github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-20 00:04:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

formating and codacy recommended updates

Browse Source
This commit is contained in:
Jeremy Long
2017-02-17 12:03:11 -05:00
parent d6f1351f6b
commit d6c9fea354
32 changed files with 444 additions and 524 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
View File

@@ -589,8 +589,8 @@ public class Engine implements FileFilter {
* @param exceptions the collection of exceptions to collect
* @return a collection of analysis tasks
*/
List<AnalysisTask> getAnalysisTasks(Analyzer analyzer, List<Throwable> exceptions) {
final List<AnalysisTask> result = new ArrayList<AnalysisTask>();
protected List<AnalysisTask> getAnalysisTasks(Analyzer analyzer, List<Throwable> exceptions) {
final List<AnalysisTask> result = new ArrayList<>();
synchronized (dependencies) {
for (final Dependency dependency : dependencies) {
final AnalysisTask task = new AnalysisTask(analyzer, dependency, this, exceptions, Settings.getInstance());

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
View File

@@ -470,7 +470,8 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
&& b[5] == 'n'
&& b[6] == '/') {
boolean stillLooking = true;
int chr, nxtChr;
int chr;
int nxtChr;
while (stillLooking && (chr = in.read()) != -1) {
if (chr == '\n' || chr == '\r') {
in.mark(4);

30
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
View File

@@ -123,14 +123,17 @@ public class CPEAnalyzer extends AbstractAnalyzer {
public AnalysisPhase getAnalysisPhase() {
return AnalysisPhase.IDENTIFIER_ANALYSIS;
}
/**
* The default is to support parallel processing.
*
* @return false
*/
@Override
public boolean supportsParallelProcessing() {
return false;
}
/**
* Creates the CPE Lucene Index.
*
@@ -674,6 +677,19 @@ public class CPEAnalyzer extends AbstractAnalyzer {
*/
private static class IdentifierMatch implements Comparable<IdentifierMatch> {
/**
* The confidence in the evidence used to identify this match.
*/
private Confidence evidenceConfidence;
/**
* The confidence whether this is an exact match, or a best guess.
*/
private IdentifierConfidence confidence;
/**
* The CPE identifier.
*/
private Identifier identifier;
/**
* Constructs an IdentifierMatch.
*
@@ -690,12 +706,8 @@ public class CPEAnalyzer extends AbstractAnalyzer {
this.confidence = identifierConfidence;
this.evidenceConfidence = evidenceConfidence;
}
//<editor-fold defaultstate="collapsed" desc="Property implementations: evidenceConfidence, confidence, identifier">
/**
* The confidence in the evidence used to identify this match.
*/
private Confidence evidenceConfidence;
//<editor-fold defaultstate="collapsed" desc="Property implementations: evidenceConfidence, confidence, identifier">
/**
* Get the value of evidenceConfidence
*
@@ -713,10 +725,6 @@ public class CPEAnalyzer extends AbstractAnalyzer {
public void setEvidenceConfidence(Confidence evidenceConfidence) {
this.evidenceConfidence = evidenceConfidence;
}
/**
* The confidence whether this is an exact match, or a best guess.
*/
private IdentifierConfidence confidence;
/**
* Get the value of confidence.
@@ -735,10 +743,6 @@ public class CPEAnalyzer extends AbstractAnalyzer {
public void setConfidence(IdentifierConfidence confidence) {
this.confidence = confidence;
}
/**
* The CPE identifier.
*/
private Identifier identifier;
/**
* Get the value of identifier.

