From d6c9fea3545980ee2e246670a871048ad1581d14 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Fri, 17 Feb 2017 12:03:11 -0500 Subject: [PATCH] formating and codacy recommended updates --- .../owasp/dependencycheck/taskdefs/Check.java | 329 +++++++++--------- .../dependencycheck/taskdefs/Update.java | 130 ++++--- .../org/owasp/dependencycheck/Engine.java | 4 +- .../analyzer/ArchiveAnalyzer.java | 3 +- .../dependencycheck/analyzer/CPEAnalyzer.java | 30 +- .../analyzer/HintAnalyzer.java | 42 +-- .../dependencycheck/analyzer/JarAnalyzer.java | 45 ++- .../dependencycheck/data/cpe/IndexEntry.java | 5 +- .../dependency/Dependency.java | 8 +- .../dependency/VulnerableSoftware.java | 2 +- .../dependencycheck/xml/pom/License.java | 19 +- .../owasp/dependencycheck/xml/pom/Model.java | 90 +++-- .../xml/suppression/PropertyType.java | 17 +- .../xml/suppression/SuppressionRule.java | 2 +- .../EngineIntegrationTest.java | 18 +- .../org/owasp/dependencycheck/EngineTest.java | 4 +- .../analyzer/RubyBundleAuditAnalyzerTest.java | 1 - .../analyzer/RubyBundlerAnalyzerTest.java | 2 +- .../analyzer/RubyGemspecAnalyzerTest.java | 2 +- .../data/nuget/XPathNuspecParserTest.java | 2 +- .../data/nvdcve/DriverLoaderTest.java | 14 +- .../dependency/DependencyTest.java | 20 +- .../ReportGeneratorIntegrationTest.java | 2 +- .../dependencycheck/xml/pom/ModelTest.java | 1 + .../xml/suppression/PropertyTypeTest.java | 1 - .../xml/suppression/SuppressionRuleTest.java | 17 - .../dependencycheck/maven/AggregateMojo.java | 14 +- .../maven/BaseDependencyCheckMojo.java | 45 ++- .../dependencycheck/maven/CheckMojo.java | 14 +- .../utils/SSLSocketFactoryEx.java | 18 +- .../owasp/dependencycheck/utils/Settings.java | 44 +-- .../utils/ExpectedOjectInputStreamTest.java | 23 -- 32 files changed, 444 insertions(+), 524 deletions(-) diff --git a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java index 286b93f04..05cca60f8 100644 --- a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java +++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java @@ -53,16 +53,159 @@ public class Check extends Update { * System specific new line character. */ private static final String NEW_LINE = System.getProperty("line.separator", "\n").intern(); + /** + * Whether the ruby gemspec analyzer should be enabled. + */ + private Boolean rubygemsAnalyzerEnabled; + /** + * Whether or not the Node.js Analyzer is enabled. + */ + private Boolean nodeAnalyzerEnabled; + /** + * Whether or not the Ruby Bundle Audit Analyzer is enabled. + */ + private Boolean bundleAuditAnalyzerEnabled; + /** + * Whether the CMake analyzer should be enabled. + */ + private Boolean cmakeAnalyzerEnabled; /** - * Construct a new DependencyCheckTask. + * Whether or not the openssl analyzer is enabled. */ - public Check() { - super(); - // Call this before Dependency Check Core starts logging anything - this way, all SLF4J messages from - // core end up coming through this tasks logger - StaticLoggerBinder.getSingleton().setTask(this); - } + private Boolean opensslAnalyzerEnabled; + /** + * Whether the python package analyzer should be enabled. + */ + private Boolean pyPackageAnalyzerEnabled; + /** + * Whether the python distribution analyzer should be enabled. + */ + private Boolean pyDistributionAnalyzerEnabled; + /** + * Whether or not the central analyzer is enabled. + */ + private Boolean centralAnalyzerEnabled; + /** + * Whether or not the nexus analyzer is enabled. + */ + private Boolean nexusAnalyzerEnabled; + + /** + * The URL of a Nexus server's REST API end point + * (http://domain/nexus/service/local). + */ + private String nexusUrl; + /** + * Whether or not the defined proxy should be used when connecting to Nexus. + */ + private Boolean nexusUsesProxy; + /** + * Additional ZIP File extensions to add analyze. This should be a + * comma-separated list of file extensions to treat like ZIP files. + */ + private String zipExtensions; + /** + * The path to Mono for .NET assembly analysis on non-windows systems. + */ + private String pathToMono; + + /** + * The application name for the report. + * + * @deprecated use projectName instead. + */ + @Deprecated + private String applicationName = null; + /** + * The name of the project being analyzed. + */ + private String projectName = "dependency-check"; + + /** + * Specifies the destination directory for the generated Dependency-Check + * report. + */ + private String reportOutputDirectory = "."; + /** + * Specifies if the build should be failed if a CVSS score above a specified + * level is identified. The default is 11 which means since the CVSS scores + * are 0-10, by default the build will never fail and the CVSS score is set + * to 11. The valid range for the fail build on CVSS is 0 to 11, where + * anything above 10 will not cause the build to fail. + */ + private float failBuildOnCVSS = 11; + /** + * Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not + * recommended that this be turned to false. Default is true. + */ + private Boolean autoUpdate; + /** + * Whether only the update phase should be executed. + * + * @deprecated Use the update task instead + */ + @Deprecated + private boolean updateOnly = false; + + /** + * The report format to be generated (HTML, XML, VULN, ALL). Default is + * HTML. + */ + private String reportFormat = "HTML"; + /** + * The path to the suppression file. + */ + private String suppressionFile; + /** + * The path to the suppression file. + */ + private String hintsFile; + /** + * flag indicating whether or not to show a summary of findings. + */ + private boolean showSummary = true; + /** + * Whether experimental analyzers are enabled. + */ + private Boolean enableExperimental; + /** + * Whether or not the Jar Analyzer is enabled. + */ + private Boolean jarAnalyzerEnabled; + /** + * Whether or not the Archive Analyzer is enabled. + */ + private Boolean archiveAnalyzerEnabled; + /** + * Whether or not the .NET Nuspec Analyzer is enabled. + */ + private Boolean nuspecAnalyzerEnabled; + /** + * Whether or not the PHP Composer Analyzer is enabled. + */ + private Boolean composerAnalyzerEnabled; + + /** + * Whether or not the .NET Assembly Analyzer is enabled. + */ + private Boolean assemblyAnalyzerEnabled; /** + * Whether the autoconf analyzer should be enabled. + */ + private Boolean autoconfAnalyzerEnabled; + /** + * Sets the path for the bundle-audit binary. + */ + private String bundleAuditPath; + /** + * Whether or not the CocoaPods Analyzer is enabled. + */ + private Boolean cocoapodsAnalyzerEnabled; + + /** + * Whether or not the Swift package Analyzer is enabled. + */ + private Boolean swiftPackageManagerAnalyzerEnabled; //The following code was copied Apache Ant PathConvert //BEGIN COPY from org.apache.tools.ant.taskdefs.PathConvert /** @@ -140,13 +283,17 @@ public class Check extends Update { } } // END COPY from org.apache.tools.ant.taskdefs + + /** - * The application name for the report. - * - * @deprecated use projectName instead. + * Construct a new DependencyCheckTask. */ - @Deprecated - private String applicationName = null; + public Check() { + super(); + // Call this before Dependency Check Core starts logging anything - this way, all SLF4J messages from + // core end up coming through this tasks logger + StaticLoggerBinder.getSingleton().setTask(this); + } /** * Get the value of applicationName. @@ -170,11 +317,6 @@ public class Check extends Update { public void setApplicationName(String applicationName) { this.applicationName = applicationName; } - /** - * The name of the project being analyzed. - */ - private String