer Analyzer is enabled.
*/
private Boolean composerAnalyzerEnabled;
/**
* Whether or not the .NET Assembly Analyzer is enabled.
*/
private Boolean assemblyAnalyzerEnabled; /**
* Whether the autoconf analyzer should be enabled.
*/
private Boolean autoconfAnalyzerEnabled;
/**
* Sets the path for the bundle-audit binary.
*/
private String bundleAuditPath;
/**
* Whether or not the CocoaPods Analyzer is enabled.
*/
private Boolean cocoapodsAnalyzerEnabled;
/**
* Whether or not the Swift package Analyzer is enabled.
*/
private Boolean swiftPackageManagerAnalyzerEnabled;
//The following code was copied Apache Ant PathConvert
//BEGIN COPY from org.apache.tools.ant.taskdefs.PathConvert
/**
@@ -140,13 +283,17 @@ public class Check extends Update {
}
}
// END COPY from org.apache.tools.ant.taskdefs
/**
* The application name for the report.
*
* @deprecated use projectName instead.
* Construct a new DependencyCheckTask.
*/
@Deprecated
private String applicationName = null;
public Check() {
super();
// Call this before Dependency Check Core starts logging anything - this way, all SLF4J messages from
// core end up coming through this tasks logger
StaticLoggerBinder.getSingleton().setTask(this);
}
/**
* Get the value of applicationName.
@@ -170,11 +317,6 @@ public class Check extends Update {
public void setApplicationName(String applicationName) {
this.applicationName = applicationName;
}
/**
* The name of the project being analyzed.
*/
private String projectName = "dependency-check";
/**
* Get the value of projectName.
*
@@ -199,12 +341,6 @@ public class Check extends Update {
this.projectName = projectName;
}
/**
* Specifies the destination directory for the generated Dependency-Check
* report.
*/
private String reportOutputDirectory = ".";
/**
* Get the value of reportOutputDirectory.
*
@@ -222,14 +358,6 @@ public class Check extends Update {
public void setReportOutputDirectory(String reportOutputDirectory) {
this.reportOutputDirectory = reportOutputDirectory;
}
/**
* Specifies if the build should be failed if a CVSS score above a specified
* level is identified. The default is 11 which means since the CVSS scores
* are 0-10, by default the build will never fail and the CVSS score is set
* to 11. The valid range for the fail build on CVSS is 0 to 11, where
* anything above 10 will not cause the build to fail.
*/
private float failBuildOnCVSS = 11;
/**
* Get the value of failBuildOnCVSS.
@@ -248,11 +376,6 @@ public class Check extends Update {
public void setFailBuildOnCVSS(float failBuildOnCVSS) {
this.failBuildOnCVSS = failBuildOnCVSS;
}
/**
* Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not
* recommended that this be turned to false. Default is true.
*/
private Boolean autoUpdate;
/**
* Get the value of autoUpdate.
@@ -271,13 +394,6 @@ public class Check extends Update {
public void setAutoUpdate(Boolean autoUpdate) {
this.autoUpdate = autoUpdate;
}
/**
* Whether only the update phase should be executed.
*
* @deprecated Use the update task instead
*/
@Deprecated
private boolean updateOnly = false;
/**
* Get the value of updateOnly.
@@ -301,12 +417,6 @@ public class Check extends Update {
this.updateOnly = updateOnly;
}
/**
* The report format to be generated (HTML, XML, VULN, ALL). Default is
* HTML.
*/
private String reportFormat = "HTML";
/**
* Get the value of reportFormat.
*
@@ -324,10 +434,6 @@ public class Check extends Update {
public void setReportFormat(ReportFormats reportFormat) {
this.reportFormat = reportFormat.getValue();
}
/**
* The path to the suppression file.
*/
private String suppressionFile;
/**
* Get the value of suppressionFile.
@@ -346,10 +452,6 @@ public class Check extends Update {
public void setSuppressionFile(String suppressionFile) {
this.suppressionFile = suppressionFile;
}
/**
* The path to the suppression file.
*/
private String hintsFile;
/**
* Get the value of hintsFile.
@@ -368,11 +470,6 @@ public class Check extends Update {
public void setHintsFile(String hintsFile) {
this.hintsFile = hintsFile;
}
/**
* flag indicating whether or not to show a summary of findings.
*/
private boolean showSummary = true;
/**
* Get the value of showSummary.
*
@@ -391,11 +488,6 @@ public class Check extends Update {
this.showSummary = showSummary;
}
/**
* Whether experimental analyzers are enabled.
*/
private Boolean enableExperimental;
/**
* Get the value of enableExperimental.
*
@@ -414,11 +506,6 @@ public class Check extends Update {
this.enableExperimental = enableExperimental;
}
/**
* Whether or not the Jar Analyzer is enabled.
*/
private Boolean jarAnalyzerEnabled;
/**
* Returns whether or not the analyzer is enabled.
*
@@ -436,10 +523,6 @@ public class Check extends Update {
public void setJarAnalyzerEnabled(Boolean jarAnalyzerEnabled) {
this.jarAnalyzerEnabled = jarAnalyzerEnabled;
}
/**
* Whether or not the Archive Analyzer is enabled.
*/
private Boolean archiveAnalyzerEnabled;
/**
* Returns whether or not the analyzer is enabled.
@@ -449,10 +532,6 @@ public class Check extends Update {
public Boolean isArchiveAnalyzerEnabled() {
return archiveAnalyzerEnabled;
}
/**
* Whether or not the .NET Assembly Analyzer is enabled.
*/
private Boolean assemblyAnalyzerEnabled;
/**
* Sets whether or not the analyzer is enabled.
@@ -480,10 +559,6 @@ public class Check extends Update {
public void setAssemblyAnalyzerEnabled(Boolean assemblyAnalyzerEnabled) {
this.assemblyAnalyzerEnabled = assemblyAnalyzerEnabled;
}
/**
* Whether or not the .NET Nuspec Analyzer is enabled.
*/
private Boolean nuspecAnalyzerEnabled;