42
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java
View File

@@ -52,6 +52,18 @@ import org.xml.sax.SAXException;
* @author Jeremy Long
*/
public class HintAnalyzer extends AbstractAnalyzer {
/**
* The Logger for use throughout the class
*/
private static final Logger LOGGER = LoggerFactory.getLogger(HintAnalyzer.class);
/**
* The name of the hint rule file
*/
private static final String HINT_RULE_FILE_NAME = "dependencycheck-base-hint.xml";
/**
* The collection of hints.
*/
private Hints hints;
//<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer">
/**
@@ -109,20 +121,7 @@ public class HintAnalyzer extends AbstractAnalyzer {
}
}
//</editor-fold>
/**
* The Logger for use throughout the class
*/
private static final Logger LOGGER = LoggerFactory.getLogger(HintAnalyzer.class);
/**
* The name of the hint rule file
*/
private static final String HINT_RULE_FILE_NAME = "dependencycheck-base-hint.xml";
/**
* The collection of hints.
*/
private Hints hints;
/**
* The HintAnalyzer uses knowledge about a dependency to add additional
* information to help in identification of identifiers or vulnerabilities.
@@ -195,7 +194,7 @@ public class HintAnalyzer extends AbstractAnalyzer {
}
final Iterator<Evidence> itr = dependency.getVendorEvidence().iterator();
final List<Evidence> newEntries = new ArrayList<Evidence>();
final List<Evidence> newEntries = new ArrayList<>();
while (itr.hasNext()) {
final Evidence e = itr.next();
for (VendorDuplicatingHintRule dhr : hints.getVendorDuplicatingHintRules()) {
@@ -220,10 +219,7 @@ public class HintAnalyzer extends AbstractAnalyzer {
File file = null;
try {
hints = parser.parseHints(this.getClass().getClassLoader().getResourceAsStream(HINT_RULE_FILE_NAME));
} catch (HintParseException ex) {
LOGGER.error("Unable to parse the base hint data file");
LOGGER.debug("Unable to parse the base hint data file", ex);
} catch (SAXException ex) {
} catch (HintParseException | SAXException ex) {
LOGGER.error("Unable to parse the base hint data file");
LOGGER.debug("Unable to parse the base hint data file", ex);
}
@@ -246,9 +242,7 @@ public class HintAnalyzer extends AbstractAnalyzer {
} else {
file = new File(filePath);
if (!file.exists()) {
InputStream fromClasspath = null;
try {
fromClasspath = this.getClass().getClassLoader().getResourceAsStream(filePath);
try (InputStream fromClasspath = this.getClass().getClassLoader().getResourceAsStream(filePath)) {
if (fromClasspath != null) {
deleteTempFile = true;
file = FileUtils.getTempFile("hint", "xml");
@@ -258,10 +252,6 @@ public class HintAnalyzer extends AbstractAnalyzer {
throw new HintParseException("Unable to locate hints file in classpath", ex);
}
}
} finally {
if (fromClasspath != null) {
fromClasspath.close();
}
}
}
}