projectName = "dependency-check"; - /** * Get the value of projectName. * @@ -199,12 +341,6 @@ public class Check extends Update { this.projectName = projectName; } - /** - * Specifies the destination directory for the generated Dependency-Check - * report. - */ - private String reportOutputDirectory = "."; - /** * Get the value of reportOutputDirectory. * @@ -222,14 +358,6 @@ public class Check extends Update { public void setReportOutputDirectory(String reportOutputDirectory) { this.reportOutputDirectory = reportOutputDirectory; } - /** - * Specifies if the build should be failed if a CVSS score above a specified - * level is identified. The default is 11 which means since the CVSS scores - * are 0-10, by default the build will never fail and the CVSS score is set - * to 11. The valid range for the fail build on CVSS is 0 to 11, where - * anything above 10 will not cause the build to fail. - */ - private float failBuildOnCVSS = 11; /** * Get the value of failBuildOnCVSS. @@ -248,11 +376,6 @@ public class Check extends Update { public void setFailBuildOnCVSS(float failBuildOnCVSS) { this.failBuildOnCVSS = failBuildOnCVSS; } - /** - * Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not - * recommended that this be turned to false. Default is true. - */ - private Boolean autoUpdate; /** * Get the value of autoUpdate. @@ -271,13 +394,6 @@ public class Check extends Update { public void setAutoUpdate(Boolean autoUpdate) { this.autoUpdate = autoUpdate; } - /** - * Whether only the update phase should be executed. - * - * @deprecated Use the update task instead - */ - @Deprecated - private boolean updateOnly = false; /** * Get the value of updateOnly. @@ -301,12 +417,6 @@ public class Check extends Update { this.updateOnly = updateOnly; } - /** - * The report format to be generated (HTML, XML, VULN, ALL). Default is - * HTML. - */ - private String reportFormat = "HTML"; - /** * Get the value of reportFormat. * @@ -324,10 +434,6 @@ public class Check extends Update { public void setReportFormat(ReportFormats reportFormat) { this.reportFormat = reportFormat.getValue(); } - /** - * The path to the suppression file. - */ - private String suppressionFile; /** * Get the value of suppressionFile. @@ -346,10 +452,6 @@ public class Check extends Update { public void setSuppressionFile(String suppressionFile) { this.suppressionFile = suppressionFile; } - /** - * The path to the suppression file. - */ - private String hintsFile; /** * Get the value of hintsFile. @@ -368,11 +470,6 @@ public class Check extends Update { public void setHintsFile(String hintsFile) { this.hintsFile = hintsFile; } - /** - * flag indicating whether or not to show a summary of findings. - */ - private boolean showSummary = true; - /** * Get the value of showSummary. * @@ -391,11 +488,6 @@ public class Check extends Update { this.showSummary = showSummary; } - /** - * Whether experimental analyzers are enabled. - */ - private Boolean enableExperimental; - /** * Get the value of enableExperimental. * @@ -414,11 +506,6 @@ public class Check extends Update { this.enableExperimental = enableExperimental; } - /** - * Whether or not the Jar Analyzer is enabled. - */ - private Boolean jarAnalyzerEnabled; - /** * Returns whether or not the analyzer is enabled. * @@ -436,10 +523,6 @@ public class Check extends Update { public void setJarAnalyzerEnabled(Boolean jarAnalyzerEnabled) { this.jarAnalyzerEnabled = jarAnalyzerEnabled; } - /** - * Whether or not the Archive Analyzer is enabled. - */ - private Boolean archiveAnalyzerEnabled; /** * Returns whether or not the analyzer is enabled. @@ -449,10 +532,6 @@ public class Check extends Update { public Boolean isArchiveAnalyzerEnabled() { return archiveAnalyzerEnabled; } - /** - * Whether or not the .NET Assembly Analyzer is enabled. - */ - private Boolean assemblyAnalyzerEnabled; /** * Sets whether or not the analyzer is enabled. @@ -480,10 +559,6 @@ public class Check extends Update { public void setAssemblyAnalyzerEnabled(Boolean assemblyAnalyzerEnabled) { this.assemblyAnalyzerEnabled = assemblyAnalyzerEnabled; } - /** - * Whether or not the .NET Nuspec Analyzer is enabled. - */ - private Boolean nuspecAnalyzerEnabled; /** * Returns whether or not the analyzer is enabled. @@ -502,10 +577,6 @@ public class Check extends Update { public void setNuspecAnalyzerEnabled(Boolean nuspecAnalyzerEnabled) { this.nuspecAnalyzerEnabled = nuspecAnalyzerEnabled; } - /** - * Whether or not the PHP Composer Analyzer is enabled. - */ - private Boolean composerAnalyzerEnabled; /** * Get the value of composerAnalyzerEnabled. @@ -524,10 +595,6 @@ public class Check extends Update { public void setComposerAnalyzerEnabled(Boolean composerAnalyzerEnabled) { this.composerAnalyzerEnabled = composerAnalyzerEnabled; } - /** - * Whether the autoconf analyzer should be enabled. - */ - private Boolean autoconfAnalyzerEnabled; /** * Get the value of autoconfAnalyzerEnabled. @@ -546,10 +613,6 @@ public class Check extends Update { public void setAutoconfAnalyzerEnabled(Boolean autoconfAnalyzerEnabled) { this.autoconfAnalyzerEnabled = autoconfAnalyzerEnabled; } - /** - * Whether the CMake analyzer should be enabled. - */ - private Boolean cmakeAnalyzerEnabled; /** * Get the value of cmakeAnalyzerEnabled. @@ -569,12 +632,6 @@ public class Check extends Update { this.cmakeAnalyzerEnabled = cmakeAnalyzerEnabled; } -//start changes - /** - * Whether or not the Ruby Bundle Audit Analyzer is enabled. - */ - private Boolean bundleAuditAnalyzerEnabled; - /** * Returns if the Bundle Audit Analyzer is enabled. * @@ -594,11 +651,6 @@ public class Check extends Update { this.bundleAuditAnalyzerEnabled = bundleAuditAnalyzerEnabled; } - /** - * Sets the path for the bundle-audit binary. - */ - private String bundleAuditPath; - /** * Returns the path to the bundle audit executable. * @@ -616,10 +668,6 @@ public class Check extends Update { public void setBundleAuditPath(String bundleAuditPath) { this.bundleAuditPath = bundleAuditPath; } - /** - * Whether or not the CocoaPods Analyzer is enabled. - */ - private Boolean cocoapodsAnalyzerEnabled; /** * Returns if the cocoapods analyyzer is enabled. @@ -639,11 +687,6 @@ public class Check extends Update { this.cocoapodsAnalyzerEnabled = cocoapodsAnalyzerEnabled; } - /** - * Whether or not the Swift package Analyzer is enabled. - */ - private Boolean swiftPackageManagerAnalyzerEnabled; - /** * Returns whether or not the Swift package Analyzer is enabled. * @@ -662,12 +705,6 @@ public class Check extends Update { public void setSwiftPackageManagerAnalyzerEnabled(Boolean swiftPackageManagerAnalyzerEnabled) { this.swiftPackageManagerAnalyzerEnabled = swiftPackageManagerAnalyzerEnabled; } -//end changes - - /** - * Whether or not the openssl analyzer is enabled. - */ - private Boolean opensslAnalyzerEnabled; /** * Get the value of opensslAnalyzerEnabled. @@ -686,10 +723,6 @@ public class Check extends Update { public void setOpensslAnalyzerEnabled(Boolean opensslAnalyzerEnabled) { this.opensslAnalyzerEnabled = opensslAnalyzerEnabled; } - /** - * Whether or not the Node.js Analyzer is enabled. - */ - private Boolean nodeAnalyzerEnabled; /** * Get the value of nodeAnalyzerEnabled. @@ -708,10 +741,6 @@ public class Check extends Update { public void setNodeAnalyzerEnabled(Boolean nodeAnalyzerEnabled) { this.nodeAnalyzerEnabled = nodeAnalyzerEnabled; } - /** - * Whether the ruby gemspec analyzer should be enabled. - */ - private Boolean rubygemsAnalyzerEnabled; /** * Get the value of rubygemsAnalyzerEnabled. @@ -730,10 +759,6 @@ public class Check extends Update { public void setRubygemsAnalyzerEnabled(Boolean rubygemsAnalyzerEnabled) { this.rubygemsAnalyzerEnabled = rubygemsAnalyzerEnabled; } - /** - * Whether the python package analyzer should be enabled. - */ - private Boolean pyPackageAnalyzerEnabled; /** * Get the value of pyPackageAnalyzerEnabled. @@ -753,11 +778,6 @@ public class Check extends Update { this.pyPackageAnalyzerEnabled = pyPackageAnalyzerEnabled; } - /** - * Whether the python distribution analyzer should be enabled. - */ - private Boolean pyDistributionAnalyzerEnabled; - /** * Get the value of pyDistributionAnalyzerEnabled. * @@ -777,11 +797,6 @@ public class Check extends Update { this.pyDistributionAnalyzerEnabled = pyDistributionAnalyzerEnabled; } - /** - * Whether or not the central analyzer is enabled. - */ - private Boolean centralAnalyzerEnabled; - /** * Get the value of centralAnalyzerEnabled. * @@ -800,11 +815,6 @@ public class Check extends Update { this.centralAnalyzerEnabled = centralAnalyzerEnabled; } - /** - * Whether or not the nexus analyzer is enabled. - */ - private Boolean nexusAnalyzerEnabled; - /** * Get the value of nexusAnalyzerEnabled. * @@ -823,12 +833,6 @@ public class Check extends Update { this.nexusAnalyzerEnabled = nexusAnalyzerEnabled; } - /** - * The URL of a Nexus server's REST API end point - * (http://domain/nexus/service/local). - */ - private String nexusUrl; - /** * Get the value of nexusUrl. * @@ -846,10 +850,6 @@ public class Check extends Update { public void setNexusUrl(String nexusUrl) { this.nexusUrl = nexusUrl; } - /** - * Whether or not the defined proxy should be used when connecting to Nexus. - */ - private Boolean nexusUsesProxy; /** * Get the value of nexusUsesProxy. @@ -869,12 +869,6 @@ public class Check extends Update { this.nexusUsesProxy = nexusUsesProxy; } - /** - * Additional ZIP File extensions to add analyze. This should be a - * comma-separated list of file extensions to treat like ZIP files. - */ - private String zipExtensions; - /** * Get the value of zipExtensions. * @@ -893,11 +887,6 @@ public class Check extends Update { this.zipExtensions = zipExtensions; } - /** - * The path to Mono for .NET assembly analysis on non-windows systems. - */ - private String pathToMono; - /** * Get the value of pathToMono. * diff --git a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Update.java b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Update.java index 5648c7c3e..58ba8244a 100644 --- a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Update.java +++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Update.java @@ -34,6 +34,67 @@ import org.slf4j.impl.StaticLoggerBinder; */ public class Update extends Purge { + /** + * The Proxy Server. + */ + private String proxyServer; + /** + * The Proxy Port. + */ + private String proxyPort; + /** + * The Proxy username. + */ + private String proxyUsername; + /** + * The Proxy password. + */ + private String proxyPassword; + /** + * The Connection Timeout. + */ + private String connectionTimeout; + /** + * The database driver name; such as org.h2.Driver. + */ + private String databaseDriverName; + /** + * The path to the database driver JAR file if it is not on the class path. + */ + private String databaseDriverPath; + /** + * The database connection string. + */ + private String connectionString; + /** + * The user name for connecting to the database. + */ + private String databaseUser; + /** + * The password to use when connecting to the database. + */ + private String databasePassword; + /** + * The url for the modified NVD CVE (1.2 schema). + */ + private String cveUrl12Modified; + /** + * Base Data Mirror URL for CVE 1.2. + */ + private String cveUrl12Base; + /** + * Data Mirror URL for CVE 2.0. + */ + private String cveUrl20Base; + /** + * The number of hours to wait before re-checking for updates. + */ + private Integer cveValidForHours; + /** + * The url for the modified NVD CVE (2.0 schema). + */ + private String cveUrl20Modified; + /** * Construct a new UpdateTask. */ @@ -44,11 +105,6 @@ public class Update extends Purge { StaticLoggerBinder.getSingleton().setTask(this); } - /** - * The Proxy Server. - */ - private String proxyServer; - /** * Get the value of proxyServer. * @@ -67,11 +123,6 @@ public class Update extends Purge { this.proxyServer = server; } - /** - * The Proxy Port. - */ - private String proxyPort; - /** * Get the value of proxyPort. * @@ -89,10 +140,6 @@ public class Update extends Purge { public void setProxyPort(String proxyPort) { this.proxyPort = proxyPort; } - /** - * The Proxy username. - */ - private String proxyUsername; /** * Get the value of proxyUsername. @@ -111,10 +158,6 @@ public class Update extends Purge { public void setProxyUsername(String proxyUsername) { this.proxyUsername = proxyUsername; } - /** - * The Proxy password. - */ - private String proxyPassword; /** * Get the value of proxyPassword. @@ -133,10 +176,6 @@ public class Update extends Purge { public void setProxyPassword(String proxyPassword) { this.proxyPassword = proxyPassword; } - /** - * The Connection Timeout. - */ - private String connectionTimeout; /** * Get the value of connectionTimeout. @@ -155,10 +194,6 @@ public class Update extends Purge { public void setConnectionTimeout(String connectionTimeout) { this.connectionTimeout = connectionTimeout; } - /** - * The database driver name; such as org.h2.Driver. - */ - private String databaseDriverName; /** * Get the value of databaseDriverName. @@ -178,11 +213,6 @@ public class Update extends Purge { this.databaseDriverName = databaseDriverName; } - /** - * The path to the database driver JAR file if it is not on the class path. - */ - private String databaseDriverPath; - /** * Get the value of databaseDriverPath. * @@ -200,10 +230,6 @@ public class Update extends Purge { public void setDatabaseDriverPath(String databaseDriverPath) { this.databaseDriverPath = databaseDriverPath; } - /** - * The database connection string. - */ - private String connectionString; /** * Get the value of connectionString. @@ -222,10 +248,6 @@ public class Update extends Purge { public void setConnectionString(String connectionString) { this.connectionString = connectionString; } - /** - * The user name for connecting to the database. - */ - private String databaseUser; /** * Get the value of databaseUser. @@ -245,11 +267,6 @@ public class Update extends Purge { this.databaseUser = databaseUser; } - /** - * The password to use when connecting to the database. - */ - private String databasePassword; - /** * Get the value of databasePassword. * @@ -268,11 +285,6 @@ public class Update extends Purge { this.databasePassword = databasePassword; } - /** - * The url for the modified NVD CVE (1.2 schema). - */ - private String cveUrl12Modified; - /** * Get the value of cveUrl12Modified. * @@ -291,11 +303,6 @@ public class Update extends Purge { this.cveUrl12Modified = cveUrl12Modified; } - /** - * The url for the modified NVD CVE (2.0 schema). - */ - private String cveUrl20Modified; - /** * Get the value of cveUrl20Modified. * @@ -314,11 +321,6 @@ public class Update extends Purge { this.cveUrl20Modified = cveUrl20Modified; } - /** - * Base Data Mirror URL for CVE 1.2. - */ - private String cveUrl12Base; - /** * Get the value of cveUrl12Base. * @@ -337,11 +339,6 @@ public class Update extends Purge { this.cveUrl12Base = cveUrl12Base; } - /** - * Data Mirror URL for CVE 2.0. - */ - private String cveUrl20Base; - /** * Get the value of cveUrl20Base. * @@ -360,11 +357,6 @@ public class Update extends Purge { this.cveUrl20Base = cveUrl20Base; } - /** - * The