/**
* Returns whether or not the analyzer is enabled.
@@ -502,10 +577,6 @@ public class Check extends Update {
public void setNuspecAnalyzerEnabled(Boolean nuspecAnalyzerEnabled) {
this.nuspecAnalyzerEnabled = nuspecAnalyzerEnabled;
}
/**
* Whether or not the PHP Composer Analyzer is enabled.
*/
private Boolean composerAnalyzerEnabled;
/**
* Get the value of composerAnalyzerEnabled.
@@ -524,10 +595,6 @@ public class Check extends Update {
public void setComposerAnalyzerEnabled(Boolean composerAnalyzerEnabled) {
this.composerAnalyzerEnabled = composerAnalyzerEnabled;
}
/**
* Whether the autoconf analyzer should be enabled.
*/
private Boolean autoconfAnalyzerEnabled;
/**
* Get the value of autoconfAnalyzerEnabled.
@@ -546,10 +613,6 @@ public class Check extends Update {
public void setAutoconfAnalyzerEnabled(Boolean autoconfAnalyzerEnabled) {
this.autoconfAnalyzerEnabled = autoconfAnalyzerEnabled;
}
/**
* Whether the CMake analyzer should be enabled.
*/
private Boolean cmakeAnalyzerEnabled;
/**
* Get the value of cmakeAnalyzerEnabled.
@@ -569,12 +632,6 @@ public class Check extends Update {
this.cmakeAnalyzerEnabled = cmakeAnalyzerEnabled;
}
//start changes
/**
* Whether or not the Ruby Bundle Audit Analyzer is enabled.
*/
private Boolean bundleAuditAnalyzerEnabled;
/**
* Returns if the Bundle Audit Analyzer is enabled.
*
@@ -594,11 +651,6 @@ public class Check extends Update {
this.bundleAuditAnalyzerEnabled = bundleAuditAnalyzerEnabled;
}
/**
* Sets the path for the bundle-audit binary.
*/
private String bundleAuditPath;
/**
* Returns the path to the bundle audit executable.
*
@@ -616,10 +668,6 @@ public class Check extends Update {
public void setBundleAuditPath(String bundleAuditPath) {
this.bundleAuditPath = bundleAuditPath;
}
/**
* Whether or not the CocoaPods Analyzer is enabled.
*/
private Boolean cocoapodsAnalyzerEnabled;
/**
* Returns if the cocoapods analyyzer is enabled.
@@ -639,11 +687,6 @@ public class Check extends Update {
this.cocoapodsAnalyzerEnabled = cocoapodsAnalyzerEnabled;
}
/**
* Whether or not the Swift package Analyzer is enabled.
*/
private Boolean swiftPackageManagerAnalyzerEnabled;
/**
* Returns whether or not the Swift package Analyzer is enabled.
*
@@ -662,12 +705,6 @@ public class Check extends Update {
public void setSwiftPackageManagerAnalyzerEnabled(Boolean swiftPackageManagerAnalyzerEnabled) {
this.swiftPackageManagerAnalyzerEnabled = swiftPackageManagerAnalyzerEnabled;
}
//end changes
/**
* Whether or not the openssl analyzer is enabled.
*/
private Boolean opensslAnalyzerEnabled;
/**
* Get the value of opensslAnalyzerEnabled.
@@ -686,10 +723,6 @@ public class Check extends Update {
public void setOpensslAnalyzerEnabled(Boolean opensslAnalyzerEnabled) {
this.opensslAnalyzerEnabled = opensslAnalyzerEnabled;
}
/**
* Whether or not the Node.js Analyzer is enabled.
*/
private Boolean nodeAnalyzerEnabled;
/**
* Get the value of nodeAnalyzerEnabled.
@@ -708,10 +741,6 @@ public class Check extends Update {
public void setNodeAnalyzerEnabled(Boolean nodeAnalyzerEnabled) {
this.nodeAnalyzerEnabled = nodeAnalyzerEnabled;
}
/**
* Whether the ruby gemspec analyzer should be enabled.
*/
private Boolean rubygemsAnalyzerEnabled;
/**
* Get the value of rubygemsAnalyzerEnabled.
@@ -730,10 +759,6 @@ public class Check extends Update {
public void setRubygemsAnalyzerEnabled(Boolean rubygemsAnalyzerEnabled) {
this.rubygemsAnalyzerEnabled = rubygemsAnalyzerEnabled;
}
/**
* Whether the python package analyzer should be enabled.
*/
private Boolean pyPackageAnalyzerEnabled;
/**
* Get the value of pyPackageAnalyzerEnabled.
@@ -753,11 +778,6 @@ public class Check extends Update {
this.pyPackageAnalyzerEnabled = pyPackageAnalyzerEnabled;
}
/**
* Whether the python distribution analyzer should be enabled.
*/
private Boolean pyDistributionAnalyzerEnabled;
/**
* Get the value of pyDistributionAnalyzerEnabled.
*
@@ -777,11 +797,6 @@ public class Check extends Update {
this.pyDistributionAnalyzerEnabled = pyDistributionAnalyzerEnabled;
}
/**
* Whether or not the central analyzer is enabled.
*/
private Boolean centralAnalyzerEnabled;
/**
* Get the value of centralAnalyzerEnabled.
*
@@ -800,11 +815,6 @@ public class Check extends Update {
this.centralAnalyzerEnabled = centralAnalyzerEnabled;
}
/**
* Whether or not the nexus analyzer is enabled.
*/
private Boolean nexusAnalyzerEnabled;
/**
* Get the value of nexusAnalyzerEnabled.
*
@@ -823,12 +833,6 @@ public class Check extends Update {
this.nexusAnalyzerEnabled = nexusAnalyzerEnabled;
}
/**
* The URL of a Nexus server's REST API end point
* (http://domain/nexus/service/local).
*/
private String nexusUrl;
/**
* Get the value of nexusUrl.
*
@@ -846,10 +850,6 @@ public class Check extends Update {
public void setNexusUrl(String nexusUrl) {
this.nexusUrl = nexusUrl;
}
/**
* Whether or not the defined proxy should be used when connecting to Nexus.
*/
private Boolean nexusUsesProxy;
/**
* Get the value of nexusUsesProxy.
@@ -869,12 +869,6 @@ public class Check extends Update {
this.nexusUsesProxy = nexusUsesProxy;
}
/**
* Additional ZIP File extensions to add analyze. This should be a
* comma-separated list of file extensions to treat like ZIP files.
*/
private String zipExtensions;
/**
* Get the value of zipExtensions.
*
@@ -893,11 +887,6 @@ public class Check extends Update {
this.zipExtensions = zipExtensions;
}
/**
* The path to Mono for .NET assembly analysis on non-windows systems.
*/
private String pathToMono;
/**
* Get the value of pathToMono.
*

