mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-14 15:53:36 +01:00
Merge pull request #432 from awhitford/CodeTweaks20151228
Code tweaks 2015-12-28
This commit is contained in:
Jeremy Long
@@ -235,16 +235,14 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
this.setEnabled(false);
|
||||
throw new AnalysisException("Could not execute .NET AssemblyAnalyzer");
|
||||
}
|
||||
} catch (AnalysisException e) {
|
||||
throw e;
|
||||
} catch (Throwable e) {
|
||||
if (e instanceof AnalysisException) {
|
||||
throw (AnalysisException) e;
|
||||
} else {
|
||||
LOGGER.warn("An error occurred with the .NET AssemblyAnalyzer;\n"
|
||||
+ "this can be ignored unless you are scanning .NET DLLs. Please see the log for more details.");
|
||||
LOGGER.debug("Could not execute GrokAssembly {}", e.getMessage());
|
||||
this.setEnabled(false);
|
||||
throw new AnalysisException("An error occurred with the .NET AssemblyAnalyzer", e);
|
||||
}
|
||||
LOGGER.warn("An error occurred with the .NET AssemblyAnalyzer;\n"
|
||||
+ "this can be ignored unless you are scanning .NET DLLs. Please see the log for more details.");
|
||||
LOGGER.debug("Could not execute GrokAssembly {}", e.getMessage());
|
||||
this.setEnabled(false);
|
||||
throw new AnalysisException("An error occurred with the .NET AssemblyAnalyzer", e);
|
||||
}
|
||||
builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
|
||||
}
|
||||
|
||||
@@ -835,10 +835,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
}
|
||||
|
||||
if (pos > 0) {
|
||||
final StringBuilder sb = new StringBuilder(pos + 3);
|
||||
sb.append(desc.substring(0, pos));
|
||||
sb.append("...");
|
||||
desc = sb.toString();
|
||||
desc = desc.substring(0, pos) + "...";
|
||||
}
|
||||
dependency.getProductEvidence().addEvidence(source, key, desc, Confidence.LOW);
|
||||
dependency.getVendorEvidence().addEvidence(source, key, desc, Confidence.LOW);
|
||||
|
||||
@@ -345,8 +345,8 @@ public final class ConnectionFactory {
|
||||
final DependencyVersion current = DependencyVersionUtil.parseVersion(DB_SCHEMA_VERSION);
|
||||
final DependencyVersion db = DependencyVersionUtil.parseVersion(rs.getString(1));
|
||||
if (current.compareTo(db) > 0) {
|
||||
LOGGER.debug("Current Schema: " + DB_SCHEMA_VERSION);
|
||||
LOGGER.debug("DB Schema: " + rs.getString(1));
|
||||
LOGGER.debug("Current Schema: {}", DB_SCHEMA_VERSION);
|
||||
LOGGER.debug("DB Schema: {}", rs.getString(1));
|
||||
updateSchema(conn, rs.getString(1));
|
||||
if (++callDepth < 10) {
|
||||
ensureSchemaVersion(conn);
|
||||
|
||||
@@ -70,11 +70,11 @@ public class DatabaseProperties {
|
||||
/**
|
||||
* A collection of properties about the data.
|
||||
*/
|
||||
private Properties properties;
|
||||
private final Properties properties;
|
||||
/**
|
||||
* A reference to the database.
|
||||
*/
|
||||
private CveDB cveDB;
|
||||
private final CveDB cveDB;
|
||||
|
||||
/**
|
||||
* Constructs a new data properties object.
|
||||
@@ -83,13 +83,6 @@ public class DatabaseProperties {
|
||||
*/
|
||||
DatabaseProperties(CveDB cveDB) {
|
||||
this.cveDB = cveDB;
|
||||
loadProperties();
|
||||
}
|
||||
|
||||
/**
|
||||
* Loads the properties from the database.