number of hours to wait before re-checking for updates. - */ - private Integer cveValidForHours; - /** * Get the value of cveValidForHours. * diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java index 85aafc32f..395c26181 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java @@ -589,8 +589,8 @@ public class Engine implements FileFilter { * @param exceptions the collection of exceptions to collect * @return a collection of analysis tasks */ - List getAnalysisTasks(Analyzer analyzer, List exceptions) { - final List result = new ArrayList(); + protected List getAnalysisTasks(Analyzer analyzer, List exceptions) { + final List result = new ArrayList<>(); synchronized (dependencies) { for (final Dependency dependency : dependencies) { final AnalysisTask task = new AnalysisTask(analyzer, dependency, this, exceptions, Settings.getInstance()); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java index a7008ef06..473a90164 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java @@ -470,7 +470,8 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { && b[5] == 'n' && b[6] == '/') { boolean stillLooking = true; - int chr, nxtChr; + int chr; + int nxtChr; while (stillLooking && (chr = in.read()) != -1) { if (chr == '\n' || chr == '\r') { in.mark(4); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java index b2ff57026..1e564d66e 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java @@ -123,14 +123,17 @@ public class CPEAnalyzer extends AbstractAnalyzer { public AnalysisPhase getAnalysisPhase() { return AnalysisPhase.IDENTIFIER_ANALYSIS; } + /** * The default is to support parallel processing. + * * @return false */ @Override public boolean supportsParallelProcessing() { return false; } + /** * Creates the CPE Lucene Index. * @@ -674,6 +677,19 @@ public class CPEAnalyzer extends AbstractAnalyzer { */ private static class IdentifierMatch implements Comparable { + /** + * The confidence in the evidence used to identify this match. + */ + private Confidence evidenceConfidence; + /** + * The confidence whether this is an exact match, or a best guess. + */ + private IdentifierConfidence confidence; + /** + * The CPE identifier. + */ + private Identifier identifier; + /** * Constructs an IdentifierMatch. * @@ -690,12 +706,8 @@ public class CPEAnalyzer extends AbstractAnalyzer { this.confidence = identifierConfidence; this.evidenceConfidence = evidenceConfidence; } - // - /** - * The confidence in the evidence used to identify this match. - */ - private Confidence evidenceConfidence; + // /** * Get the value of evidenceConfidence * @@ -713,10 +725,6 @@ public class CPEAnalyzer extends AbstractAnalyzer { public void setEvidenceConfidence(Confidence evidenceConfidence) { this.evidenceConfidence = evidenceConfidence; } - /** - * The confidence whether this is an exact match, or a best guess. - */ - private IdentifierConfidence confidence; /** * Get the value of confidence. @@ -735,10 +743,6 @@ public class CPEAnalyzer extends AbstractAnalyzer { public void setConfidence(IdentifierConfidence confidence) { this.confidence = confidence; } - /** - * The CPE identifier. - */ - private Identifier identifier; /** * Get the value of identifier. diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java index f3194c19b..900474f1f 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java @@ -52,6 +52,18 @@ import org.xml.sax.SAXException; * @author Jeremy Long */ public class HintAnalyzer extends AbstractAnalyzer { + /** + * The Logger for use throughout the class + */ + private static final Logger LOGGER = LoggerFactory.getLogger(HintAnalyzer.class); + /** + * The name of the hint rule file + */ + private static final String HINT_RULE_FILE_NAME = "dependencycheck-base-hint.xml"; + /** + * The collection of hints. + */ + private Hints hints; // /** @@ -109,20 +121,7 @@ public class HintAnalyzer extends AbstractAnalyzer { } } // - - /** - * The Logger for use throughout the class - */ - private static final Logger LOGGER = LoggerFactory.getLogger(HintAnalyzer.class); - /** - * The name of the hint rule file - */ - private static final String HINT_RULE_FILE_NAME = "dependencycheck-base-hint.xml"; - /** - * The collection of hints. - */ - private Hints hints; - + /** * The HintAnalyzer uses knowledge about a dependency to add additional * information to help in identification of identifiers or vulnerabilities. @@ -195,7 +194,7 @@ public class HintAnalyzer extends AbstractAnalyzer { } final Iterator itr = dependency.getVendorEvidence().iterator(); - final List newEntries = new ArrayList(); + final List newEntries = new ArrayList<>(); while (itr.hasNext()) { final Evidence e = itr.next(); for (VendorDuplicatingHintRule dhr : hints.getVendorDuplicatingHintRules()) { @@ -220,10 +219,7 @@ public class HintAnalyzer extends AbstractAnalyzer { File file = null; try { hints = parser.parseHints(this.getClass().getClassLoader().getResourceAsStream(HINT_RULE_FILE_NAME)); - } catch (HintParseException ex) { - LOGGER.error("Unable to parse the base hint data file"); - LOGGER.debug("Unable to parse the base hint data file", ex); - } catch (SAXException ex) { + } catch (HintParseException | SAXException ex) { LOGGER.error("Unable to parse the base hint data file"); LOGGER.debug("Unable to parse the base hint data file", ex); } @@ -246,9 +242,7 @@ public class HintAnalyzer extends AbstractAnalyzer { } else { file = new File(filePath); if (!file.exists()) { - InputStream fromClasspath = null; - try { - fromClasspath = this.getClass().getClassLoader().getResourceAsStream(filePath); + try (InputStream fromClasspath = this.getClass().getClassLoader().getResourceAsStream(filePath)) { if (fromClasspath != null) { deleteTempFile = true; file = FileUtils.getTempFile("hint", "xml"); @@ -258,10 +252,6 @@ public class HintAnalyzer extends AbstractAnalyzer { throw new HintParseException("Unable to locate hints file in classpath", ex); } } - } finally { - if (fromClasspath != null) { - fromClasspath.close(); - } } } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index 49cc45277..8a19fc224 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -148,15 +148,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { * A pattern to detect HTML within text. */ private static final Pattern HTML_DETECTION_PATTERN = Pattern.compile("\\<[a-z]+.*/?\\>", Pattern.CASE_INSENSITIVE); - - // - /** - * Constructs a new JarAnalyzer. - */ - public JarAnalyzer() { - } - - // /** * The name of the analyzer. */ @@ -175,6 +166,15 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { */ private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build(); + + // + /** + * Constructs a new JarAnalyzer. + */ + public JarAnalyzer() { + } + + // /** * Returns the FileFilter. * @@ -396,7 +396,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { * @throws IOException thrown if there is an exception reading a JarEntry */ private List retrievePomListing(final JarFile jar) throws IOException { - final List pomEntries = new ArrayList(); + final List pomEntries = new ArrayList<>(); final Enumeration entries = jar.entries(); while (entries.hasMoreElements()) { final JarEntry entry = entries.nextElement(); @@ -588,8 +588,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { */ protected void analyzePackageNames(List classNames, Dependency dependency, boolean addPackagesAsEvidence) { - final Map vendorIdentifiers = new HashMap(); - final Map productIdentifiers = new HashMap(); + final Map vendorIdentifiers = new HashMap<>(); + final Map productIdentifiers = new HashMap<>(); analyzeFullyQualifiedClassNames(classNames, vendorIdentifiers, productIdentifiers); final int classCount = classNames.size(); @@ -949,7 +949,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { * @return an list of fully qualified class names */ private List collectClassNames(Dependency dependency) { - final List classNames = new ArrayList(); + final List classNames = new ArrayList<>(); JarFile jar = null; try { jar = new JarFile(dependency.getActualFilePath()); @@ -1115,6 +1115,15 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { * Stores information about a class name. */ protected static class ClassNameInformation { + /** + * The fully qualified class name. + */ + private String name; + /** + * Up to the first four levels of the package structure, excluding a + * leading "org" or "com". + */ + private final ArrayList packageStructure = new ArrayList(); /** *