130
dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Update.java
View File

@@ -34,6 +34,67 @@ import org.slf4j.impl.StaticLoggerBinder;
*/
public class Update extends Purge {
/**
* The Proxy Server.
*/
private String proxyServer;
/**
* The Proxy Port.
*/
private String proxyPort;
/**
* The Proxy username.
*/
private String proxyUsername;
/**
* The Proxy password.
*/
private String proxyPassword;
/**
* The Connection Timeout.
*/
private String connectionTimeout;
/**
* The database driver name; such as org.h2.Driver.
*/
private String databaseDriverName;
/**
* The path to the database driver JAR file if it is not on the class path.
*/
private String databaseDriverPath;
/**
* The database connection string.
*/
private String connectionString;
/**
* The user name for connecting to the database.
*/
private String databaseUser;
/**
* The password to use when connecting to the database.
*/
private String databasePassword;
/**
* The url for the modified NVD CVE (1.2 schema).
*/
private String cveUrl12Modified;
/**
* Base Data Mirror URL for CVE 1.2.
*/
private String cveUrl12Base;
/**
* Data Mirror URL for CVE 2.0.
*/
private String cveUrl20Base;
/**
* The number of hours to wait before re-checking for updates.
*/
private Integer cveValidForHours;
/**
* The url for the modified NVD CVE (2.0 schema).
*/
private String cveUrl20Modified;
/**
* Construct a new UpdateTask.
*/
@@ -44,11 +105,6 @@ public class Update extends Purge {
StaticLoggerBinder.getSingleton().setTask(this);
}
/**
* The Proxy Server.
*/
private String proxyServer;
/**
* Get the value of proxyServer.
*
@@ -67,11 +123,6 @@ public class Update extends Purge {
this.proxyServer = server;
}
/**
* The Proxy Port.
*/
private String proxyPort;
/**
* Get the value of proxyPort.
*
@@ -89,10 +140,6 @@ public class Update extends Purge {
public void setProxyPort(String proxyPort) {
this.proxyPort = proxyPort;
}
/**
* The Proxy username.
*/
private String proxyUsername;
/**
* Get the value of proxyUsername.
@@ -111,10 +158,6 @@ public class Update extends Purge {
public void setProxyUsername(String proxyUsername) {
this.proxyUsername = proxyUsername;
}
/**
* The Proxy password.
*/
private String proxyPassword;
/**
* Get the value of proxyPassword.
@@ -133,10 +176,6 @@ public class Update extends Purge {
public void setProxyPassword(String proxyPassword) {
this.proxyPassword = proxyPassword;
}
/**
* The Connection Timeout.
*/
private String connectionTimeout;
/**
* Get the value of connectionTimeout.
@@ -155,10 +194,6 @@ public class Update extends Purge {
public void setConnectionTimeout(String connectionTimeout) {
this.connectionTimeout = connectionTimeout;
}
/**
* The database driver name; such as org.h2.Driver.
*/
private String databaseDriverName;
/**
* Get the value of databaseDriverName.
@@ -178,11 +213,6 @@ public class Update extends Purge {
this.databaseDriverName = databaseDriverName;
}
/**
* The path to the database driver JAR file if it is not on the class path.
*/
private String databaseDriverPath;
/**
* Get the value of databaseDriverPath.
*
@@ -200,10 +230,6 @@ public class Update extends Purge {
public void setDatabaseDriverPath(String databaseDriverPath) {
this.databaseDriverPath = databaseDriverPath;
}
/**
* The database connection string.
*/
private String connectionString;
/**
* Get the value of connectionString.
@@ -222,10 +248,6 @@ public class Update extends Purge {
public void setConnectionString(String connectionString) {
this.connectionString = connectionString;
}
/**
* The user name for connecting to the database.
*/
private String databaseUser;
/**
* Get the value of databaseUser.
@@ -245,11 +267,6 @@ public class Update extends Purge {
this.databaseUser = databaseUser;
}
/**
* The password to use when connecting to the database.
*/
private String databasePassword;
/**
* Get the value of databasePassword.
*
@@ -268,11 +285,6 @@ public class Update extends Purge {
this.databasePassword = databasePassword;
}
/**
* The url for the modified NVD CVE (1.2 schema).
*/
private String cveUrl12Modified;
/**
* Get the value of cveUrl12Modified.
*
@@ -291,11 +303,6 @@ public class Update extends Purge {
this.cveUrl12Modified = cveUrl12Modified;
}
/**
* The url for the modified NVD CVE (2.0 schema).
*/
private String cveUrl20Modified;
/**
* Get the value of cveUrl20Modified.
*
@@ -314,11 +321,6 @@ public class Update extends Purge {
this.cveUrl20Modified = cveUrl20Modified;
}
/**
* Base Data Mirror URL for CVE 1.2.
*/
private String cveUrl12Base;
/**
* Get the value of cveUrl12Base.
*
@@ -337,11 +339,6 @@ public class Update extends Purge {
this.cveUrl12Base = cveUrl12Base;
}
/**
* Data Mirror URL for CVE 2.0.
*/
private String cveUrl20Base;
/**
* Get the value of cveUrl20Base.
*
@@ -360,11 +357,6 @@ public class Update extends Purge {
this.cveUrl20Base = cveUrl20Base;
}
/**
* The number of hours to wait before re-checking for updates.
*/
private Integer cveValidForHours;
/**
* Get the value of cveValidForHours.
*

4
dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
View File

@@ -589,8 +589,8 @@ public class Engine implements FileFilter {
* @param exceptions the collection of exceptions to collect
* @return a collection of analysis tasks
*/
List<AnalysisTask> getAnalysisTasks(Analyzer analyzer, List<Throwable> exceptions) {
final List<AnalysisTask> result = new ArrayList<AnalysisTask>();
protected List<AnalysisTask> getAnalysisTasks(Analyzer analyzer, List<Throwable> exceptions) {
final List<AnalysisTask> result = new ArrayList<>();
synchronized (dependencies) {
for (final Dependency dependency : dependencies) {
final AnalysisTask task = new AnalysisTask(analyzer, dependency, this, exceptions, Settings.getInstance());

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
View File

@@ -470,7 +470,8 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
&& b[5] == 'n'
&& b[6] == '/') {
boolean stillLooking = true;
int chr, nxtChr;
int chr;
int nxtChr;
while (stillLooking && (chr = in.read()) != -1) {
if (chr == '\n' || chr == '\r') {
in.mark(4);

