mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-15 08:13:43 +01:00
checkstyle/PMD updates
Former-commit-id: d970e6d49ba78a1e563b4ab5598c242d4dbca80e
This commit is contained in:
Jeremy Long
@@ -107,7 +107,7 @@
|
||||
</module>
|
||||
|
||||
<module name="MethodCount">
|
||||
<property name="maxTotal" value="35"/>
|
||||
<property name="maxTotal" value="40"/>
|
||||
</module>
|
||||
|
||||
<module name="LocalFinalVariableName"/>
|
||||
|
||||
@@ -209,14 +209,14 @@ public class Engine {
|
||||
final List<Analyzer> analyzerList = analyzers.get(phase);
|
||||
|
||||
for (Analyzer a : analyzerList) {
|
||||
Iterator<Dependency> itrDependencies = dependencies.iterator();
|
||||
final Iterator<Dependency> itrDependencies = dependencies.iterator();
|
||||
while (itrDependencies.hasNext()) {
|
||||
Dependency d = itrDependencies.next();
|
||||
final Dependency d = itrDependencies.next();
|
||||
if (a.supportsExtension(d.getFileExtension())) {
|
||||
try {
|
||||
a.analyze(d, this);
|
||||
//the following is mainly to deal with the DependencyBundlingAnalyzer
|
||||
if (a.getPostAnalysisAction() == Analyzer.PostAnalysisAction.REMOVE_JAR) {
|
||||
if (a.getPostAnalysisAction() == Analyzer.PostAnalysisAction.REMOVE_DEPENDENCY) {
|
||||
itrDependencies.remove();
|
||||
}
|
||||
} catch (AnalysisException ex) {
|
||||
|
||||
@@ -58,7 +58,7 @@ public abstract class AbstractAnalyzer implements Analyzer {
|
||||
public void close() {
|
||||
//do nothing
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Used to indicate if any steps should be taken after the analysis. The
|
||||
* abstract implementation returns NOTHING.
|
||||
|
||||
@@ -100,10 +100,22 @@ public interface Analyzer {
|
||||
*/
|
||||
void close() throws Exception;
|
||||
|
||||
/**
|
||||
* An enumeration of Post Analysis Actions.
|
||||
*/
|
||||
public enum PostAnalysisAction {
|
||||
/**
|
||||
* No action should be taken.
|
||||
*/
|
||||
NOTHING,
|
||||
REMOVE_JAR
|
||||
/**
|
||||
* The dependency should be removed from the list of dependencies scanned.
|
||||
*/
|
||||
REMOVE_DEPENDENCY
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the post analysis action.
|
||||
* @return the post analysis action
|
||||
*/
|
||||
PostAnalysisAction getPostAnalysisAction();
|
||||
}
|
||||
|
||||
@@ -19,9 +19,7 @@
|
||||
package org.owasp.dependencycheck.analyzer;
|
||||
|
||||
import java.io.File;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import org.owasp.dependencycheck.Engine;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
@@ -89,6 +87,9 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
|
||||
public AnalysisPhase getAnalysisPhase() {
|
||||
return ANALYSIS_PHASE;
|
||||
}
|
||||
/**
|
||||
* The Post Analysis Action that will be set after analyzing a dependency.
|
||||
*/
|
||||
private PostAnalysisAction action;
|
||||
|
||||
/**
|
||||
@@ -112,13 +113,12 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
|
||||
&& hasSameBasePath(dependencyToCheck, dependency)
|
||||
&& isCore(dependency, dependencyToCheck)) {
|
||||
//move this dependency to be a related dependency
|
||||
action = PostAnalysisAction.REMOVE_JAR;
|
||||
action = PostAnalysisAction.REMOVE_DEPENDENCY;
|
||||
dependencyToCheck.addRelatedDependency(dependency);
|
||||
//move any "related dependencies" to the new "parent" dependency
|
||||
Iterator<Dependency> i = dependency.getRelatedDependencies().iterator();
|
||||
final Iterator<Dependency> i = dependency.getRelatedDependencies().iterator();
|
||||
while (i.hasNext()) {
|
||||
Dependency d = i.next();
|
||||
dependencyToCheck.addRelatedDependency(d);
|
||||
dependencyToCheck.addRelatedDependency(i.next());
|
||||
i.remove();
|
||||
}
|
||||
return;
|
||||
@@ -142,20 +142,25 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
|
||||
&& dependency2.getIdentifiers().equals(dependency1.getIdentifiers());
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines if the two dependencies have the same base path.
|
||||
* @param dependency1 a Dependency object
|
||||
* @param dependency2 a Dependency object
|
||||
* @return true if the base paths of the dependencies are identical
|
||||
*/
|
||||
private boolean hasSameBasePath(Dependency dependency1, Dependency dependency2) {
|
||||
if (dependency1 == null || dependency2 == null) {
|
||||
return false;
|
||||
}
|
||||
File lFile = new File(dependency1.getFilePath());
|
||||
String left = lFile.getParent();
|
||||
File rFile = new File(dependency2.getFilePath());
|
||||
String right = rFile.getParent();
|
||||
final File lFile = new File(dependency1.getFilePath());
|
||||
final String left = lFile.getParent();
|
||||
final File rFile = new File(dependency2.getFilePath());
|
||||
final String right = rFile.getParent();
|
||||
if (left == null) {
|
||||
if (right == null) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
return left.equalsIgnoreCase(right);
|
||||
}
|
||||
@@ -170,8 +175,8 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
|
||||
* considered the "core" version.