@@ -1158,10 +1167,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { packageStructure.add(name); } } - /** - * The fully qualified class name. - */ - private String name; /** * Get the value of name @@ -1180,12 +1185,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { public void setName(String name) { this.name = name; } - /** - * Up to the first four levels of the package structure, excluding a - * leading "org" or "com". - */ - private final ArrayList packageStructure = new ArrayList(); - /** * Get the value of packageStructure * diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/IndexEntry.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/IndexEntry.java index 39c7fc8f0..3681df734 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/IndexEntry.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/IndexEntry.java @@ -172,10 +172,7 @@ public class IndexEntry implements Serializable { if ((this.vendor == null) ? (other.vendor != null) : !this.vendor.equals(other.vendor)) { return false; } - if ((this.product == null) ? (other.product != null) : !this.product.equals(other.product)) { - return false; - } - return true; + return !((this.product == null) ? (other.product != null) : !this.product.equals(other.product)); } /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java index 5e0d03eed..1d9a597c8 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java @@ -129,10 +129,10 @@ public class Dependency implements Serializable, Comparable { vendorEvidence = new EvidenceCollection(); productEvidence = new EvidenceCollection(); versionEvidence = new EvidenceCollection(); - identifiers = new TreeSet(); - vulnerabilities = new TreeSet(new VulnerabilityComparator()); - suppressedIdentifiers = new TreeSet(); - suppressedVulnerabilities = new TreeSet(new VulnerabilityComparator()); + identifiers = new TreeSet<>(); + vulnerabilities = new TreeSet<>(new VulnerabilityComparator()); + suppressedIdentifiers = new TreeSet<>(); + suppressedVulnerabilities = new TreeSet<>(new VulnerabilityComparator()); } /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java index 6451591a6..a30c1554e 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java @@ -233,7 +233,7 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp * @param str the string to test * @return true if the string only contains 0-9, otherwise false. */ - static boolean isPositiveInteger(final String str) { + protected static boolean isPositiveInteger(final String str) { if (str == null || str.isEmpty()) { return false; } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/License.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/License.java index 8400e2540..329491150 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/License.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/License.java @@ -23,6 +23,15 @@ package org.owasp.dependencycheck.xml.pom; */ public class License { + /** + * The url to the license. + */ + private String url; + /** + * The name of the license. + */ + private String name; + /** * Constructs a new license object. */ @@ -41,11 +50,6 @@ public class License { } - /** - * The url to the license. - */ - private String url; - /** * Get the value of url. * @@ -64,11 +68,6 @@ public class License { this.url = url; } - /** - * The name of the license. - */ - private String name; - /** * Get the value of name. * diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/Model.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/Model.java index 74e81e576..0d6ac691e 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/Model.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/Model.java @@ -35,6 +35,46 @@ public class Model { * The name of the project. */ private String name; + /** + * The organization name. + */ + private String organization; + /** + * The description. + */ + private String description; + /** + * The group id. + */ + private String groupId; + /** + * The artifact id. + */ + private String artifactId; + /** + * The version number. + */ + private String version; + /** + * The parent group id. + */ + private String parentGroupId; + /** + * The parent artifact id. + */ + private String parentArtifactId; + /** + * The parent version number. + */ + private String parentVersion; + /** + * The list of licenses. + */ + private final List licenses = new ArrayList(); + /** + * The project URL. + */ + private String projectURL; /** * Get the value of name. @@ -54,11 +94,6 @@ public class Model { this.name = name; } - /** - * The organization name. - */ - private String organization; - /** * Get the value of organization. * @@ -77,11 +112,6 @@ public class Model { this.organization = organization; } - /** - * The description. - */ - private String description; - /** * Get the value of description. * @@ -100,11 +130,6 @@ public class Model { this.description = description; } - /** - * The group id. - */ - private String groupId; - /** * Get the value of groupId. * @@ -123,11 +148,6 @@ public class Model { this.groupId = groupId; } - /** - * The artifact id. - */ - private String artifactId; - /** * Get the value of artifactId. * @@ -146,11 +166,6 @@ public class Model { this.artifactId = artifactId; } - /** - * The version number. - */ - private String version; - /** * Get the value of version. * @@ -169,11 +184,6 @@ public class Model { this.version = version; } - /** - * The parent group id. - */ - private String parentGroupId; - /** * Get the value of parentGroupId. * @@ -192,11 +202,6 @@ public class Model { this.parentGroupId = parentGroupId; } - /** - * The parent artifact id. - */ - private String parentArtifactId; - /** * Get the value of parentArtifactId. * @@ -215,11 +220,6 @@ public class Model { this.parentArtifactId = parentArtifactId; } - /** - * The parent version number. - */ - private String parentVersion; - /** * Get the value of parentVersion. * @@ -238,11 +238,6 @@ public class Model { this.parentVersion = parentVersion; } - /** - * The list of licenses. - */ - private final List licenses = new ArrayList(); - /** * Returns the list of licenses. * @@ -261,11 +256,6 @@ public class Model { licenses.add(license); } - /** - * The project URL. - */ - private String projectURL; - /** * Get the value of projectURL. * diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/PropertyType.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/PropertyType.java index 772f338fb..8a1677883 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/PropertyType.