30
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
View File

@@ -123,14 +123,17 @@ public class CPEAnalyzer extends AbstractAnalyzer {
public AnalysisPhase getAnalysisPhase() {
return AnalysisPhase.IDENTIFIER_ANALYSIS;
}
/**
* The default is to support parallel processing.
*
* @return false
*/
@Override
public boolean supportsParallelProcessing() {
return false;
}
/**
* Creates the CPE Lucene Index.
*
@@ -674,6 +677,19 @@ public class CPEAnalyzer extends AbstractAnalyzer {
*/
private static class IdentifierMatch implements Comparable<IdentifierMatch> {
/**
* The confidence in the evidence used to identify this match.
*/
private Confidence evidenceConfidence;
/**
* The confidence whether this is an exact match, or a best guess.
*/
private IdentifierConfidence confidence;
/**
* The CPE identifier.
*/
private Identifier identifier;
/**
* Constructs an IdentifierMatch.
*
@@ -690,12 +706,8 @@ public class CPEAnalyzer extends AbstractAnalyzer {
this.confidence = identifierConfidence;
this.evidenceConfidence = evidenceConfidence;
}
//<editor-fold defaultstate="collapsed" desc="Property implementations: evidenceConfidence, confidence, identifier">
/**
* The confidence in the evidence used to identify this match.
*/
private Confidence evidenceConfidence;
//<editor-fold defaultstate="collapsed" desc="Property implementations: evidenceConfidence, confidence, identifier">
/**
* Get the value of evidenceConfidence
*
@@ -713,10 +725,6 @@ public class CPEAnalyzer extends AbstractAnalyzer {
public void setEvidenceConfidence(Confidence evidenceConfidence) {
this.evidenceConfidence = evidenceConfidence;
}
/**
* The confidence whether this is an exact match, or a best guess.
*/
private IdentifierConfidence confidence;
/**
* Get the value of confidence.
@@ -735,10 +743,6 @@ public class CPEAnalyzer extends AbstractAnalyzer {
public void setConfidence(IdentifierConfidence confidence) {
this.confidence = confidence;
}
/**
* The CPE identifier.
*/
private Identifier identifier;
/**
* Get the value of identifier.

42
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java
View File

@@ -52,6 +52,18 @@ import org.xml.sax.SAXException;
* @author Jeremy Long
*/
public class HintAnalyzer extends AbstractAnalyzer {
/**
* The Logger for use throughout the class
*/
private static final Logger LOGGER = LoggerFactory.getLogger(HintAnalyzer.class);
/**
* The name of the hint rule file
*/
private static final String HINT_RULE_FILE_NAME = "dependencycheck-base-hint.xml";
/**
* The collection of hints.
*/
private Hints hints;
//<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer">
/**
@@ -109,20 +121,7 @@ public class HintAnalyzer extends AbstractAnalyzer {
}
}
//</editor-fold>
/**
* The Logger for use throughout the class
*/
private static final Logger LOGGER = LoggerFactory.getLogger(HintAnalyzer.class);
/**
* The name of the hint rule file
*/
private static final String HINT_RULE_FILE_NAME = "dependencycheck-base-hint.xml";
/**
* The collection of hints.
*/
private Hints hints;
/**
* The HintAnalyzer uses knowledge about a dependency to add additional
* information to help in identification of identifiers or vulnerabilities.
@@ -195,7 +194,7 @@ public class HintAnalyzer extends AbstractAnalyzer {
}
final Iterator<Evidence> itr = dependency.getVendorEvidence().iterator();
final List<Evidence> newEntries = new ArrayList<Evidence>();
final List<Evidence> newEntries = new ArrayList<>();
while (itr.hasNext()) {
final Evidence e = itr.next();
for (VendorDuplicatingHintRule dhr : hints.getVendorDuplicatingHintRules()) {
@@ -220,10 +219,7 @@ public class HintAnalyzer extends AbstractAnalyzer {
File file = null;
try {
hints = parser.parseHints(this.getClass().getClassLoader().getResourceAsStream(HINT_RULE_FILE_NAME));
} catch (HintParseException ex) {
LOGGER.error("Unable to parse the base hint data file");
LOGGER.debug("Unable to parse the base hint data file", ex);
} catch (SAXException ex) {
} catch (HintParseException | SAXException ex) {
LOGGER.error("Unable to parse the base hint data file");
LOGGER.debug("Unable to parse the base hint data file", ex);
}
@@ -246,9 +242,7 @@ public class HintAnalyzer extends AbstractAnalyzer {
} else {
file = new File(filePath);
if (!file.exists()) {
InputStream fromClasspath = null;
try {
fromClasspath = this.getClass().getClassLoader().getResourceAsStream(filePath);
try (InputStream fromClasspath = this.getClass().getClassLoader().getResourceAsStream(filePath)) {
if (fromClasspath != null) {
deleteTempFile = true;
file = FileUtils.getTempFile("hint", "xml");
@@ -258,10 +252,6 @@ public class HintAnalyzer extends AbstractAnalyzer {
throw new HintParseException("Unable to locate hints file in classpath", ex);
}
}
} finally {
if (fromClasspath != null) {
fromClasspath.close();
}
}
}
}