45
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -148,15 +148,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* A pattern to detect HTML within text.
*/
private static final Pattern HTML_DETECTION_PATTERN = Pattern.compile("\\<[a-z]+.*/?\\>", Pattern.CASE_INSENSITIVE);
//</editor-fold>
/**
* Constructs a new JarAnalyzer.
*/
public JarAnalyzer() {
}
//<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer">
/**
* The name of the analyzer.
*/
@@ -175,6 +166,15 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
*/
private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
//</editor-fold>
/**
* Constructs a new JarAnalyzer.
*/
public JarAnalyzer() {
}
//<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer">
/**
* Returns the FileFilter.
*
@@ -396,7 +396,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* @throws IOException thrown if there is an exception reading a JarEntry
*/
private List<String> retrievePomListing(final JarFile jar) throws IOException {
final List<String> pomEntries = new ArrayList<String>();
final List<String> pomEntries = new ArrayList<>();
final Enumeration<JarEntry> entries = jar.entries();
while (entries.hasMoreElements()) {
final JarEntry entry = entries.nextElement();
@@ -588,8 +588,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
*/
protected void analyzePackageNames(List<ClassNameInformation> classNames,
Dependency dependency, boolean addPackagesAsEvidence) {
final Map<String, Integer> vendorIdentifiers = new HashMap<String, Integer>();
final Map<String, Integer> productIdentifiers = new HashMap<String, Integer>();
final Map<String, Integer> vendorIdentifiers = new HashMap<>();
final Map<String, Integer> productIdentifiers = new HashMap<>();
analyzeFullyQualifiedClassNames(classNames, vendorIdentifiers, productIdentifiers);
final int classCount = classNames.size();
@@ -949,7 +949,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* @return an list of fully qualified class names
*/
private List<ClassNameInformation> collectClassNames(Dependency dependency) {
final List<ClassNameInformation> classNames = new ArrayList<ClassNameInformation>();
final List<ClassNameInformation> classNames = new ArrayList<>();
JarFile jar = null;
try {
jar = new JarFile(dependency.getActualFilePath());
@@ -1115,6 +1115,15 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
* Stores information about a class name.
*/
protected static class ClassNameInformation {
/**
* The fully qualified class name.
*/
private String name;
/**
* Up to the first four levels of the package structure, excluding a
* leading "org" or "com".
*/
private final ArrayList<String> packageStructure = new ArrayList<String>();
/**
* <p>
@@ -1158,10 +1167,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
packageStructure.add(name);
}
}
/**
* The fully qualified class name.
*/
private String name;
/**
* Get the value of name
@@ -1180,12 +1185,6 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
public void setName(String name) {
this.name = name;
}
/**
* Up to the first four levels of the package structure, excluding a
* leading "org" or "com".
*/
private final ArrayList<String> packageStructure = new ArrayList<String>();
/**
* Get the value of packageStructure
*

5
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/IndexEntry.java
View File

@@ -172,10 +172,7 @@ public class IndexEntry implements Serializable {
if ((this.vendor == null) ? (other.vendor != null) : !this.vendor.equals(other.vendor)) {
return false;
}
if ((this.product == null) ? (other.product != null) : !this.product.equals(other.product)) {
return false;
}
return true;
return !((this.product == null) ? (other.product != null) : !this.product.equals(other.product));
}
/**

8
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
View File

@@ -129,10 +129,10 @@ public class Dependency implements Serializable, Comparable<Dependency> {
vendorEvidence = new EvidenceCollection();
productEvidence = new EvidenceCollection();
versionEvidence = new EvidenceCollection();
identifiers = new TreeSet<Identifier>();
vulnerabilities = new TreeSet<Vulnerability>(new VulnerabilityComparator());
suppressedIdentifiers = new TreeSet<Identifier>();
suppressedVulnerabilities = new TreeSet<Vulnerability>(new VulnerabilityComparator());
identifiers = new TreeSet<>();
vulnerabilities = new TreeSet<>(new VulnerabilityComparator());
suppressedIdentifiers = new TreeSet<>();
suppressedVulnerabilities = new TreeSet<>(new VulnerabilityComparator());
}
/**

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java
View File

@@ -233,7 +233,7 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp
* @param str the string to test
* @return true if the string only contains 0-9, otherwise false.
*/
static boolean isPositiveInteger(final String str) {
protected static boolean isPositiveInteger(final String str) {
if (str == null || str.isEmpty()) {
return false;
}

19
dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/License.java
View File

@@ -23,6 +23,15 @@ package org.owasp.dependencycheck.xml.pom;
*/
public class License {
/**
* The url to the license.
*/
private String url;
/**
* The name of the license.
*/
private String name;
/**
* Constructs a new license object.
*/
@@ -41,11 +50,6 @@ public class License {
}
/**
* The url to the license.
*/
private String url;
/**
* Get the value of url.
*
@@ -64,11 +68,6 @@ public class License {
this.url = url;
}
/**
* The name of the license.
*/
private String name;
/**
* Get the value of name.
*