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/PropertyType.java @@ -32,6 +32,14 @@ public class PropertyType { * The value. */ private String value; + /** + * Whether or not the expression is a regex. + */ + private boolean regex = false; + /** + * Indicates case sensitivity. + */ + private boolean caseSensitive = false; /** * Gets the value of the value property. @@ -51,10 +59,6 @@ public class PropertyType { public void setValue(String value) { this.value = value; } - /** - * Whether or not the expression is a regex. - */ - private boolean regex = false; /** * Returns whether or not the value is a regex. @@ -75,11 +79,6 @@ public class PropertyType { public void setRegex(boolean value) { this.regex = value; } - /** - * Indicates case sensitivity. - */ - private boolean caseSensitive = false; - /** * Gets the value of the caseSensitive property. * diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionRule.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionRule.java index 80e78bdd2..572ae68eb 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionRule.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionRule.java @@ -409,7 +409,7 @@ public class SuppressionRule { * @param identifier a CPE identifier to check * @return true if the entry matches; otherwise false */ - boolean identifierMatches(String identifierType, PropertyType suppressionEntry, Identifier identifier) { + protected boolean identifierMatches(String identifierType, PropertyType suppressionEntry, Identifier identifier) { if (identifierType.equals(identifier.getType())) { if (suppressionEntry.matches(identifier.getValue())) { return true; diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineIntegrationTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineIntegrationTest.java index bceefc23b..8b4452636 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineIntegrationTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineIntegrationTest.java @@ -18,8 +18,6 @@ package org.owasp.dependencycheck; import java.io.IOException; -import java.util.logging.Level; -import java.util.logging.Logger; import static org.junit.Assert.assertTrue; import org.junit.Test; @@ -59,15 +57,15 @@ public class EngineIntegrationTest extends BaseDBTestCase { try { instance.analyzeDependencies(); } catch (ExceptionCollection ex) { - if (ex.getExceptions().size()==1 && - (ex.getExceptions().get(0).getMessage().contains("bundle-audit") || - ex.getExceptions().get(0).getMessage().contains("AssemblyAnalyzer"))) { + if (ex.getExceptions().size() == 1 + && (ex.getExceptions().get(0).getMessage().contains("bundle-audit") + || ex.getExceptions().get(0).getMessage().contains("AssemblyAnalyzer"))) { //this is fine to ignore - } else if (ex.getExceptions().size()==2 && - ((ex.getExceptions().get(0).getMessage().contains("bundle-audit") && - ex.getExceptions().get(1).getMessage().contains("AssemblyAnalyzer")) || - (ex.getExceptions().get(1).getMessage().contains("bundle-audit") && - ex.getExceptions().get(0).getMessage().contains("AssemblyAnalyzer")))) { + } else if (ex.getExceptions().size() == 2 + && ((ex.getExceptions().get(0).getMessage().contains("bundle-audit") + && ex.getExceptions().get(1).getMessage().contains("AssemblyAnalyzer")) + || (ex.getExceptions().get(1).getMessage().contains("bundle-audit") + && ex.getExceptions().get(0).getMessage().contains("AssemblyAnalyzer")))) { //this is fine to ignore } else { throw ex; diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineTest.java index 87088e764..342af2d0c 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineTest.java @@ -41,10 +41,10 @@ import static org.junit.Assert.assertTrue; public class EngineTest extends BaseDBTestCase { @Mocked - Analyzer analyzer; + private Analyzer analyzer; @Mocked - AnalysisTask analysisTask; + private AnalysisTask analysisTask; /** diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java index c1b57ab66..381465151 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java @@ -26,7 +26,6 @@ import java.io.File; import java.util.Iterator; import java.util.List; import java.util.Set; -import java.util.logging.Level; import org.junit.After; import org.junit.Assume; diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundlerAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundlerAnalyzerTest.java index d304a4200..cfab09c4e 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundlerAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundlerAnalyzerTest.java @@ -40,7 +40,7 @@ public class RubyBundlerAnalyzerTest extends BaseTest { /** * The analyzer to test. */ - RubyBundlerAnalyzer analyzer; + private RubyBundlerAnalyzer analyzer; /** * Correctly setup the analyzer for testing. diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzerTest.java index 882a70ef7..02d6e0062 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzerTest.java @@ -111,6 +111,6 @@ public class RubyGemspecAnalyzerTest extends BaseTest { final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "ruby/vulnerable/gems/rails-4.1.15/vendor/bundle/ruby/2.2.0/gems/pg-0.18.4/Rakefile")); analyzer.analyze(result, null); - //TODO add verification + assertTrue(result.getEvidence().size()>0); } } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nuget/XPathNuspecParserTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nuget/XPathNuspecParserTest.java index e9590aa40..a3d2f6ca0 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nuget/XPathNuspecParserTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nuget/XPathNuspecParserTest.java @@ -78,6 +78,6 @@ public class XPathNuspecParserTest extends BaseTest { NuspecParser parser = new XPathNuspecParser(); //InputStream is = XPathNuspecParserTest.class.getClassLoader().getResourceAsStream("suppressions.xml"); InputStream is = BaseTest.getResourceAsStream(this, "suppressions.xml"); - NugetPackage np = parser.parse(is); + parser.parse(is); } } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DriverLoaderTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DriverLoaderTest.java index cb3222215..0c90d130e 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DriverLoaderTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DriverLoaderTest.java @@ -62,8 +62,8 @@ public class DriverLoaderTest extends BaseTest { */ @Test(expected = DriverLoadException.class) public void testLoad_String_ex() throws Exception { - String className = "bad.Driver"; - Driver d = DriverLoader.load(className); + final String className = "bad.Driver"; + DriverLoader.load(className); } /** @@ -94,7 +94,7 @@ public class DriverLoaderTest extends BaseTest { * Test of load method, of class DriverLoader. */ @Test - public void testLoad_String_String_multiple_paths() throws Exception { + public void testLoad_String_String_multiple_paths() { final String className = "com.mysql.jdbc.Driver"; //we know this is in target/test-classes //final File testClassPath = (new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath())).getParentFile(); @@ -106,9 +106,15 @@ public class DriverLoaderTest extends BaseTest { Driver d = null; try { d = DriverLoader.load(className, paths); + } catch (DriverLoadException ex) { + fail(ex.getMessage()); } finally { if (d != null) { - DriverManager.deregisterDriver(d); + try { + DriverManager.deregisterDriver(d); + } catch (SQLException ex) { + fail(ex.getMessage()); + } } } } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java index 0facd21e6..4df35bffd 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java @@ -18,10 +18,12 @@ package org.owasp.dependencycheck.dependency; import java.io.File; +import java.util.HashSet; import java.util.Set; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import org.junit.Test; @@ -165,7 +167,7 @@ public class DependencyTest extends BaseTest { Dependency instance = new Dependency(); Set result = instance.getIdentifiers(); - assertTrue(true); //this