45
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -148,15 +148,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* A pattern to detect HTML within text.
*/
private static final Pattern HTML_DETECTION_PATTERN = Pattern.compile("\\<[a-z]+.*/?\\>", Pattern.CASE_INSENSITIVE);
//</editor-fold>
/**
* Constructs a new JarAnalyzer.
*/
public JarAnalyzer() {
}
//<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer">
/**
* The name of the analyzer.
*/
@@ -175,6 +166,15 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
*/
private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
//</editor-fold>
/**
* Constructs a new JarAnalyzer.
*/
public JarAnalyzer() {
}
//<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer">
/**
* Returns the FileFilter.
*
@@ -396,7 +396,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* @throws IOException thrown if there is an exception reading a JarEntry
*/
private List<String> retrievePomListing(final JarFile jar) throws IOException {
final List<String> pomEntries = new ArrayList<String>();
final List<String> pomEntries = new ArrayList<>();
final Enumeration<JarEntry> entries = jar.entries();
while (entries.hasMoreElements()) {
final JarEntry entry = entries.nextElement();
@@ -588,8 +588,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
*/
protected void analyzePackageNames(List<ClassNameInformation> classNames,
Dependency dependency, boolean addPackagesAsEvidence) {
final Map<String, Integer> vendorIdentifiers = new HashMap<String, Integer>();
final Map<String, Integer> productIdentifiers = new HashMap<String, Integer>();
final Map<String, Integer> vendorIdentifiers = new HashMap<>();
final Map<String, Integer> productIdentifiers = new HashMap<>();
analyzeFullyQualifiedClassNames(classNames, vendorIdentifiers, productIdentifiers);
final int classCount = classNames.size();
@@ -949,7 +949,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* @return an list of fully qualified class names
*/
private List<ClassNameInformation> collectClassNames(Dependency dependency) {
final List<ClassNameInformation> classNames = new ArrayList<ClassNameInformation>();
final List<ClassNameInformation> classNames = new ArrayList<>();
JarFile jar = null;
try {
jar = new JarFile(dependency.getActualFilePath());
@@ -1115,6 +1115,15 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* Stores information about a class name.
*/
protected static class ClassNameInformation {
/**
* The fully qualified class name.
*/
private String name;
/**
* Up to the first four levels of the package structure, excluding a
* leading "org" or "com".
*/
private final ArrayList<String> packageStructure = new ArrayList<String>();
/**
* <p>
@@ -1158,10 +1167,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
packageStructure.add(name);
}
}
/**
* The fully qualified class name.
*/
private String name;
/**
* Get the value of name
@@ -1180,12 +1185,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
public void setName(String name) {
this.name = name;
}
/**
* Up to the first four levels of the package structure, excluding a
* leading "org" or "com".
*/
private final ArrayList<String> packageStructure = new ArrayList<String>();
/**
* Get the value of packageStructure
*

5
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/IndexEntry.java
View File

@@ -172,10 +172,7 @@ public class IndexEntry implements Serializable {
if ((this.vendor == null) ? (other.vendor != null) : !this.vendor.equals(other.vendor)) {
return false;
}
if ((this.product == null) ? (other.product != null) : !this.product.equals(other.product)) {
return false;
}
return true;
return !((this.product == null) ? (other.product != null) : !this.product.equals(other.product));
}
/**

8
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
View File

@@ -129,10 +129,10 @@ public class Dependency implements Serializable, Comparable<Dependency> {
vendorEvidence = new EvidenceCollection();
productEvidence = new EvidenceCollection();
versionEvidence = new EvidenceCollection();
identifiers = new TreeSet<Identifier>();
vulnerabilities = new TreeSet<Vulnerability>(new VulnerabilityComparator());
suppressedIdentifiers = new TreeSet<Identifier>();
suppressedVulnerabilities = new TreeSet<Vulnerability>(new VulnerabilityComparator());
identifiers = new TreeSet<>();
vulnerabilities = new TreeSet<>(new VulnerabilityComparator());
suppressedIdentifiers = new TreeSet<>();
suppressedVulnerabilities = new TreeSet<>(new VulnerabilityComparator());
}
/**

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java
View File

@@ -233,7 +233,7 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp
* @param str the string to test
* @return true if the string only contains 0-9, otherwise false.
*/
static boolean isPositiveInteger(final String str) {
protected static boolean isPositiveInteger(final String str) {
if (str == null || str.isEmpty()) {
return false;
}

19
dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/License.java
View File

@@ -23,6 +23,15 @@ package org.owasp.dependencycheck.xml.pom;
*/
public class License {
/**
* The url to the license.
*/
private String url;
/**
* The name of the license.
*/
private String name;
/**
* Constructs a new license object.
*/
@@ -41,11 +50,6 @@ public class License {
}
/**
* The url to the license.
*/
private String url;
/**
* Get the value of url.
*
@@ -64,11 +68,6 @@ public class License {
this.url = url;
}
/**
* The name of the license.
*/
private String name;
/**
* Get the value of name.
*

90
dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/Model.java
View File

@@ -35,6 +35,46 @@ public class Model {
* The name of the project.
*/
private String name;
/**
* The organization name.
*/
private String organization;
/**
* The description.
*/
private String description;
/**
* The group id.
*/
private String groupId;
/**
* The artifact id.
*/
private String artifactId;
/**
* The version number.
*/
private String version;
/**
* The parent group id.
*/
private String parentGroupId;
/**
* The parent artifact id.
*/
private String parentArtifactId;
/**
* The parent version number.
*/
private String parentVersion;
/**
* The list of licenses.
*/
private final List<License> licenses = new ArrayList<License>();
/**
* The project URL.
*/
private String projectURL;
/**
* Get the value of name.
@@ -54,11 +94,6 @@ public class Model {
this.name = name;
}
/**
* The organization name.
*/
private String organization;
/**
* Get the value of organization.
*
@@ -77,11 +112,6 @@ public class Model {
this.organization = organization;
}
/**
* The description.
*/
private String description;
/**
* Get the value of description.
*
@@ -100,11 +130,6 @@ public class Model {
this.description = description;
}
/**
* The group id.
*/
private String groupId;
/**
* Get the value of groupId.
*
@@ -123,11 +148,6 @@ public class Model {
this.groupId = groupId;
}
/**
* The artifact id.
*/
private String artifactId;
/**
* Get the value of artifactId.
*
@@ -146,11 +166,6 @@ public class Model {
this.artifactId = artifactId;
}
/**
* The version number.
*/
private String version;
/**
* Get the value of version.
*
@@ -169,11 +184,6 @@ public class Model {
this.version = version;
}
/**
* The parent group id.
*/
private String parentGroupId;
/**
* Get the value of parentGroupId.
*
@@ -192,11 +202,6 @@ public class Model {
this.parentGroupId = parentGroupId;
}
/**
* The parent artifact id.
*/
private String parentArtifactId;
/**
* Get the value of parentArtifactId.
*
@@ -215,11 +220,6 @@ public class Model {
this.parentArtifactId = parentArtifactId;
}
/**
* The parent version number.
*/
private String parentVersion;
/**
* Get the value of parentVersion.
*
@@ -238,11 +238,6 @@ public class Model {
this.parentVersion = parentVersion;
}
/**
* The list of licenses.
*/
private final List<License> licenses = new ArrayList<License>();
/**
* Returns the list of licenses.
*
@@ -261,11 +256,6 @@ public class Model {
licenses.add(license);
}
/**
* The project URL.
*/
private String projectURL;
/**
* Get the value of projectURL.
*

17
dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/PropertyType.java
View File

