diff --git a/src/main/config/checkstyle-checks.xml b/src/main/config/checkstyle-checks.xml
index d84db6f89..7c98adfc4 100644
--- a/src/main/config/checkstyle-checks.xml
+++ b/src/main/config/checkstyle-checks.xml
@@ -107,7 +107,7 @@
-
+
diff --git a/src/main/java/org/owasp/dependencycheck/Engine.java b/src/main/java/org/owasp/dependencycheck/Engine.java
index 0e7de2034..7343cfa5c 100644
--- a/src/main/java/org/owasp/dependencycheck/Engine.java
+++ b/src/main/java/org/owasp/dependencycheck/Engine.java
@@ -209,14 +209,14 @@ public class Engine {
final List analyzerList = analyzers.get(phase);
for (Analyzer a : analyzerList) {
- Iterator itrDependencies = dependencies.iterator();
+ final Iterator itrDependencies = dependencies.iterator();
while (itrDependencies.hasNext()) {
- Dependency d = itrDependencies.next();
+ final Dependency d = itrDependencies.next();
if (a.supportsExtension(d.getFileExtension())) {
try {
a.analyze(d, this);
//the following is mainly to deal with the DependencyBundlingAnalyzer
- if (a.getPostAnalysisAction() == Analyzer.PostAnalysisAction.REMOVE_JAR) {
+ if (a.getPostAnalysisAction() == Analyzer.PostAnalysisAction.REMOVE_DEPENDENCY) {
itrDependencies.remove();
}
} catch (AnalysisException ex) {
diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzer.java
index d3776b6b7..dde8b7bad 100644
--- a/src/main/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzer.java
+++ b/src/main/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzer.java
@@ -58,7 +58,7 @@ public abstract class AbstractAnalyzer implements Analyzer {
public void close() {
//do nothing
}
-
+
/**
* Used to indicate if any steps should be taken after the analysis. The
* abstract implementation returns NOTHING.
diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/Analyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/Analyzer.java
index baee83432..224f22fd4 100644
--- a/src/main/java/org/owasp/dependencycheck/analyzer/Analyzer.java
+++ b/src/main/java/org/owasp/dependencycheck/analyzer/Analyzer.java
@@ -100,10 +100,22 @@ public interface Analyzer {
*/
void close() throws Exception;
+ /**
+ * An enumeration of Post Analysis Actions.
+ */
public enum PostAnalysisAction {
+ /**
+ * No action should be taken.
+ */
NOTHING,
- REMOVE_JAR
+ /**
+ * The dependency should be removed from the list of dependencies scanned.
+ */
+ REMOVE_DEPENDENCY
}
-
+ /**
+ * Returns the post analysis action.
+ * @return the post analysis action
+ */
PostAnalysisAction getPostAnalysisAction();
}
diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
index c80c42ff1..b1f98d8d5 100644
--- a/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
+++ b/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
@@ -19,9 +19,7 @@
package org.owasp.dependencycheck.analyzer;
import java.io.File;
-import java.util.ArrayList;
import java.util.Iterator;
-import java.util.List;
import java.util.Set;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.dependency.Dependency;
@@ -89,6 +87,9 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
+ /**
+ * The Post Analysis Action that will be set after analyzing a dependency.
+ */
private PostAnalysisAction action;
/**
@@ -112,13 +113,12 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
&& hasSameBasePath(dependencyToCheck, dependency)
&& isCore(dependency, dependencyToCheck)) {
//move this dependency to be a related dependency
- action = PostAnalysisAction.REMOVE_JAR;
+ action = PostAnalysisAction.REMOVE_DEPENDENCY;
dependencyToCheck.addRelatedDependency(dependency);
//move any "related dependencies" to the new "parent" dependency
- Iterator i = dependency.getRelatedDependencies().iterator();
+ final Iterator i = dependency.getRelatedDependencies().iterator();
while (i.hasNext()) {
- Dependency d = i.next();
- dependencyToCheck.addRelatedDependency(d);
+ dependencyToCheck.addRelatedDependency(i.next());
i.remove();
}
return;
@@ -142,20 +142,25 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
&& dependency2.getIdentifiers().equals(dependency1.getIdentifiers());
}
+ /**
+ * Determines if the two dependencies have the same base path.
+ * @param dependency1 a Dependency object
+ * @param dependency2 a Dependency object
+ * @return true if the base paths of the dependencies are identical
+ */
private boolean hasSameBasePath(Dependency dependency1, Dependency dependency2) {
if (dependency1 == null || dependency2 == null) {
return false;
}
- File lFile = new File(dependency1.getFilePath());
- String left = lFile.getParent();
- File rFile = new File(dependency2.getFilePath());
- String right = rFile.getParent();
+ final File lFile = new File(dependency1.getFilePath());
+ final String left = lFile.getParent();
+ final File rFile = new File(dependency2.getFilePath());
+ final String right = rFile.getParent();
if (left == null) {
if (right == null) {
return true;
- } else {
- return false;
}
+ return false;
}
return left.equalsIgnoreCase(right);
}
@@ -170,8 +175,8 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
* considered the "core" version.