is just a getter setter pair. + assertNotNull(result); } /** @@ -173,10 +175,10 @@ public class DependencyTest extends BaseTest { */ @Test public void testSetIdentifiers() { - Set identifiers = null; + Set identifiers = new HashSet<>(); Dependency instance = new Dependency(); instance.setIdentifiers(identifiers); - assertTrue(true); //this is just a getter setter pair. + assertNotNull(instance.getIdentifiers()); } /** @@ -201,9 +203,8 @@ public class DependencyTest extends BaseTest { @Test public void testGetEvidence() { Dependency instance = new Dependency(); - EvidenceCollection expResult = null; EvidenceCollection result = instance.getEvidence(); - assertTrue(true); //this is just a getter setter pair. + assertNotNull(result); } /** @@ -232,9 +233,8 @@ public class DependencyTest extends BaseTest { @Test public void testGetVendorEvidence() { Dependency instance = new Dependency(); - EvidenceCollection expResult = null; EvidenceCollection result = instance.getVendorEvidence(); - assertTrue(true); //this is just a getter setter pair. + assertNotNull(result); } /** @@ -243,9 +243,8 @@ public class DependencyTest extends BaseTest { @Test public void testGetProductEvidence() { Dependency instance = new Dependency(); - EvidenceCollection expResult = null; EvidenceCollection result = instance.getProductEvidence(); - assertTrue(true); //this is just a getter setter pair. + assertNotNull(result); } /** @@ -254,9 +253,8 @@ public class DependencyTest extends BaseTest { @Test public void testGetVersionEvidence() { Dependency instance = new Dependency(); - EvidenceCollection expResult = null; EvidenceCollection result = instance.getVersionEvidence(); - assertTrue(true); //this is just a getter setter pair. + assertNotNull(result); } /** diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorIntegrationTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorIntegrationTest.java index acadcd6fe..d99fc732b 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorIntegrationTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorIntegrationTest.java @@ -53,7 +53,7 @@ public class ReportGeneratorIntegrationTest extends BaseDBTestCase { */ @Test public void testGenerateReport() throws Exception { - String templateName = "HtmlReport"; +// String templateName = "HtmlReport"; // File f = new File("target/test-reports"); // if (!f.exists()) { // f.mkdir(); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/pom/ModelTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/pom/ModelTest.java index dd164846e..d1158b5b1 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/pom/ModelTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/pom/ModelTest.java @@ -167,6 +167,7 @@ public class ModelTest extends BaseTest { String version = ""; Model instance = new Model(); instance.setVersion(version); + assertNotNull(instance.getVersion()); } /** diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/suppression/PropertyTypeTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/suppression/PropertyTypeTest.java index 9ad49e0f1..6824e5878 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/suppression/PropertyTypeTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/suppression/PropertyTypeTest.java @@ -49,7 +49,6 @@ public class PropertyTypeTest extends BaseTest { @Test public void testIsRegex() { PropertyType instance = new PropertyType(); - boolean result = instance.isRegex(); assertFalse(instance.isRegex()); instance.setRegex(true); assertTrue(instance.isRegex()); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/suppression/SuppressionRuleTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/suppression/SuppressionRuleTest.java index 9993ab49d..ec38c0eec 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/suppression/SuppressionRuleTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/suppression/SuppressionRuleTest.java @@ -144,7 +144,6 @@ public class SuppressionRuleTest extends BaseTest { @Test public void testGetFilePath() { //already tested, this is just left so the IDE doesn't recreate it. - assertTrue(true); } /** @@ -153,7 +152,6 @@ public class SuppressionRuleTest extends BaseTest { @Test public void testSetFilePath() { //already tested, this is just left so the IDE doesn't recreate it. - assertTrue(true); } /** @@ -162,7 +160,6 @@ public class SuppressionRuleTest extends BaseTest { @Test public void testGetSha1() { //already tested, this is just left so the IDE doesn't recreate it. - assertTrue(true); } /** @@ -171,7 +168,6 @@ public class SuppressionRuleTest extends BaseTest { @Test public void testSetSha1() { //already tested, this is just left so the IDE doesn't recreate it. - assertTrue(true); } /** @@ -180,7 +176,6 @@ public class SuppressionRuleTest extends BaseTest { @Test public void testGetCpe() { //already tested, this is just left so the IDE doesn't recreate it. - assertTrue(true); } /** @@ -189,7 +184,6 @@ public class SuppressionRuleTest extends BaseTest { @Test public void testSetCpe() { //already tested, this is just left so the IDE doesn't recreate it. - assertTrue(true); } /** @@ -198,7 +192,6 @@ public class SuppressionRuleTest extends BaseTest { @Test public void testAddCpe() { //already tested, this is just left so the IDE doesn't recreate it. - assertTrue(true); } /** @@ -207,7 +200,6 @@ public class SuppressionRuleTest extends BaseTest { @Test public void testHasCpe() { //already tested, this is just left so the IDE doesn't recreate it. - assertTrue(true); } /** @@ -216,7 +208,6 @@ public class SuppressionRuleTest extends BaseTest { @Test public void testSetCvssBelow() { //already tested, this is just left so the IDE doesn't recreate it. - assertTrue(true); } /** @@ -225,7 +216,6 @@ public class SuppressionRuleTest extends BaseTest { @Test public void testAddCvssBelow() { //already tested, this is just left so the IDE doesn't recreate it. - assertTrue(true); } /** @@ -234,7 +224,6 @@ public class SuppressionRuleTest extends BaseTest { @Test public void testHasCvssBelow() { //already tested, this is just left so the IDE doesn't recreate it. - assertTrue(true); } /** @@ -243,7 +232,6 @@ public class SuppressionRuleTest extends BaseTest { @Test public void testGetCwe() { //already tested, this is just left so the IDE doesn't recreate it. - assertTrue(true); } /** @@ -252,7 +240,6 @@ public class SuppressionRuleTest extends BaseTest { @Test public void testSetCwe() { //already tested, this is just left so the IDE doesn't recreate it. - assertTrue(true); } /** @@ -261,7 +248,6 @@ public class SuppressionRuleTest extends BaseTest { @Test public void testAddCwe() { //already tested, this is just left so the IDE doesn't recreate it. - assertTrue(true); } /** @@ -270,7 +256,6 @@ public class SuppressionRuleTest extends BaseTest { @Test public void testHasCwe() { //already tested, this is just left so the IDE doesn't recreate it. - assertTrue(true); } /** @@ -279,7 +264,6 @@ public class SuppressionRuleTest extends BaseTest { @Test public void testGetCve() { //already tested, this is just left so the IDE doesn't recreate it. - assertTrue(true); } /** @@ -288,7 +272,6 @@ public class SuppressionRuleTest extends BaseTest { @Test public void testSetCve() { //already tested, this is just left so the IDE doesn't recreate it. - assertTrue(true); } /** diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java index f70a4f1ba..0a7220daf 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java @@ -52,6 +52,13 @@ import org.owasp.dependencycheck.utils.Settings; ) public class AggregateMojo extends BaseDependencyCheckMojo { + /** + * The name of