diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java
index 0469f69d9..6e98f987e 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java
@@ -17,6 +17,11 @@
*/
package org.owasp.dependencycheck.agent;
+import java.io.File;
+import java.io.IOException;
+import java.util.List;
+import java.util.logging.Level;
+import java.util.logging.Logger;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
@@ -28,18 +33,11 @@ import org.owasp.dependencycheck.exception.ScanAgentException;
import org.owasp.dependencycheck.reporting.ReportGenerator;
import org.owasp.dependencycheck.utils.Settings;
-import java.io.File;
-import java.io.IOException;
-import java.util.List;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
/**
- * This class provides a way to easily conduct a scan solely based on existing evidence metadata
- * rather than collecting evidence from the files themselves. This class is based on the Ant task
- * and Maven plugin with the exception that it takes a list of dependencies that can be
- * programmatically added from data in a spreadsheet, database or some other datasource and conduct
- * a scan based on this pre-defined evidence.
+ * This class provides a way to easily conduct a scan solely based on existing evidence metadata rather than collecting
+ * evidence from the files themselves. This class is based on the Ant task and Maven plugin with the exception that it
+ * takes a list of dependencies that can be programmatically added from data in a spreadsheet, database or some other
+ * datasource and conduct a scan based on this pre-defined evidence.
*
* Example:
*
@@ -62,7 +60,6 @@ import java.util.logging.Logger;
@SuppressWarnings("unused")
public class DependencyCheckScanAgent {
-
/**
* System specific new line character.
*/
@@ -97,14 +94,16 @@ public class DependencyCheckScanAgent {
private List dependencies;
/**
- * Returns a list of pre-determined dependencies
+ * Returns a list of pre-determined dependencies.
+ *
+ * @return returns a list of dependencies
*/
public List getDependencies() {
return dependencies;
}
/**
- * Sets the list of dependencies to scan
+ * Sets the list of dependencies to scan.
*
* @param dependencies new value of dependencies
*/
@@ -742,7 +741,8 @@ public class DependencyCheckScanAgent {
* Executes the Dependency-Check on the dependent libraries.
*
* @return the Engine used to scan the dependencies.
- * @throws org.owasp.dependencycheck.data.nvdcve.DatabaseException thrown if there is an exception connecting to the database
+ * @throws org.owasp.dependencycheck.data.nvdcve.DatabaseException thrown if there is an exception connecting to the
+ * database
*/
private Engine executeDependencyCheck() throws DatabaseException {
populateSettings();
@@ -871,6 +871,9 @@ public class DependencyCheckScanAgent {
/**
* Executes the dependency-check and generates the report.
+ *
+ * @throws org.owasp.dependencycheck.exception.ScanAgentException thrown if there is an exception executing the
+ * scan.
*/
public void execute() throws ScanAgentException {
Engine engine = null;
@@ -899,6 +902,8 @@ public class DependencyCheckScanAgent {
* configuration.
*
* @param dependencies the list of dependency objects
+ * @throws org.owasp.dependencycheck.exception.ScanAgentException thrown if there is an exception executing the
+ * scan.
*/
private void checkForFailure(List dependencies) throws ScanAgentException {
final StringBuilder ids = new StringBuilder();
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/package-info.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/package-info.java
new file mode 100644
index 000000000..b61b80e68
--- /dev/null
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/package-info.java
@@ -0,0 +1,13 @@
+/**
+ *
+ *
+ * org.owasp.dependencycheck.agent
+ *
+ *
+ * The agent package holds an agent API that can be used by other applications that have information about dependencies;
+ * but would rather implement something in their code directly rather then spawn a process to run the entire
+ * dependency-check engine. This basically provides programmatic access to running a scan.
+ *
+ *
+ */
+package org.owasp.dependencycheck.agent;
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
index 0cb923595..97cbb3612 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
@@ -220,8 +220,8 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
final Process p = pb.start();
// Try evacuating the error stream
final BufferedReader rdr = new BufferedReader(new InputStreamReader(p.getErrorStream()));
- String line = null;
- while ((line = rdr.readLine()) != null) {
+ String line;
+ while (rdr.ready() && (line = rdr.readLine()) != null) {
// We expect this to complain
}
final Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(p.getInputStream());