From dc0106348de09a129b1f77dd566c3221a31d14bd Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 29 Mar 2014 05:34:46 -0400
Subject: [PATCH] checkstyle corrections

Former-commit-id: d511bf999738c60e35cefb66cdde1f28be1fea3f
---
 .../agent/DependencyCheckScanAgent.java       | 35 +++++++++++--------
 .../dependencycheck/agent/package-info.java   | 13 +++++++
 .../analyzer/AssemblyAnalyzer.java            |  4 +--
 3 files changed, 35 insertions(+), 17 deletions(-)
 create mode 100644 dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/package-info.java

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java
index 0469f69d9..6e98f987e 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java
@@ -17,6 +17,11 @@
  */
 package org.owasp.dependencycheck.agent;
 
+import java.io.File;
+import java.io.IOException;
+import java.util.List;
+import java.util.logging.Level;
+import java.util.logging.Logger;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
@@ -28,18 +33,11 @@ import org.owasp.dependencycheck.exception.ScanAgentException;
 import org.owasp.dependencycheck.reporting.ReportGenerator;
 import org.owasp.dependencycheck.utils.Settings;
 
-import java.io.File;
-import java.io.IOException;
-import java.util.List;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
 /**
- * This class provides a way to easily conduct a scan solely based on existing evidence metadata
- * rather than collecting evidence from the files themselves. This class is based on the Ant task
- * and Maven plugin with the exception that it takes a list of dependencies that can be
- * programmatically added from data in a spreadsheet, database or some other datasource and conduct
- * a scan based on this pre-defined evidence.
+ * This class provides a way to easily conduct a scan solely based on existing evidence metadata rather than collecting
+ * evidence from the files themselves. This class is based on the Ant task and Maven plugin with the exception that it
+ * takes a list of dependencies that can be programmatically added from data in a spreadsheet, database or some other
+ * datasource and conduct a scan based on this pre-defined evidence.
  *
  * <h2>Example:</h2>
  * <pre>
@@ -62,7 +60,6 @@ import java.util.logging.Logger;
 @SuppressWarnings("unused")
 public class DependencyCheckScanAgent {
 
-
     /**
      * System specific new line character.
      */
@@ -97,14 +94,16 @@ public class DependencyCheckScanAgent {
     private List<Dependency> dependencies;
 
     /**
-     * Returns a list of pre-determined dependencies
+     * Returns a list of pre-determined dependencies.
+     *
+     * @return returns a list of dependencies
      */
     public List<Dependency> getDependencies() {
         return dependencies;
     }
 
     /**
-     * Sets the list of dependencies to scan
+     * Sets the list of dependencies to scan.
      *
      * @param dependencies new value of dependencies
      */
@@ -742,7 +741,8 @@ public class DependencyCheckScanAgent {
      * Executes the Dependency-Check on the dependent libraries.
      *
      * @return the Engine used to scan the dependencies.
-     * @throws org.owasp.dependencycheck.data.nvdcve.DatabaseException thrown if there is an exception connecting to the database
+     * @throws org.owasp.dependencycheck.data.nvdcve.DatabaseException thrown if there is an exception connecting to the
+     * database
      */
     private Engine executeDependencyCheck() throws DatabaseException {
         populateSettings();
@@ -871,6 +871,9 @@ public class DependencyCheckScanAgent {
 
     /**
      * Executes the dependency-check and generates the report.
+     *
+     * @throws org.owasp.dependencycheck.exception.ScanAgentException thrown if there is an exception executing the
+     * scan.
      */
     public void execute() throws ScanAgentException {
         Engine engine = null;
@@ -899,6 +902,8 @@ public class DependencyCheckScanAgent {
      * configuration.
      *
      * @param dependencies the list of dependency objects
+     * @throws org.owasp.dependencycheck.exception.ScanAgentException thrown if there is an exception executing the
+     * scan.
      */
     private void checkForFailure(List<Dependency> dependencies) throws ScanAgentException {
         final StringBuilder ids = new StringBuilder();
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/package-info.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/package-info.java
new file mode 100644
index 000000000..b61b80e68
--- /dev/null
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/package-info.java
@@ -0,0 +1,13 @@
+/**
+ * <html>
+ * <head>
+ * <title>org.owasp.dependencycheck.agent</title>
+ * </head>
+ * <body>
+ * The agent package holds an agent API that can be used by other applications that have information about dependencies;
+ * but would rather implement something in their code directly rather then spawn a process to run the entire
+ * dependency-check engine. This basically provides programmatic access to running a scan.
+ * </body>
+ * </html>
+ */
+package org.owasp.dependencycheck.agent;
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
index 0cb923595..97cbb3612 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
@@ -220,8 +220,8 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
             final Process p = pb.start();
             // Try evacuating the error stream
             final BufferedReader rdr = new BufferedReader(new InputStreamReader(p.getErrorStream()));
-            String line = null;
-            while ((line = rdr.readLine()) != null) {
+            String line;
+            while (rdr.ready() && (line = rdr.readLine()) != null) {
                 // We expect this to complain
             }
             final Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(p.getInputStream());