the report in the site. + */ + @SuppressWarnings("CanBeFinal") + @Parameter(property = "name", defaultValue = "dependency-check:aggregate", required = true) + private String name = "dependency-check:aggregate"; + /** * Executes the aggregate dependency-check goal. This runs dependency-check * and generates the subsequent reports. @@ -255,13 +262,6 @@ public class AggregateMojo extends BaseDependencyCheckMojo { return true; //aggregate always returns true for now - we can look at a more complicated/acurate solution later } - /** - * The name of the report in the site. - */ - @SuppressWarnings("CanBeFinal") - @Parameter(property = "name", defaultValue = "dependency-check:aggregate", required = true) - private String name = "dependency-check:aggregate"; - /** * Returns the report name. * diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java index bee83eea9..a5ed54d9d 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java @@ -80,6 +80,10 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma * System specific new line character. */ private static final String NEW_LINE = System.getProperty("line.separator", "\n").intern(); + /** + * A flag indicating whether or not the Maven site is being generated. + */ + private boolean generatingSite = false; // // /** @@ -93,15 +97,6 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma @Parameter(property = "failOnError", defaultValue = "true", required = true) private boolean failOnError; - /** - * Returns if the mojo should fail the build if an exception occurs. - * - * @return whether or not the mojo should fail the build - */ - protected boolean isFailOnError() { - return failOnError; - } - /** * The Maven Project Object. */ @@ -343,14 +338,6 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma @Parameter(property = "connectionString", defaultValue = "", required = false) private String connectionString; - /** - * Returns the connection string. - * - * @return the connection string - */ - protected String getConnectionString() { - return connectionString; - } /** * The database driver name. An example would be org.h2.Driver. */ @@ -473,9 +460,9 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma @Parameter(property = "externalReport") @Deprecated private String externalReport = null; + // // - /** * Executes dependency-check. * @@ -526,11 +513,6 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma generate((Sink) sink, locale); } - /** - * A flag indicating whether or not the maven site is being generated. - */ - private boolean generatingSite = false; - /** * Returns true if the Maven site is being generated. * @@ -540,6 +522,23 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma return generatingSite; } + /** + * Returns the connection string. + * + * @return the connection string + */ + protected String getConnectionString() { + return connectionString; + } + /** + * Returns if the mojo should fail the build if an exception occurs. + * + * @return whether or not the mojo should fail the build + */ + protected boolean isFailOnError() { + return failOnError; + } + /** * Generates the Dependency-Check Site Report. * diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java index b2e578727..b566cc306 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java @@ -46,6 +46,13 @@ import org.owasp.dependencycheck.utils.Settings; ) public class CheckMojo extends BaseDependencyCheckMojo { + /** + * The name of the report in the site. + */ + @SuppressWarnings("CanBeFinal") + @Parameter(property = "name", defaultValue = "dependency-check", required = true) + private String name = "dependency-check"; + /** * Returns whether or not a the report can be generated. * @@ -126,13 +133,6 @@ public class CheckMojo extends BaseDependencyCheckMojo { Settings.cleanup(); } - /** - * The name of the report in the site. - */ - @SuppressWarnings("CanBeFinal") - @Parameter(property = "name", defaultValue = "dependency-check", required = true) - private String name = "dependency-check"; - /** * Returns the report name. * diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/SSLSocketFactoryEx.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/SSLSocketFactoryEx.java index 63711ce09..59a70f487 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/SSLSocketFactoryEx.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/SSLSocketFactoryEx.java @@ -34,6 +34,15 @@ public class SSLSocketFactoryEx extends SSLSocketFactory { */ private static final Logger LOGGER = LoggerFactory.getLogger(SSLSocketFactoryEx.class); + /** + * The SSL context. + */ + private SSLContext sslCtxt; + /** + * The protocols. + */ + private String[] protocols; + /** * Constructs a new SSLSocketFactory. * @@ -284,13 +293,4 @@ public class SSLSocketFactoryEx extends SSLSocketFactory { return aa.toArray(new String[0]); } - - /** - * The SSL context. - */ - private SSLContext sslCtxt; - /** - * The protocols. - */ - private String[] protocols; } diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java index 9d6087c86..b38b58e6e 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -38,6 +38,28 @@ import java.util.Properties; * @author Jeremy Long */ public final class Settings { + /** + * The logger. + */ + private static final Logger LOGGER = LoggerFactory.getLogger(Settings.class); + /** + * The properties file location. + */ + private static final String PROPERTIES_FILE = "dependencycheck.properties"; + /** + * Thread local settings. + */ + private static final ThreadLocal LOCAL_SETTINGS = new ThreadLocal(); + /** + * The properties. + */ + private Properties props = null; + + /** + * A reference to the temporary directory; used incase it needs to be + * deleted during cleanup. + */ + private static File tempDirectory = null; // /** @@ -403,22 +425,6 @@ public final class Settings { } // - /** - * The logger. - */ - private static final Logger LOGGER = LoggerFactory.getLogger(Settings.class); - /** - * The properties file location. - */ - private static final String PROPERTIES_FILE = "dependencycheck.properties"; - /** - * Thread local settings. - */ - private static final ThreadLocal LOCAL_SETTINGS = new ThreadLocal(); - /** - * The properties. - */ - private Properties props = null; /** * Private constructor for the Settings class. This class loads the @@ -788,12 +794,6 @@ public final class Settings { return str; } - /** - * A reference to the temporary directory; used incase it needs to be - * deleted during cleanup. - */ - private static File tempDirectory = null; - /** * Returns the temporary directory. * diff --git a/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStreamTest.java b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStreamTest.java index 4aae8172d..a70965cb9 100644 --- a/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStreamTest.java +++ b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStreamTest.java @@ -24,11 +24,7 @@ import java.io.IOException; import java.io.ObjectOutputStream; import java.util.ArrayList; import java.util.List; -import org.junit.After; -import org.junit.AfterClass; import static org.junit.Assert.fail; -import org.junit.Before; -import org.junit.BeforeClass; import org.junit.Test; /** @@ -37,25 +33,6 @@ import org.junit.Test; */ public class ExpectedOjectInputStreamTest { - public ExpectedOjectInputStreamTest() { - } - - @BeforeClass - public static void setUpClass() { - } - - @AfterClass - public static void tearDownClass() { - } - - @Before - public void setUp() { - } - - @After - public void tearDown() { - } - /** * Test of resolveClass method, of class ExpectedOjectInputStream. */