|
||||
*/
|
||||
private boolean isCore(Dependency left, Dependency right) {
|
||||
String leftName = left.getFileName().toLowerCase();
|
||||
String rightName = right.getFileName().toLowerCase();
|
||||
final String leftName = left.getFileName().toLowerCase();
|
||||
final String rightName = right.getFileName().toLowerCase();
|
||||
|
||||
if (rightName.contains("core") && !leftName.contains("core")) {
|
||||
return false;
|
||||
@@ -182,9 +187,8 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
|
||||
// parts are contained in the other side?
|
||||
if (leftName.length() > rightName.length()) {
|
||||
return false;
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -36,7 +36,7 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
|
||||
/**
|
||||
* The set of file extensions supported by this analyzer.
|
||||
*/
|
||||
private static final Set<String> EXTENSIONS = null; //newHashSet("jar");
|
||||
private static final Set<String> EXTENSIONS = null;
|
||||
/**
|
||||
* The name of the analyzer.
|
||||
*/
|
||||
@@ -84,11 +84,6 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
|
||||
return ANALYSIS_PHASE;
|
||||
}
|
||||
|
||||
/**
|
||||
* a list of spring versions.
|
||||
*/
|
||||
private List<Identifier> springVersions;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
|
||||
@@ -66,11 +66,10 @@ public final class VersionTokenizingFilter extends TokenFilter {
|
||||
if (tokens.size() == 0 && input.incrementToken()) {
|
||||
final String version = new String(termAtt.buffer(), 0, termAtt.length());
|
||||
final String[] toAnalyze = version.split("[_-]");
|
||||
if (toAnalyze.length > 1) { //ensure we analyze the whole string as one too
|
||||
analyzeVersion(version);
|
||||
}
|
||||
//ensure we analyze the whole string as one too
|
||||
analyzeVersion(version);
|
||||
for (String str : toAnalyze) {
|
||||
analyzeVersion(version);
|
||||
analyzeVersion(str);
|
||||
}
|
||||
}
|
||||
return addTerm();
|
||||
|
||||
@@ -473,7 +473,12 @@ public class Dependency implements Comparable<Dependency> {
|
||||
public void addRelatedDependency(Dependency dependency) {
|
||||
relatedDependencies.add(dependency);
|
||||
}
|
||||
|
||||
/**
|
||||
* Implemenation of the Comparable<Dependency> interface. The comparison
|
||||
* is solely based on the file name.
|
||||
* @param o a dependency to compare
|
||||
* @return an integer representing the natural ordering
|
||||
*/
|
||||
public int compareTo(Dependency o) {
|
||||
return this.getFileName().compareToIgnoreCase(o.getFileName());
|
||||
}
|
||||
|
||||
@@ -111,21 +111,21 @@ public class VulnerableSoftware extends Entry implements Serializable, Comparabl
|
||||
*/
|
||||
public int compareTo(VulnerableSoftware vs) {
|
||||
int result = 0;
|
||||
String[] left = this.getName().split(":");
|
||||
String[] right = vs.getName().split(":");
|
||||
int max = (left.length <= right.length) ? left.length : right.length;
|
||||
final String[] left = this.getName().split(":");
|
||||
final String[] right = vs.getName().split(":");
|
||||
final int max = (left.length <= right.length) ? left.length : right.length;
|
||||
if (max > 0) {
|
||||
for (int i = 0; result == 0 && i < max; i++) {
|
||||
String[] subLeft = left[i].split("\\.");
|
||||
String[] subRight = right[i].split("\\.");
|
||||
int subMax = (subLeft.length <= subRight.length) ? subLeft.length : subRight.length;
|
||||
final String[] subLeft = left[i].split("\\.");
|
||||
final String[] subRight = right[i].split("\\.");
|
||||
final int subMax = (subLeft.length <= subRight.length) ? subLeft.length : subRight.length;
|
||||
if (subMax > 0) {
|
||||
for (int x = 0; result == 0 && x < subMax; x++) {
|
||||
if (isPositiveInteger(subLeft[x]) && isPositiveInteger(subRight[x])) {
|
||||
int iLeft = Integer.parseInt(subLeft[x]);
|
||||
int iRight = Integer.parseInt(subRight[x]);
|
||||
final int iLeft = Integer.parseInt(subLeft[x]);
|
||||
final int iRight = Integer.parseInt(subRight[x]);
|
||||
if (iLeft != iRight) {
|
||||
if (iLeft>iRight) {
|
||||
if (iLeft > iRight) {
|
||||
result = 2;
|
||||
} else {
|
||||
result = -2;
|
||||
@@ -166,7 +166,7 @@ public class VulnerableSoftware extends Entry implements Serializable, Comparabl
|
||||
* @param str the string to test
|
||||
* @return true if the string only contains 0-9, otherwise false.
|
||||
*/
|
||||
private static final boolean isPositiveInteger(final String str) {
|
||||
private static boolean isPositiveInteger(final String str) {
|
||||
if (str == null || str.isEmpty()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user