@@ -32,6 +32,14 @@ public class PropertyType {
* The value.
*/
private String value;
/**
* Whether or not the expression is a regex.
*/
private boolean regex = false;
/**
* Indicates case sensitivity.
*/
private boolean caseSensitive = false;
/**
* Gets the value of the value property.
@@ -51,10 +59,6 @@ public class PropertyType {
public void setValue(String value) {
this.value = value;
}
/**
* Whether or not the expression is a regex.
*/
private boolean regex = false;
/**
* Returns whether or not the value is a regex.
@@ -75,11 +79,6 @@ public class PropertyType {
public void setRegex(boolean value) {
this.regex = value;
}
/**
* Indicates case sensitivity.
*/
private boolean caseSensitive = false;
/**
* Gets the value of the caseSensitive property.
*

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionRule.java
View File

@@ -409,7 +409,7 @@ public class SuppressionRule {
* @param identifier a CPE identifier to check
* @return true if the entry matches; otherwise false
*/
boolean identifierMatches(String identifierType, PropertyType suppressionEntry, Identifier identifier) {
protected boolean identifierMatches(String identifierType, PropertyType suppressionEntry, Identifier identifier) {
if (identifierType.equals(identifier.getType())) {
if (suppressionEntry.matches(identifier.getValue())) {
return true;

18
dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineIntegrationTest.java
View File

@@ -18,8 +18,6 @@
package org.owasp.dependencycheck;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import static org.junit.Assert.assertTrue;
import org.junit.Test;
@@ -59,15 +57,15 @@ public class EngineIntegrationTest extends BaseDBTestCase {
try {
instance.analyzeDependencies();
} catch (ExceptionCollection ex) {
if (ex.getExceptions().size()==1 &&
(ex.getExceptions().get(0).getMessage().contains("bundle-audit") ||
ex.getExceptions().get(0).getMessage().contains("AssemblyAnalyzer"))) {
if (ex.getExceptions().size() == 1
&& (ex.getExceptions().get(0).getMessage().contains("bundle-audit")
|| ex.getExceptions().get(0).getMessage().contains("AssemblyAnalyzer"))) {
//this is fine to ignore
} else if (ex.getExceptions().size()==2 &&
((ex.getExceptions().get(0).getMessage().contains("bundle-audit") &&
ex.getExceptions().get(1).getMessage().contains("AssemblyAnalyzer")) ||
(ex.getExceptions().get(1).getMessage().contains("bundle-audit") &&
ex.getExceptions().get(0).getMessage().contains("AssemblyAnalyzer")))) {
} else if (ex.getExceptions().size() == 2
&& ((ex.getExceptions().get(0).getMessage().contains("bundle-audit")
&& ex.getExceptions().get(1).getMessage().contains("AssemblyAnalyzer"))
|| (ex.getExceptions().get(1).getMessage().contains("bundle-audit")
&& ex.getExceptions().get(0).getMessage().contains("AssemblyAnalyzer")))) {
//this is fine to ignore
} else {
throw ex;

4
dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineTest.java
View File

@@ -41,10 +41,10 @@ import static org.junit.Assert.assertTrue;
public class EngineTest extends BaseDBTestCase {
@Mocked
Analyzer analyzer;
private Analyzer analyzer;
@Mocked
AnalysisTask analysisTask;
private AnalysisTask analysisTask;
/**

1
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java
View File

@@ -26,7 +26,6 @@ import java.io.File;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import org.junit.After;
import org.junit.Assume;

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundlerAnalyzerTest.java
View File

@@ -40,7 +40,7 @@ public class RubyBundlerAnalyzerTest extends BaseTest {
/**
* The analyzer to test.
*/
RubyBundlerAnalyzer analyzer;
private RubyBundlerAnalyzer analyzer;
/**
* Correctly setup the analyzer for testing.

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzerTest.java
View File

@@ -111,6 +111,6 @@ public class RubyGemspecAnalyzerTest extends BaseTest {
final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
"ruby/vulnerable/gems/rails-4.1.15/vendor/bundle/ruby/2.2.0/gems/pg-0.18.4/Rakefile"));
analyzer.analyze(result, null);
//TODO add verification
assertTrue(result.getEvidence().size()>0);
}
}

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nuget/XPathNuspecParserTest.java
View File

@@ -78,6 +78,6 @@ public class XPathNuspecParserTest extends BaseTest {
NuspecParser parser = new XPathNuspecParser();
//InputStream is = XPathNuspecParserTest.class.getClassLoader().getResourceAsStream("suppressions.xml");
InputStream is = BaseTest.getResourceAsStream(this, "suppressions.xml");
NugetPackage np = parser.parse(is);
parser.parse(is);
}
}

14
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DriverLoaderTest.java
View File

@@ -62,8 +62,8 @@ public class DriverLoaderTest extends BaseTest {
*/
@Test(expected = DriverLoadException.class)
public void testLoad_String_ex() throws Exception {
String className = "bad.Driver";
Driver d = DriverLoader.load(className);
final String className = "bad.Driver";
DriverLoader.load(className);
}
/**
@@ -94,7 +94,7 @@ public class DriverLoaderTest extends BaseTest {
* Test of load method, of class DriverLoader.
*/
@Test
public void testLoad_String_String_multiple_paths() throws Exception {
public void testLoad_String_String_multiple_paths() {
final String className = "com.mysql.jdbc.Driver";
//we know this is in target/test-classes
//final File testClassPath = (new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath())).getParentFile();
@@ -106,9 +106,15 @@ public class DriverLoaderTest extends BaseTest {
Driver d = null;
try {
d = DriverLoader.load(className, paths);
} catch (DriverLoadException ex) {
fail(ex.getMessage());
} finally {
if (d != null) {
DriverManager.deregisterDriver(d);
try {
DriverManager.deregisterDriver(d);
} catch (SQLException ex) {
fail(ex.getMessage());
}
}
}
}

