Merge pull request #432 from awhitford/CodeTweaks20151228

Code tweaks 2015-12-28

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java

@@ -235,16 +235,14 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
                 this.setEnabled(false);
                 throw new AnalysisException("Could not execute .NET AssemblyAnalyzer");
             }
+        } catch (AnalysisException e) {
+            throw e;
         } catch (Throwable e) {
-            if (e instanceof AnalysisException) {
+            LOGGER.warn("An error occurred with the .NET AssemblyAnalyzer;\n"
-                throw (AnalysisException) e;
+                    + "this can be ignored unless you are scanning .NET DLLs. Please see the log for more details.");
-            } else {
+            LOGGER.debug("Could not execute GrokAssembly {}", e.getMessage());
-                LOGGER.warn("An error occurred with the .NET AssemblyAnalyzer;\n"
+            this.setEnabled(false);
-                        + "this can be ignored unless you are scanning .NET DLLs. Please see the log for more details.");
+            throw new AnalysisException("An error occurred with the .NET AssemblyAnalyzer", e);
-                LOGGER.debug("Could not execute GrokAssembly {}", e.getMessage());
-                this.setEnabled(false);
-                throw new AnalysisException("An error occurred with the .NET AssemblyAnalyzer", e);
-            }
         }
         builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
     }

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java

@@ -835,10 +835,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
             }
 
             if (pos > 0) {
-                final StringBuilder sb = new StringBuilder(pos + 3);
+                desc = desc.substring(0, pos) + "...";
-                sb.append(desc.substring(0, pos));
-                sb.append("...");
-                desc = sb.toString();
             }
             dependency.getProductEvidence().addEvidence(source, key, desc, Confidence.LOW);
             dependency.getVendorEvidence().addEvidence(source, key, desc, Confidence.LOW);

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java

@@ -345,8 +345,8 @@ public final class ConnectionFactory {
                 final DependencyVersion current = DependencyVersionUtil.parseVersion(DB_SCHEMA_VERSION);
                 final DependencyVersion db = DependencyVersionUtil.parseVersion(rs.getString(1));
                 if (current.compareTo(db) > 0) {
-                    LOGGER.debug("Current Schema: " + DB_SCHEMA_VERSION);
+                    LOGGER.debug("Current Schema: {}", DB_SCHEMA_VERSION);
-                    LOGGER.debug("DB Schema: " + rs.getString(1));
+                    LOGGER.debug("DB Schema: {}", rs.getString(1));
                     updateSchema(conn, rs.getString(1));
                     if (++callDepth < 10) {
                         ensureSchemaVersion(conn);

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DatabaseProperties.java

@@ -70,11 +70,11 @@ public class DatabaseProperties {
     /**
      * A collection of properties about the data.
      */
-    private Properties properties;
+    private final Properties properties;
     /**
      * A reference to the database.
      */
-    private CveDB cveDB;
+    private final CveDB cveDB;
 
     /**
      * Constructs a new data properties object.
@@ -83,13 +83,6 @@ public class DatabaseProperties {
      */
     DatabaseProperties(CveDB cveDB) {
         this.cveDB = cveDB;
-        loadProperties();
-    }
-
-    /**
-     * Loads the properties from the database.
-     */
-    private void loadProperties() {
         this.properties = cveDB.getProperties();
     }
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/cpe/CPEHandler.java

@@ -46,7 +46,7 @@ public class CPEHandler extends DefaultHandler {
     /**
      * A reference to the current element.
      */
-    private Element current = new Element();
+    private final Element current = new Element();
     /**
      * The logger.
      */
@@ -54,7 +54,7 @@ public class CPEHandler extends DefaultHandler {
     /**
      * The list of CPE values.
      */
-    private List<Cpe> data = new ArrayList<Cpe>();
+    private final List<Cpe> data = new ArrayList<Cpe>();
 
     /**
      * Returns the list of CPE values.

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/DownloadTask.java

@@ -80,11 +80,11 @@ public class DownloadTask implements Callable<Future<ProcessTask>> {
     /**
      * The CVE DB to use when processing the files.
      */
-    private CveDB cveDB;
+    private final CveDB cveDB;
     /**
      * The processor service to pass the results of the download to.
      */
-    private ExecutorService processorService;
+    private final ExecutorService processorService;
     /**
      * The NVD CVE Meta Data.
      */
@@ -92,7 +92,7 @@ public class DownloadTask implements Callable<Future<ProcessTask>> {
     /**
      * A reference to the global settings object.
      */
-    private Settings settings;
+    private final Settings settings;
 
