checkstyle suggested changes

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java

@@ -120,7 +120,7 @@ public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer {
             throw new SuppressionParseException("Unable to parse the base suppression data file", ex);
         }
         final String[] suppressionFilePaths = getSettings().getArray(Settings.KEYS.SUPPRESSION_FILE);
-        List<String> failedLoadingFiles = new ArrayList<>();
+        final List<String> failedLoadingFiles = new ArrayList<>();
         if (suppressionFilePaths != null && suppressionFilePaths.length > 0) {
 
             // Load all the suppression file paths

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java

@@ -60,7 +60,7 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
 
     /**
      * A descriptor for the type of dependencies processed or added by this
-     * analyzer
+     * analyzer.
      */
     public static final String DEPENDENCY_ECOSYSTEM = "CMAKE";
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java

@@ -75,16 +75,16 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
     private static final String SUPPORTED_EXTENSIONS = "jar";
 
     /**
-     * There may be temporary issues when connecting to MavenCentral.
+     * There may be temporary issues when connecting to MavenCentral. In order
-     * In order to compensate for 99% of the issues, we perform a retry
+     * to compensate for 99% of the issues, we perform a retry before finally
-     * before finally failing the analysis.
+     * failing the analysis.
      */
     private static final int NUMBER_OF_TRIES = 5;
 
     /**
      * The searcher itself.
      */
-    protected CentralSearch searcher;
+    private CentralSearch searcher;
 
     /**
      * Initializes the analyzer with the configured settings.
@@ -189,7 +189,7 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
      * Performs the analysis.
      *
      * @param dependency the dependency to analyze
-     * @param engine     the engine
+     * @param engine the engine
      * @throws AnalysisException when there's an exception during analysis
      */
     @Override
@@ -255,7 +255,7 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
      * @param dependency the dependency to analyze
      * @return the downloaded list of MavenArtifacts
      * @throws FileNotFoundException if the specified artifact is not found
-     * @throws IOException           if connecting to MavenCentral finally failed
+     * @throws IOException if connecting to MavenCentral finally failed
      */
     protected List<MavenArtifact> fetchMavenArtifacts(Dependency dependency) throws IOException {
         IOException lastException = null;
@@ -283,8 +283,17 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
             }
         }
 
-        final String message = "Finally failed connecting to Central search." +
+        final String message = "Finally failed connecting to Central search."
-                " Giving up after " + NUMBER_OF_TRIES + " tries.";
+                + " Giving up after " + NUMBER_OF_TRIES + " tries.";
         throw new IOException(message, lastException);
     }
+
+    /**
+     * Method used by unit tests to setup the analyzer.
+     *
+     * @param searcher the Central Search object to use.
+     */
+    protected void setCentralSearch(CentralSearch searcher) {
+        this.searcher = searcher;
+    }
 }

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CocoaPodsAnalyzer.java

@@ -47,7 +47,7 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
 
     /**
      * A descriptor for the type of dependencies processed or added by this
-     * analyzer
+     * analyzer.
      */
     public static final String DEPENDENCY_ECOSYSTEM = "CocoaPod";
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.java

@@ -49,7 +49,7 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
 
     /**
      * A descriptor for the type of dependencies processed or added by this
-     * analyzer
+     * analyzer.
      */
     public static final String DEPENDENCY_ECOSYSTEM = "Composer";
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java