20
dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java
View File

@@ -18,10 +18,12 @@
package org.owasp.dependencycheck.dependency;
import java.io.File;
import java.util.HashSet;
import java.util.Set;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import org.junit.Test;
@@ -165,7 +167,7 @@ public class DependencyTest extends BaseTest {
Dependency instance = new Dependency();
Set<Identifier> result = instance.getIdentifiers();
assertTrue(true); //this is just a getter setter pair.
assertNotNull(result);
}
/**
@@ -173,10 +175,10 @@ public class DependencyTest extends BaseTest {
*/
@Test
public void testSetIdentifiers() {
Set<Identifier> identifiers = null;
Set<Identifier> identifiers = new HashSet<>();
Dependency instance = new Dependency();
instance.setIdentifiers(identifiers);
assertTrue(true); //this is just a getter setter pair.
assertNotNull(instance.getIdentifiers());
}
/**
@@ -201,9 +203,8 @@ public class DependencyTest extends BaseTest {
@Test
public void testGetEvidence() {
Dependency instance = new Dependency();
EvidenceCollection expResult = null;
EvidenceCollection result = instance.getEvidence();
assertTrue(true); //this is just a getter setter pair.
assertNotNull(result);
}
/**
@@ -232,9 +233,8 @@ public class DependencyTest extends BaseTest {
@Test
public void testGetVendorEvidence() {
Dependency instance = new Dependency();
EvidenceCollection expResult = null;
EvidenceCollection result = instance.getVendorEvidence();
assertTrue(true); //this is just a getter setter pair.
assertNotNull(result);
}
/**
@@ -243,9 +243,8 @@ public class DependencyTest extends BaseTest {
@Test
public void testGetProductEvidence() {
Dependency instance = new Dependency();
EvidenceCollection expResult = null;
EvidenceCollection result = instance.getProductEvidence();
assertTrue(true); //this is just a getter setter pair.
assertNotNull(result);
}
/**
@@ -254,9 +253,8 @@ public class DependencyTest extends BaseTest {
@Test
public void testGetVersionEvidence() {
Dependency instance = new Dependency();
EvidenceCollection expResult = null;
EvidenceCollection result = instance.getVersionEvidence();
assertTrue(true); //this is just a getter setter pair.
assertNotNull(result);
}
/**

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorIntegrationTest.java
View File

@@ -53,7 +53,7 @@ public class ReportGeneratorIntegrationTest extends BaseDBTestCase {
*/
@Test
public void testGenerateReport() throws Exception {
String templateName = "HtmlReport";
// String templateName = "HtmlReport";
// File f = new File("target/test-reports");
// if (!f.exists()) {
// f.mkdir();

1
dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/pom/ModelTest.java
View File

@@ -167,6 +167,7 @@ public class ModelTest extends BaseTest {
String version = "";
Model instance = new Model();
instance.setVersion(version);
assertNotNull(instance.getVersion());
}
/**

1
dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/suppression/PropertyTypeTest.java
View File

@@ -49,7 +49,6 @@ public class PropertyTypeTest extends BaseTest {
@Test
public void testIsRegex() {
PropertyType instance = new PropertyType();
boolean result = instance.isRegex();
assertFalse(instance.isRegex());
instance.setRegex(true);
assertTrue(instance.isRegex());

17
dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/suppression/SuppressionRuleTest.java
View File

@@ -144,7 +144,6 @@ public class SuppressionRuleTest extends BaseTest {
@Test
public void testGetFilePath() {
//already tested, this is just left so the IDE doesn't recreate it.
assertTrue(true);
}
/**
@@ -153,7 +152,6 @@ public class SuppressionRuleTest extends BaseTest {
@Test
public void testSetFilePath() {
//already tested, this is just left so the IDE doesn't recreate it.
assertTrue(true);
}
/**
@@ -162,7 +160,6 @@ public class SuppressionRuleTest extends BaseTest {
@Test
public void testGetSha1() {
//already tested, this is just left so the IDE doesn't recreate it.
assertTrue(true);
}
/**
@@ -171,7 +168,6 @@ public class SuppressionRuleTest extends BaseTest {
@Test
public void testSetSha1() {
//already tested, this is just left so the IDE doesn't recreate it.
assertTrue(true);
}
/**
@@ -180,7 +176,6 @@ public class SuppressionRuleTest extends BaseTest {
@Test
public void testGetCpe() {
//already tested, this is just left so the IDE doesn't recreate it.
assertTrue(true);
}
/**
@@ -189,7 +184,6 @@ public class SuppressionRuleTest extends BaseTest {
@Test
public void testSetCpe() {
//already tested, this is just left so the IDE doesn't recreate it.
assertTrue(true);
}
/**
@@ -198,7 +192,6 @@ public class SuppressionRuleTest extends BaseTest {
@Test
public void testAddCpe() {
//already tested, this is just left so the IDE doesn't recreate it.
assertTrue(true);
}
/**
@@ -207,7 +200,6 @@ public class SuppressionRuleTest extends BaseTest {
@Test
public void testHasCpe() {
//already tested, this is just left so the IDE doesn't recreate it.
assertTrue(true);
}
/**
@@ -216,7 +208,6 @@ public class SuppressionRuleTest extends BaseTest {
@Test
public void testSetCvssBelow() {
//already tested, this is just left so the IDE doesn't recreate it.
assertTrue(true);
}
/**
@@ -225,7 +216,6 @@ public class SuppressionRuleTest extends BaseTest {
@Test
public void testAddCvssBelow() {
//already tested, this is just left so the IDE doesn't recreate it.
assertTrue(true);
}
/**
@@ -234,7 +224,6 @@ public class SuppressionRuleTest extends BaseTest {
@Test
public void testHasCvssBelow() {
//already tested, this is just left so the IDE doesn't recreate it.
assertTrue(true);
}
/**
@@ -243,7 +232,6 @@ public class SuppressionRuleTest extends BaseTest {
@Test
public void testGetCwe() {
//already tested, this is just left so the IDE doesn't recreate it.
assertTrue(true);
}
/**
@@ -252,7 +240,6 @@ public class SuppressionRuleTest extends BaseTest {
@Test
public void testSetCwe() {
//already tested, this is just left so the IDE doesn't recreate it.
assertTrue(true);
}
/**
@@ -261,7 +248,6 @@ public class SuppressionRuleTest extends BaseTest {
@Test
public void testAddCwe() {
//already tested, this is just left so the IDE doesn't recreate it.
assertTrue(true);
}
/**
@@ -270,7 +256,6 @@ public class SuppressionRuleTest extends BaseTest {
@Test
public void testHasCwe() {
//already tested, this is just left so the IDE doesn't recreate it.
assertTrue(true);
}
/**
@@ -279,7 +264,6 @@ public class SuppressionRuleTest extends BaseTest {
@Test
public void testGetCve() {
//already tested, this is just left so the IDE doesn't recreate it.
assertTrue(true);
}
/**
@@ -288,7 +272,6 @@ public class SuppressionRuleTest extends BaseTest {
@Test
public void testSetCve() {
//already tested, this is just left so the IDE doesn't recreate it.
assertTrue(true);
}
/**