|
||||
*/
|
||||
private void loadProperties() {
|
||||
this.properties = cveDB.getProperties();
|
||||
}
|
||||
|
||||
|
||||
@@ -46,7 +46,7 @@ public class CPEHandler extends DefaultHandler {
|
||||
/**
|
||||
* A reference to the current element.
|
||||
*/
|
||||
private Element current = new Element();
|
||||
private final Element current = new Element();
|
||||
/**
|
||||
* The logger.
|
||||
*/
|
||||
@@ -54,7 +54,7 @@ public class CPEHandler extends DefaultHandler {
|
||||
/**
|
||||
* The list of CPE values.
|
||||
*/
|
||||
private List<Cpe> data = new ArrayList<Cpe>();
|
||||
private final List<Cpe> data = new ArrayList<Cpe>();
|
||||
|
||||
/**
|
||||
* Returns the list of CPE values.
|
||||
|
||||
@@ -80,11 +80,11 @@ public class DownloadTask implements Callable<Future<ProcessTask>> {
|
||||
/**
|
||||
* The CVE DB to use when processing the files.
|
||||
*/
|
||||
private CveDB cveDB;
|
||||
private final CveDB cveDB;
|
||||
/**
|
||||
* The processor service to pass the results of the download to.
|
||||
*/
|
||||
private ExecutorService processorService;
|
||||
private final ExecutorService processorService;
|
||||
/**
|
||||
* The NVD CVE Meta Data.
|
||||
*/
|
||||
@@ -92,7 +92,7 @@ public class DownloadTask implements Callable<Future<ProcessTask>> {
|
||||
/**
|
||||
* A reference to the global settings object.
|
||||
*/
|
||||
private Settings settings;
|
||||
private final Settings settings;
|
||||
|
||||
/**
|
||||
* Get the value of nvdCveInfo.
|
||||
@@ -155,28 +155,6 @@ public class DownloadTask implements Callable<Future<ProcessTask>> {
|
||||
public void setSecond(File second) {
|
||||
this.second = second;
|
||||
}
|
||||
/**
|
||||
* A placeholder for an exception.
|
||||
*/
|
||||
private Exception exception = null;
|
||||
|
||||
/**
|
||||
* Get the value of exception.
|
||||
*
|
||||
* @return the value of exception
|
||||
*/
|
||||
public Exception getException() {
|
||||
return exception;
|
||||
}
|
||||
|
||||
/**
|
||||
* returns whether or not an exception occurred during download.
|
||||
*
|
||||
* @return whether or not an exception occurred during download
|
||||
*/
|
||||
public boolean hasException() {
|
||||
return exception != null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Future<ProcessTask> call() throws Exception {
|
||||
|
||||
@@ -99,7 +99,6 @@ public class NvdCve12Handler extends DefaultHandler {
|
||||
software = null;
|
||||
}
|
||||
} else if (!skip && current.isProdNode()) {
|
||||
|
||||
vendor = attributes.getValue("vendor");
|
||||
product = attributes.getValue("name");
|
||||
} else if (!skip && current.isVersNode()) {
|
||||
@@ -112,15 +111,19 @@ public class NvdCve12Handler extends DefaultHandler {
|
||||
/*yes yes, this may not actually be an "a" - it could be an OS, etc. but for our
|
||||
purposes this is good enough as we won't use this if we don't find a corresponding "a"
|
||||
in the nvd cve 2.0. */
|
||||
String cpe = "cpe:/a:" + vendor + ":" + product;
|
||||
final int cpeLen = 8 + vendor.length() + product.length()
|
||||
+ (null != num ? (1 + num.length()) : 0)
|
||||
+ (null != edition ? (1 + edition.length()) : 0);
|
||||
final StringBuilder cpe = new StringBuilder(cpeLen);
|
||||
cpe.append("cpe:/a:").append(vendor).append(':').append(product);
|
||||
if (num != null) {
|
||||
cpe += ':' + num;
|
||||
cpe.append(':').append(num);
|
||||
}
|
||||
if (edition != null) {
|
||||
cpe += ':' + edition;
|
||||
cpe.append(':').append(edition);
|
||||
}
|
||||
final VulnerableSoftware vs = new VulnerableSoftware();
|
||||
vs.setCpe(cpe);
|
||||
vs.setCpe(cpe.toString());
|
||||
vs.setPreviousVersion(prev);
|
||||
software.add(vs);
|
||||
}
|
||||
|
||||
@@ -85,7 +85,7 @@ public class ProcessTask implements Callable<ProcessTask> {
|
||||
/**
|
||||
* A reference to the global settings object.