     /**
      * Get the value of nvdCveInfo.
@@ -155,28 +155,6 @@ public class DownloadTask implements Callable<Future<ProcessTask>> {
     public void setSecond(File second) {
         this.second = second;
     }
-    /**
-     * A placeholder for an exception.
-     */
-    private Exception exception = null;
-
-    /**
-     * Get the value of exception.
-     *
-     * @return the value of exception
-     */
-    public Exception getException() {
-        return exception;
-    }
-
-    /**
-     * returns whether or not an exception occurred during download.
-     *
-     * @return whether or not an exception occurred during download
-     */
-    public boolean hasException() {
-        return exception != null;
-    }
 
     @Override
     public Future<ProcessTask> call() throws Exception {

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve12Handler.java

@@ -99,7 +99,6 @@ public class NvdCve12Handler extends DefaultHandler {
                 software = null;
             }
         } else if (!skip && current.isProdNode()) {
-
             vendor = attributes.getValue("vendor");
             product = attributes.getValue("name");
         } else if (!skip && current.isVersNode()) {
@@ -112,15 +111,19 @@ public class NvdCve12Handler extends DefaultHandler {
                 /*yes yes, this may not actually be an "a" - it could be an OS, etc. but for our
                  purposes this is good enough as we won't use this if we don't find a corresponding "a"
                  in the nvd cve 2.0. */
-                String cpe = "cpe:/a:" + vendor + ":" + product;
+                final int cpeLen = 8 + vendor.length() + product.length()
+                    + (null != num ? (1 + num.length()) : 0)
+                    + (null != edition ? (1 + edition.length()) : 0);
+                final StringBuilder cpe = new StringBuilder(cpeLen);
+                cpe.append("cpe:/a:").append(vendor).append(':').append(product);
                 if (num != null) {
-                    cpe += ':' + num;
+                    cpe.append(':').append(num);
                 }
                 if (edition != null) {
-                    cpe += ':' + edition;
+                    cpe.append(':').append(edition);
                 }
                 final VulnerableSoftware vs = new VulnerableSoftware();
-                vs.setCpe(cpe);
+                vs.setCpe(cpe.toString());
                 vs.setPreviousVersion(prev);
                 software.add(vs);
             }

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/ProcessTask.java

@@ -85,7 +85,7 @@ public class ProcessTask implements Callable<ProcessTask> {
     /**
      * A reference to the global settings object.
      */
-    private Settings settings;
+    private final Settings settings;
 
     /**
      * Constructs a new ProcessTask used to process an NVD CVE update.

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/UpdateableNvdCve.java

@@ -32,12 +32,12 @@ import org.owasp.dependencycheck.utils.Downloader;
  *
  * @author Jeremy Long
  */
-public class UpdateableNvdCve implements java.lang.Iterable<NvdCveInfo>, Iterator<NvdCveInfo> {
+public class UpdateableNvdCve implements Iterable<NvdCveInfo>, Iterator<NvdCveInfo> {
 
     /**
      * A collection of sources of data.
      */
-    private Map<String, NvdCveInfo> collection = new TreeMap<String, NvdCveInfo>();
+    private final Map<String, NvdCveInfo> collection = new TreeMap<String, NvdCveInfo>();
 
     /**
      * Returns the collection of NvdCveInfo objects. This method is mainly used for testing.

dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionHandler.java

@@ -65,7 +65,7 @@ public class SuppressionHandler extends DefaultHandler {
     /**
      * A list of suppression rules.
      */
-    private List<SuppressionRule> suppressionRules = new ArrayList<SuppressionRule>();
+    private final List<SuppressionRule> suppressionRules = new ArrayList<SuppressionRule>();
 
     /**
      * Get the value of suppressionRules.

dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionRule.java

@@ -417,7 +417,7 @@ public class SuppressionRule {
      */
     @Override
     public String toString() {
-        final StringBuilder sb = new StringBuilder();
+        final StringBuilder sb = new StringBuilder(64);
         sb.append("SuppressionRule{");
         if (filePath != null) {
             sb.append("filePath=").append(filePath).append(',');

dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Filter.java

@@ -50,7 +50,7 @@ public abstract class Filter<T> {
             if (next == null) {
                 throw new NoSuchElementException();
             }
-            T returnValue = next;
+            final T returnValue = next;
             toNext();
             return returnValue;
         }
@@ -63,7 +63,7 @@ public abstract class Filter<T> {
         private void toNext() {
             next = null;
             while (iterator.hasNext()) {
-                T item = iterator.next();
+                final T item = iterator.next();
                 if (item != null && passes(item)) {
                     next = item;
                     break;

dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/Model.java

@@ -241,7 +241,7 @@ public class Model {
     /**
      * The list of licenses.
      */
-    private List<License> licenses = new ArrayList<License>();
+    private final List<License> licenses = new ArrayList<License>();
 
     /**
      * Returns the list of licenses.

dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/PomHandler.java

@@ -78,7 +78,7 @@ public class PomHandler extends DefaultHandler {
     /**
      * The pom model.
      */
-    private Model model = new Model();
+    private final Model model = new Model();
 
     /**
      * Returns the model obtained from the pom.xml.