14
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
View File

@@ -52,6 +52,13 @@ import org.owasp.dependencycheck.utils.Settings;
)
public class AggregateMojo extends BaseDependencyCheckMojo {
/**
* The name of the report in the site.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "name", defaultValue = "dependency-check:aggregate", required = true)
private String name = "dependency-check:aggregate";
/**
* Executes the aggregate dependency-check goal. This runs dependency-check
* and generates the subsequent reports.
@@ -255,13 +262,6 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
return true; //aggregate always returns true for now - we can look at a more complicated/acurate solution later
}
/**
* The name of the report in the site.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "name", defaultValue = "dependency-check:aggregate", required = true)
private String name = "dependency-check:aggregate";
/**
* Returns the report name.
*

45
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
View File

@@ -80,6 +80,10 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* System specific new line character.
*/
private static final String NEW_LINE = System.getProperty("line.separator", "\n").intern();
/**
* A flag indicating whether or not the Maven site is being generated.
*/
private boolean generatingSite = false;
//</editor-fold>
// <editor-fold defaultstate="collapsed" desc="Maven bound parameters and components">
/**
@@ -93,15 +97,6 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
@Parameter(property = "failOnError", defaultValue = "true", required = true)
private boolean failOnError;
/**
* Returns if the mojo should fail the build if an exception occurs.
*
* @return whether or not the mojo should fail the build
*/
protected boolean isFailOnError() {
return failOnError;
}
/**
* The Maven Project Object.
*/
@@ -343,14 +338,6 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
@Parameter(property = "connectionString", defaultValue = "", required = false)
private String connectionString;
/**
* Returns the connection string.
*
* @return the connection string
*/
protected String getConnectionString() {
return connectionString;
}
/**
* The database driver name. An example would be org.h2.Driver.
*/
@@ -473,9 +460,9 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
@Parameter(property = "externalReport")
@Deprecated
private String externalReport = null;
// </editor-fold>
//<editor-fold defaultstate="collapsed" desc="Base Maven implementation">
/**
* Executes dependency-check.
*
@@ -526,11 +513,6 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
generate((Sink) sink, locale);
}
/**
* A flag indicating whether or not the maven site is being generated.
*/
private boolean generatingSite = false;
/**
* Returns true if the Maven site is being generated.
*
@@ -540,6 +522,23 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
return generatingSite;
}
/**
* Returns the connection string.
*
* @return the connection string
*/
protected String getConnectionString() {
return connectionString;
}
/**
* Returns if the mojo should fail the build if an exception occurs.
*
* @return whether or not the mojo should fail the build
*/
protected boolean isFailOnError() {
return failOnError;
}
/**
* Generates the Dependency-Check Site Report.
*

14
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java
View File

@@ -46,6 +46,13 @@ import org.owasp.dependencycheck.utils.Settings;
)
public class CheckMojo extends BaseDependencyCheckMojo {
/**
* The name of the report in the site.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "name", defaultValue = "dependency-check", required = true)
private String name = "dependency-check";
/**
* Returns whether or not a the report can be generated.
*
@@ -126,13 +133,6 @@ public class CheckMojo extends BaseDependencyCheckMojo {
Settings.cleanup();
}
/**
* The name of the report in the site.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "name", defaultValue = "dependency-check", required = true)
private String name = "dependency-check";
/**
* Returns the report name.
*

18
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/SSLSocketFactoryEx.java
View File

@@ -34,6 +34,15 @@ public class SSLSocketFactoryEx extends SSLSocketFactory {
*/
private static final Logger LOGGER = LoggerFactory.getLogger(SSLSocketFactoryEx.class);
/**
* The SSL context.
*/
private SSLContext sslCtxt;
/**
* The protocols.
*/
private String[] protocols;
/**
* Constructs a new SSLSocketFactory.
*
@@ -284,13 +293,4 @@ public class SSLSocketFactoryEx extends SSLSocketFactory {
return aa.toArray(new String[0]);
}
/**
* The SSL context.
*/
private SSLContext sslCtxt;
/**
* The protocols.
*/
private String[] protocols;
}

44
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
View File

@@ -38,6 +38,28 @@ import java.util.Properties;
* @author Jeremy Long
*/
public final class Settings {
/**
* The logger.
*/
private static final Logger LOGGER = LoggerFactory.getLogger(Settings.class);
/**
* The properties file location.
*/
private static final String PROPERTIES_FILE = "dependencycheck.properties";
/**
* Thread local settings.
*/
private static final ThreadLocal<Settings> LOCAL_SETTINGS = new ThreadLocal<Settings>();
/**
* The properties.
*/
private Properties props = null;
/**
* A reference to the temporary directory; used incase it needs to be
* deleted during cleanup.
*/
private static File tempDirectory = null;
//<editor-fold defaultstate="collapsed" desc="KEYS used to access settings">
/**
@@ -403,22 +425,6 @@ public final class Settings {
}
//</editor-fold>
/**
* The logger.
*/
private static final Logger LOGGER = LoggerFactory.getLogger(Settings.class);
/**
* The properties file location.
*/
private static final String PROPERTIES_FILE = "dependencycheck.properties";
/**
* Thread local settings.
*/
private static final ThreadLocal<Settings> LOCAL_SETTINGS = new ThreadLocal<Settings>();
/**
* The properties.
*/
private Properties props = null;
/**
* Private constructor for the Settings class. This class loads the
@@ -788,12 +794,6 @@ public final class Settings {
return str;
}
/**
* A reference to the temporary directory; used incase it needs to be
* deleted during cleanup.
*/
private static File tempDirectory = null;
/**
* Returns the temporary directory.
*

23
dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStreamTest.java
View File

@@ -24,11 +24,7 @@ import java.io.IOException;
import java.io.ObjectOutputStream;
import java.util.ArrayList;
import java.util.List;
import org.junit.After;
import org.junit.AfterClass;
import static org.junit.Assert.fail;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
/**
@@ -37,25 +33,6 @@ import org.junit.Test;
*/
public class ExpectedOjectInputStreamTest {
public ExpectedOjectInputStreamTest() {
}
@BeforeClass
public static void setUpClass() {
}
@AfterClass
public static void tearDownClass() {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of resolveClass method, of class ExpectedOjectInputStream.
*/