github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-24 01:51:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

checkstyle/PMD updates

Browse Source 
Former-commit-id: d970e6d49ba78a1e563b4ab5598c242d4dbca80e
This commit is contained in:
Jeremy Long
2013-04-20 11:49:59 -04:00
parent b078d8477e
commit d7af145f3b
9 changed files with 59 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/config/checkstyle-checks.xml
View File

@@ -107,7 +107,7 @@
</module> </module>
<module name="MethodCount"> <module name="MethodCount">
<property name="maxTotal" value="35"/> <property name="maxTotal" value="40"/>
</module> </module>
<module name="LocalFinalVariableName"/> <module name="LocalFinalVariableName"/>

6
src/main/java/org/owasp/dependencycheck/Engine.java
View File

@@ -209,14 +209,14 @@ public class Engine {
final List<Analyzer> analyzerList = analyzers.get(phase); final List<Analyzer> analyzerList = analyzers.get(phase);
for (Analyzer a : analyzerList) { for (Analyzer a : analyzerList) {
Iterator<Dependency> itrDependencies = dependencies.iterator(); final Iterator<Dependency> itrDependencies = dependencies.iterator();
while (itrDependencies.hasNext()) { while (itrDependencies.hasNext()) {
Dependency d = itrDependencies.next(); final Dependency d = itrDependencies.next();
if (a.supportsExtension(d.getFileExtension())) { if (a.supportsExtension(d.getFileExtension())) {
try { try {
a.analyze(d, this); a.analyze(d, this);
//the following is mainly to deal with the DependencyBundlingAnalyzer //the following is mainly to deal with the DependencyBundlingAnalyzer
if (a.getPostAnalysisAction() == Analyzer.PostAnalysisAction.REMOVE_JAR) { if (a.getPostAnalysisAction() == Analyzer.PostAnalysisAction.REMOVE_DEPENDENCY) {
itrDependencies.remove(); itrDependencies.remove();
} }
} catch (AnalysisException ex) { } catch (AnalysisException ex) {

2
src/main/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzer.java
View File

@@ -58,7 +58,7 @@ public abstract class AbstractAnalyzer implements Analyzer {
public void close() { public void close() {
//do nothing //do nothing
} }
/** /**
* Used to indicate if any steps should be taken after the analysis. The * Used to indicate if any steps should be taken after the analysis. The
* abstract implementation returns NOTHING. * abstract implementation returns NOTHING.

16
src/main/java/org/owasp/dependencycheck/analyzer/Analyzer.java
View File

@@ -100,10 +100,22 @@ public interface Analyzer {
*/ */
void close() throws Exception; void close() throws Exception;
/**
* An enumeration of Post Analysis Actions.
*/
public enum PostAnalysisAction { public enum PostAnalysisAction {
/**
* No action should be taken.
*/
NOTHING, NOTHING,
REMOVE_JAR /**
* The dependency should be removed from the list of dependencies scanned.
*/
REMOVE_DEPENDENCY
} }
/**
* Returns the post analysis action.
* @return the post analysis action
*/
PostAnalysisAction getPostAnalysisAction(); PostAnalysisAction getPostAnalysisAction();
} }

36
src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
View File

@@ -19,9 +19,7 @@
package org.owasp.dependencycheck.analyzer; package org.owasp.dependencycheck.analyzer;
import java.io.File; import java.io.File;
import java.util.ArrayList;
import java.util.Iterator; import java.util.Iterator;
import java.util.List;
import java.util.Set; import java.util.Set;
import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Dependency;
@@ -89,6 +87,9 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
public AnalysisPhase getAnalysisPhase() { public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE; return ANALYSIS_PHASE;
} }
/**
* The Post Analysis Action that will be set after analyzing a dependency.
*/
private PostAnalysisAction action; private PostAnalysisAction action;
/** /**
@@ -112,13 +113,12 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
&& hasSameBasePath(dependencyToCheck, dependency) && hasSameBasePath(dependencyToCheck, dependency)
&& isCore(dependency, dependencyToCheck)) { && isCore(dependency, dependencyToCheck)) {
//move this dependency to be a related dependency //move this dependency to be a related dependency
action = PostAnalysisAction.REMOVE_JAR; action = PostAnalysisAction.REMOVE_DEPENDENCY;
dependencyToCheck.addRelatedDependency(dependency); dependencyToCheck.addRelatedDependency(dependency);
//move any "related dependencies" to the new "parent" dependency //move any "related dependencies" to the new "parent" dependency
Iterator<Dependency> i = dependency.getRelatedDependencies().iterator(); final Iterator<Dependency> i = dependency.getRelatedDependencies().iterator();
while (i.hasNext()) { while (i.hasNext()) {
Dependency d = i.next(); dependencyToCheck.addRelatedDependency(i.next());
dependencyToCheck.addRelatedDependency(d);
i.remove(); i.remove();
} }
return; return;
@@ -142,20 +142,25 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
&& dependency2.getIdentifiers().equals(dependency1.getIdentifiers()); && dependency2.getIdentifiers().equals(dependency1.getIdentifiers());
} }
/**
* Determines if the two dependencies have the same base path.
* @param dependency1 a Dependency object
* @param dependency2 a Dependency object
* @return true if the base paths of the dependencies are identical
*/
private boolean hasSameBasePath(Dependency dependency1, Dependency dependency2) { private boolean hasSameBasePath(Dependency dependency1, Dependency dependency2) {
if (dependency1 == null || dependency2 == null) { if (dependency1 == null || dependency2 == null) {
return false; return false;
} }
File lFile = new File(dependency1.getFilePath()); final File lFile = new File(dependency1.getFilePath());
String left = lFile.getParent(); final String left = lFile.getParent();
File rFile = new File(dependency2.getFilePath()); final File rFile = new File(dependency2.getFilePath());
String right = rFile.getParent(); final String right = rFile.getParent();
if (left == null) { if (left == null) {
if (right == null) { if (right == null) {
return true; return true;
} else {
return false;
} }
return false;
} }
return left.equalsIgnoreCase(right); return left.equalsIgnoreCase(right);
} }
@@ -170,8 +175,8 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
* considered the "core" version. * considered the "core" version.
*/ */
private boolean isCore(Dependency left, Dependency right) { private boolean isCore(Dependency left, Dependency right) {
String leftName = left.getFileName().toLowerCase(); final String leftName = left.getFileName().toLowerCase();
String rightName = right.getFileName().toLowerCase(); final String rightName = right.getFileName().toLowerCase();
if (rightName.contains("core") && !leftName.contains("core")) { if (rightName.contains("core") && !leftName.contains("core")) {
return false; return false;
@@ -182,9 +187,8 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
// parts are contained in the other side? // parts are contained in the other side?
if (leftName.length() > rightName.length()) { if (leftName.length() > rightName.length()) {
return false; return false;
} else {
return true;
} }
return true;
} }
} }