90
dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/Model.java
View File

@@ -35,6 +35,46 @@ public class Model {
* The name of the project.
*/
private String name;
/**
* The organization name.
*/
private String organization;
/**
* The description.
*/
private String description;
/**
* The group id.
*/
private String groupId;
/**
* The artifact id.
*/
private String artifactId;
/**
* The version number.
*/
private String version;
/**
* The parent group id.
*/
private String parentGroupId;
/**
* The parent artifact id.
*/
private String parentArtifactId;
/**
* The parent version number.
*/
private String parentVersion;
/**
* The list of licenses.
*/
private final List<License> licenses = new ArrayList<License>();
/**
* The project URL.
*/
private String projectURL;
/**
* Get the value of name.
@@ -54,11 +94,6 @@ public class Model {
this.name = name;
}
/**
* The organization name.
*/
private String organization;
/**
* Get the value of organization.
*
@@ -77,11 +112,6 @@ public class Model {
this.organization = organization;
}
/**
* The description.
*/
private String description;
/**
* Get the value of description.
*
@@ -100,11 +130,6 @@ public class Model {
this.description = description;
}
/**
* The group id.
*/
private String groupId;
/**
* Get the value of groupId.
*
@@ -123,11 +148,6 @@ public class Model {
this.groupId = groupId;
}
/**
* The artifact id.
*/
private String artifactId;
/**
* Get the value of artifactId.
*
@@ -146,11 +166,6 @@ public class Model {
this.artifactId = artifactId;
}
/**
* The version number.
*/
private String version;
/**
* Get the value of version.
*
@@ -169,11 +184,6 @@ public class Model {
this.version = version;
}
/**
* The parent group id.
*/
private String parentGroupId;
/**
* Get the value of parentGroupId.
*
@@ -192,11 +202,6 @@ public class Model {
this.parentGroupId = parentGroupId;
}
/**
* The parent artifact id.
*/
private String parentArtifactId;
/**
* Get the value of parentArtifactId.
*
@@ -215,11 +220,6 @@ public class Model {
this.parentArtifactId = parentArtifactId;
}
/**
* The parent version number.
*/
private String parentVersion;
/**
* Get the value of parentVersion.
*
@@ -238,11 +238,6 @@ public class Model {
this.parentVersion = parentVersion;
}
/**
* The list of licenses.
*/
private final List<License> licenses = new ArrayList<License>();
/**
* Returns the list of licenses.
*
@@ -261,11 +256,6 @@ public class Model {
licenses.add(license);
}
/**
* The project URL.
*/
private String projectURL;
/**
* Get the value of projectURL.
*

17
dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/PropertyType.java
View File

@@ -32,6 +32,14 @@ public class PropertyType {
* The value.
*/
private String value;
/**
* Whether or not the expression is a regex.
*/
private boolean regex = false;
/**
* Indicates case sensitivity.
*/
private boolean caseSensitive = false;
/**
* Gets the value of the value property.
@@ -51,10 +59,6 @@ public class PropertyType {
public void setValue(String value) {
this.value = value;
}
/**
* Whether or not the expression is a regex.
*/
private boolean regex = false;
/**
* Returns whether or not the value is a regex.
@@ -75,11 +79,6 @@ public class PropertyType {
public void setRegex(boolean value) {
this.regex = value;
}
/**
* Indicates case sensitivity.
*/
private boolean caseSensitive = false;
/**
* Gets the value of the caseSensitive property.
*

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/suppression/SuppressionRule.java
View File

@@ -409,7 +409,7 @@ public class SuppressionRule {
* @param identifier a CPE identifier to check
* @return true if the entry matches; otherwise false
*/
boolean identifierMatches(String identifierType, PropertyType suppressionEntry, Identifier identifier) {
protected boolean identifierMatches(String identifierType, PropertyType suppressionEntry, Identifier identifier) {
if (identifierType.equals(identifier.getType())) {
if (suppressionEntry.matches(identifier.getValue())) {
return true;