*/
private boolean isCore(Dependency left, Dependency right) {
- String leftName = left.getFileName().toLowerCase();
- String rightName = right.getFileName().toLowerCase();
+ final String leftName = left.getFileName().toLowerCase();
+ final String rightName = right.getFileName().toLowerCase();
if (rightName.contains("core") && !leftName.contains("core")) {
return false;
@@ -182,9 +187,8 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
// parts are contained in the other side?
if (leftName.length() > rightName.length()) {
return false;
- } else {
- return true;
}
+ return true;
}
}
diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java
index b793f7a4c..92c1797d5 100644
--- a/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java
+++ b/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java
@@ -36,7 +36,7 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
/**
* The set of file extensions supported by this analyzer.
*/
- private static final Set EXTENSIONS = null; //newHashSet("jar");
+ private static final Set EXTENSIONS = null;
/**
* The name of the analyzer.
*/
@@ -84,11 +84,6 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
return ANALYSIS_PHASE;
}
- /**
- * a list of spring versions.
- */
- private List springVersions;
-
/**
*
*
diff --git a/src/main/java/org/owasp/dependencycheck/data/lucene/VersionTokenizingFilter.java b/src/main/java/org/owasp/dependencycheck/data/lucene/VersionTokenizingFilter.java
index 812fce5c8..8d3fe2cb1 100644
--- a/src/main/java/org/owasp/dependencycheck/data/lucene/VersionTokenizingFilter.java
+++ b/src/main/java/org/owasp/dependencycheck/data/lucene/VersionTokenizingFilter.java
@@ -66,11 +66,10 @@ public final class VersionTokenizingFilter extends TokenFilter {
if (tokens.size() == 0 && input.incrementToken()) {
final String version = new String(termAtt.buffer(), 0, termAtt.length());
final String[] toAnalyze = version.split("[_-]");
- if (toAnalyze.length > 1) { //ensure we analyze the whole string as one too
- analyzeVersion(version);
- }
+ //ensure we analyze the whole string as one too
+ analyzeVersion(version);
for (String str : toAnalyze) {
- analyzeVersion(version);
+ analyzeVersion(str);
}
}
return addTerm();
diff --git a/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java b/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
index 69ad74952..ceb82fe0d 100644
--- a/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
+++ b/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
@@ -473,7 +473,12 @@ public class Dependency implements Comparable {
public void addRelatedDependency(Dependency dependency) {
relatedDependencies.add(dependency);
}
-
+ /**
+ * Implemenation of the Comparable interface. The comparison
+ * is solely based on the file name.
+ * @param o a dependency to compare
+ * @return an integer representing the natural ordering
+ */
public int compareTo(Dependency o) {
return this.getFileName().compareToIgnoreCase(o.getFileName());
}
diff --git a/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java b/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java
index be457040e..eca3c5a3e 100644
--- a/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java
+++ b/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java
@@ -111,21 +111,21 @@ public class VulnerableSoftware extends Entry implements Serializable, Comparabl
*/
public int compareTo(VulnerableSoftware vs) {
int result = 0;
- String[] left = this.getName().split(":");
- String[] right = vs.getName().split(":");
- int max = (left.length <= right.length) ? left.length : right.length;
+ final String[] left = this.getName().split(":");
+ final String[] right = vs.getName().split(":");
+ final int max = (left.length <= right.length) ? left.length : right.length;
if (max > 0) {
for (int i = 0; result == 0 && i < max; i++) {
- String[] subLeft = left[i].split("\\.");
- String[] subRight = right[i].split("\\.");
- int subMax = (subLeft.length <= subRight.length) ? subLeft.length : subRight.length;
+ final String[] subLeft = left[i].split("\\.");
+ final String[] subRight = right[i].split("\\.");
+ final int subMax = (subLeft.length <= subRight.length) ? subLeft.length : subRight.length;
if (subMax > 0) {
for (int x = 0; result == 0 && x < subMax; x++) {
if (isPositiveInteger(subLeft[x]) && isPositiveInteger(subRight[x])) {
- int iLeft = Integer.parseInt(subLeft[x]);
- int iRight = Integer.parseInt(subRight[x]);
+ final int iLeft = Integer.parseInt(subLeft[x]);
+ final int iRight = Integer.parseInt(subRight[x]);
if (iLeft != iRight) {
- if (iLeft>iRight) {
+ if (iLeft > iRight) {
result = 2;
} else {
result = -2;
@@ -166,7 +166,7 @@ public class VulnerableSoftware extends Entry implements Serializable, Comparabl
* @param str the string to test
* @return true if the string only contains 0-9, otherwise false.
*/
- private static final boolean isPositiveInteger(final String str) {
+ private static boolean isPositiveInteger(final String str) {
if (str == null || str.isEmpty()) {
return false;
}