@@ -75,7 +75,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
     //<editor-fold defaultstate="collapsed" desc="Constants and Member Variables">
     /**
      * A descriptor for the type of dependencies processed or added by this
-     * analyzer
+     * analyzer.
      */
     public static final String DEPENDENCY_ECOSYSTEM = "Java";
     /**
@@ -535,13 +535,13 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
             foundSomething = true;
             dependency.addEvidence(EvidenceType.VENDOR, "pom", "groupid", groupid, Confidence.HIGHEST);
             dependency.addEvidence(EvidenceType.PRODUCT, "pom", "groupid", groupid, Confidence.LOW);
-            addMatchingValues(classes, groupid, dependency,EvidenceType.VENDOR);
+            addMatchingValues(classes, groupid, dependency, EvidenceType.VENDOR);
-            addMatchingValues(classes, groupid, dependency,EvidenceType.PRODUCT);
+            addMatchingValues(classes, groupid, dependency, EvidenceType.PRODUCT);
             if (parentGroupId != null && !parentGroupId.isEmpty() && !parentGroupId.equals(groupid)) {
                 dependency.addEvidence(EvidenceType.VENDOR, "pom", "parent-groupid", parentGroupId, Confidence.MEDIUM);
                 dependency.addEvidence(EvidenceType.PRODUCT, "pom", "parent-groupid", parentGroupId, Confidence.LOW);
-                addMatchingValues(classes, parentGroupId, dependency,EvidenceType.VENDOR);
+                addMatchingValues(classes, parentGroupId, dependency, EvidenceType.VENDOR);
-                addMatchingValues(classes, parentGroupId, dependency,EvidenceType.PRODUCT);
+                addMatchingValues(classes, parentGroupId, dependency, EvidenceType.PRODUCT);
             }
         } else {
             addAsIdentifier = false;
@@ -551,13 +551,13 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
             foundSomething = true;
             dependency.addEvidence(EvidenceType.PRODUCT, "pom", "artifactid", artifactid, Confidence.HIGHEST);
             dependency.addEvidence(EvidenceType.VENDOR, "pom", "artifactid", artifactid, Confidence.LOW);
-            addMatchingValues(classes, artifactid, dependency,EvidenceType.VENDOR);
+            addMatchingValues(classes, artifactid, dependency, EvidenceType.VENDOR);
-            addMatchingValues(classes, artifactid, dependency,EvidenceType.PRODUCT);
+            addMatchingValues(classes, artifactid, dependency, EvidenceType.PRODUCT);
             if (parentArtifactId != null && !parentArtifactId.isEmpty() && !parentArtifactId.equals(artifactid)) {
                 dependency.addEvidence(EvidenceType.PRODUCT, "pom", "parent-artifactid", parentArtifactId, Confidence.MEDIUM);
                 dependency.addEvidence(EvidenceType.VENDOR, "pom", "parent-artifactid", parentArtifactId, Confidence.LOW);
-                addMatchingValues(classes, parentArtifactId, dependency,EvidenceType.VENDOR);
+                addMatchingValues(classes, parentArtifactId, dependency, EvidenceType.VENDOR);
-                addMatchingValues(classes, parentArtifactId, dependency,EvidenceType.PRODUCT);
+                addMatchingValues(classes, parentArtifactId, dependency, EvidenceType.PRODUCT);
             }
         } else {
             addAsIdentifier = false;
@@ -582,8 +582,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
         if (org != null && !org.isEmpty()) {
             dependency.addEvidence(EvidenceType.VENDOR, "pom", "organization name", org, Confidence.HIGH);
             dependency.addEvidence(EvidenceType.PRODUCT, "pom", "organization name", org, Confidence.LOW);
-            addMatchingValues(classes, org, dependency,EvidenceType.VENDOR);
+            addMatchingValues(classes, org, dependency, EvidenceType.VENDOR);
-            addMatchingValues(classes, org, dependency,EvidenceType.PRODUCT);
+            addMatchingValues(classes, org, dependency, EvidenceType.PRODUCT);
         }
         // org name
         String orgUrl = pom.getOrganizationUrl();
@@ -603,8 +603,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
             foundSomething = true;
             dependency.addEvidence(EvidenceType.PRODUCT, "pom", "name", pomName, Confidence.HIGH);
             dependency.addEvidence(EvidenceType.VENDOR, "pom", "name", pomName, Confidence.HIGH);
-            addMatchingValues(classes, pomName, dependency,EvidenceType.VENDOR);
+            addMatchingValues(classes, pomName, dependency, EvidenceType.VENDOR);
-            addMatchingValues(classes, pomName, dependency,EvidenceType.PRODUCT);
+            addMatchingValues(classes, pomName, dependency, EvidenceType.PRODUCT);
         }
 
         //Description
@@ -612,8 +612,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
         if (description != null && !description.isEmpty() && !description.startsWith("POM was created by")) {
             foundSomething = true;
             final String trimmedDescription = addDescription(dependency, description, "pom", "description");
-            addMatchingValues(classes, trimmedDescription, dependency,EvidenceType.VENDOR);
+            addMatchingValues(classes, trimmedDescription, dependency, EvidenceType.VENDOR);
-            addMatchingValues(classes, trimmedDescription, dependency,EvidenceType.PRODUCT);
+            addMatchingValues(classes, trimmedDescription, dependency, EvidenceType.PRODUCT);
         }
 