7
src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java
View File

@@ -36,7 +36,7 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
/** /**
* The set of file extensions supported by this analyzer. * The set of file extensions supported by this analyzer.
*/ */
private static final Set<String> EXTENSIONS = null; //newHashSet("jar"); private static final Set<String> EXTENSIONS = null;
/** /**
* The name of the analyzer. * The name of the analyzer.
*/ */
@@ -84,11 +84,6 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
return ANALYSIS_PHASE; return ANALYSIS_PHASE;
} }
/**
* a list of spring versions.
*/
private List<Identifier> springVersions;
/** /**
* *
* *

7
src/main/java/org/owasp/dependencycheck/data/lucene/VersionTokenizingFilter.java
View File

@@ -66,11 +66,10 @@ public final class VersionTokenizingFilter extends TokenFilter {
if (tokens.size() == 0 && input.incrementToken()) { if (tokens.size() == 0 && input.incrementToken()) {
final String version = new String(termAtt.buffer(), 0, termAtt.length()); final String version = new String(termAtt.buffer(), 0, termAtt.length());
final String[] toAnalyze = version.split("[_-]"); final String[] toAnalyze = version.split("[_-]");
if (toAnalyze.length > 1) { //ensure we analyze the whole string as one too //ensure we analyze the whole string as one too
analyzeVersion(version); analyzeVersion(version);
}
for (String str : toAnalyze) { for (String str : toAnalyze) {
analyzeVersion(version); analyzeVersion(str);
} }
} }
return addTerm(); return addTerm();

7
src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
View File

@@ -473,7 +473,12 @@ public class Dependency implements Comparable<Dependency> {
public void addRelatedDependency(Dependency dependency) { public void addRelatedDependency(Dependency dependency) {
relatedDependencies.add(dependency); relatedDependencies.add(dependency);
} }
/**
* Implemenation of the Comparable<Dependency> interface. The comparison
* is solely based on the file name.
* @param o a dependency to compare
* @return an integer representing the natural ordering
*/
public int compareTo(Dependency o) { public int compareTo(Dependency o) {
return this.getFileName().compareToIgnoreCase(o.getFileName()); return this.getFileName().compareToIgnoreCase(o.getFileName());
} }

20
src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java
View File

@@ -111,21 +111,21 @@ public class VulnerableSoftware extends Entry implements Serializable, Comparabl
*/ */
public int compareTo(VulnerableSoftware vs) { public int compareTo(VulnerableSoftware vs) {
int result = 0; int result = 0;
String[] left = this.getName().split(":"); final String[] left = this.getName().split(":");
String[] right = vs.getName().split(":"); final String[] right = vs.getName().split(":");
int max = (left.length <= right.length) ? left.length : right.length; final int max = (left.length <= right.length) ? left.length : right.length;
if (max > 0) { if (max > 0) {
for (int i = 0; result == 0 && i < max; i++) { for (int i = 0; result == 0 && i < max; i++) {
String[] subLeft = left[i].split("\\."); final String[] subLeft = left[i].split("\\.");
String[] subRight = right[i].split("\\."); final String[] subRight = right[i].split("\\.");
int subMax = (subLeft.length <= subRight.length) ? subLeft.length : subRight.length; final int subMax = (subLeft.length <= subRight.length) ? subLeft.length : subRight.length;
if (subMax > 0) { if (subMax > 0) {
for (int x = 0; result == 0 && x < subMax; x++) { for (int x = 0; result == 0 && x < subMax; x++) {
if (isPositiveInteger(subLeft[x]) && isPositiveInteger(subRight[x])) { if (isPositiveInteger(subLeft[x]) && isPositiveInteger(subRight[x])) {
int iLeft = Integer.parseInt(subLeft[x]); final int iLeft = Integer.parseInt(subLeft[x]);
int iRight = Integer.parseInt(subRight[x]); final int iRight = Integer.parseInt(subRight[x]);
if (iLeft != iRight) { if (iLeft != iRight) {
if (iLeft>iRight) { if (iLeft > iRight) {
result = 2; result = 2;
} else { } else {
result = -2; result = -2;
@@ -166,7 +166,7 @@ public class VulnerableSoftware extends Entry implements Serializable, Comparabl
* @param str the string to test * @param str the string to test
* @return true if the string only contains 0-9, otherwise false. * @return true if the string only contains 0-9, otherwise false.
*/ */
private static final boolean isPositiveInteger(final String str) { private static boolean isPositiveInteger(final String str) {
if (str == null || str.isEmpty()) { if (str == null || str.isEmpty()) {
return false; return false;
} }