|
||||
*/
|
||||
private Settings settings;
|
||||
private final Settings settings;
|
||||
|
||||
/**
|
||||
* Constructs a new ProcessTask used to process an NVD CVE update.
|
||||
|
||||
@@ -32,12 +32,12 @@ import org.owasp.dependencycheck.utils.Downloader;
|
||||
*
|
||||
* @author Jeremy Long
|
||||
*/
|
||||
public class UpdateableNvdCve implements java.lang.Iterable<NvdCveInfo>, Iterator<NvdCveInfo> {
|
||||
public class UpdateableNvdCve implements Iterable<NvdCveInfo>, Iterator<NvdCveInfo> {
|
||||
|
||||
/**
|
||||
* A collection of sources of data.
|
||||
*/
|
||||
private Map<String, NvdCveInfo> collection = new TreeMap<String, NvdCveInfo>();
|
||||
private final Map<String, NvdCveInfo> collection = new TreeMap<String, NvdCveInfo>();
|
||||
|
||||
/**
|
||||
* Returns the collection of NvdCveInfo objects. This method is mainly used for testing.
|
||||
|
||||
@@ -65,7 +65,7 @@ public class SuppressionHandler extends DefaultHandler {
|
||||
/**
|
||||
* A list of suppression rules.
|
||||
*/
|
||||
private List<SuppressionRule> suppressionRules = new ArrayList<SuppressionRule>();
|
||||
private final List<SuppressionRule> suppressionRules = new ArrayList<SuppressionRule>();
|
||||
|
||||
/**
|
||||
* Get the value of suppressionRules.
|
||||
|
||||
@@ -417,7 +417,7 @@ public class SuppressionRule {
|
||||
*/
|
||||
@Override
|
||||
public String toString() {
|
||||
final StringBuilder sb = new StringBuilder();
|
||||
final StringBuilder sb = new StringBuilder(64);
|
||||
sb.append("SuppressionRule{");
|
||||
if (filePath != null) {
|
||||
sb.append("filePath=").append(filePath).append(',');
|
||||
|
||||
@@ -50,7 +50,7 @@ public abstract class Filter<T> {
|
||||
if (next == null) {
|
||||
throw new NoSuchElementException();
|
||||
}
|
||||
T returnValue = next;
|
||||
final T returnValue = next;
|
||||
toNext();
|
||||
return returnValue;
|
||||
}
|
||||
@@ -63,7 +63,7 @@ public abstract class Filter<T> {
|
||||
private void toNext() {
|
||||
next = null;
|
||||
while (iterator.hasNext()) {
|
||||
T item = iterator.next();
|
||||
final T item = iterator.next();
|
||||
if (item != null && passes(item)) {
|
||||
next = item;
|
||||
break;
|
||||
|
||||
@@ -241,7 +241,7 @@ public class Model {
|
||||
/**
|
||||
* The list of licenses.
|
||||
*/
|
||||
private List<License> licenses = new ArrayList<License>();
|
||||
private final List<License> licenses = new ArrayList<License>();
|
||||
|
||||
/**
|
||||
* Returns the list of licenses.
|
||||
|
||||
@@ -78,7 +78,7 @@ public class PomHandler extends DefaultHandler {
|
||||
/**
|
||||
* The pom model.
|
||||
*/
|
||||
private Model model = new Model();
|
||||
private final Model model = new Model();
|
||||
|
||||
/**
|
||||
* Returns the model obtained from the pom.xml.
|
||||
|
||||
Reference in New Issue
Block a user