         String projectURL = pom.getProjectURL();
@@ -723,7 +723,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
                 } else if (key.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_TITLE.toString())) {
                     foundSomething = true;
                     dependency.addEvidence(EvidenceType.PRODUCT, source, key, value, Confidence.HIGH);
-                    addMatchingValues(classInformation, value, dependency,EvidenceType.PRODUCT);
+                    addMatchingValues(classInformation, value, dependency, EvidenceType.PRODUCT);
                 } else if (key.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_VERSION.toString())) {
                     hasImplementationVersion = true;
                     foundSomething = true;
@@ -733,19 +733,19 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
                 } else if (key.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_VENDOR.toString())) {
                     foundSomething = true;
                     dependency.addEvidence(EvidenceType.VENDOR, source, key, value, Confidence.HIGH);
-                    addMatchingValues(classInformation, value, dependency,EvidenceType.VENDOR);
+                    addMatchingValues(classInformation, value, dependency, EvidenceType.VENDOR);
                 } else if (key.equalsIgnoreCase(IMPLEMENTATION_VENDOR_ID)) {
                     foundSomething = true;
                     dependency.addEvidence(EvidenceType.VENDOR, source, key, value, Confidence.MEDIUM);
-                    addMatchingValues(classInformation, value, dependency,EvidenceType.VENDOR);
+                    addMatchingValues(classInformation, value, dependency, EvidenceType.VENDOR);
                 } else if (key.equalsIgnoreCase(BUNDLE_DESCRIPTION)) {
                     foundSomething = true;
                     addDescription(dependency, value, "manifest", key);
-                    addMatchingValues(classInformation, value, dependency,EvidenceType.PRODUCT);
+                    addMatchingValues(classInformation, value, dependency, EvidenceType.PRODUCT);
                 } else if (key.equalsIgnoreCase(BUNDLE_NAME)) {
                     foundSomething = true;
                     dependency.addEvidence(EvidenceType.PRODUCT, source, key, value, Confidence.MEDIUM);
-                    addMatchingValues(classInformation, value, dependency,EvidenceType.PRODUCT);
+                    addMatchingValues(classInformation, value, dependency, EvidenceType.PRODUCT);
 //                //the following caused false positives.
 //                } else if (key.equalsIgnoreCase(BUNDLE_VENDOR)) {
                 } else if (key.equalsIgnoreCase(BUNDLE_VERSION)) {
@@ -785,19 +785,19 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
                             dependency.addEvidence(EvidenceType.VERSION, source, key, value, Confidence.MEDIUM);
                         } else if (key.contains("title")) {
                             dependency.addEvidence(EvidenceType.PRODUCT, source, key, value, Confidence.MEDIUM);
-                            addMatchingValues(classInformation, value, dependency,EvidenceType.PRODUCT);
+                            addMatchingValues(classInformation, value, dependency, EvidenceType.PRODUCT);
                         } else if (key.contains("vendor")) {
                             if (key.contains("specification")) {
                                 dependency.addEvidence(EvidenceType.VENDOR, source, key, value, Confidence.LOW);
                             } else {
                                 dependency.addEvidence(EvidenceType.VENDOR, source, key, value, Confidence.MEDIUM);
-                                addMatchingValues(classInformation, value, dependency,EvidenceType.VENDOR);
+                                addMatchingValues(classInformation, value, dependency, EvidenceType.VENDOR);
                             }
                         } else if (key.contains("name")) {
                             dependency.addEvidence(EvidenceType.PRODUCT, source, key, value, Confidence.MEDIUM);
                             dependency.addEvidence(EvidenceType.VENDOR, source, key, value, Confidence.MEDIUM);
-                            addMatchingValues(classInformation, value, dependency,EvidenceType.VENDOR);
+                            addMatchingValues(classInformation, value, dependency, EvidenceType.VENDOR);
-                            addMatchingValues(classInformation, value, dependency,EvidenceType.PRODUCT);
+                            addMatchingValues(classInformation, value, dependency, EvidenceType.PRODUCT);
                         } else if (key.contains("license")) {
                             addLicense(dependency, value);
                         } else if (key.contains("description")) {
@@ -1080,6 +1080,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
      * @param classes a collection of class name information
      * @param value the value to check to see if it contains a package name
      * @param dep the dependency to add new entries too
+     * @param type the type of evidence (vendor, product, or version)
      */
     private static void addMatchingValues(List<ClassNameInformation> classes, String value, Dependency dep, EvidenceType type) {
         if (value == null || value.isEmpty() || classes == null || classes.isEmpty()) {

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java

@@ -57,7 +57,7 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer {
     private static final Logger LOGGER = LoggerFactory.getLogger(NodePackageAnalyzer.class);
     /**
      * A descriptor for the type of dependencies processed or added by this
-     * analyzer
+     * analyzer.
      */
     public static final String DEPENDENCY_ECOSYSTEM = "npm";
     /**

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java

@@ -47,7 +47,7 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
 
     /**
      * A descriptor for the type of dependencies processed or added by this
-     * analyzer
+     * analyzer.
      */
     public static final String DEPENDENCY_ECOSYSTEM = "NuGet";
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java

@@ -61,7 +61,7 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
 
     /**
      * A descriptor for the type of dependencies processed or added by this
-     * analyzer
+     * analyzer.
      */
     public static final String DEPENDENCY_ECOSYSTEM = "Python.Dist";
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java

@@ -50,7 +50,7 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
 
     /**
      * A descriptor for the type of dependencies processed or added by this
-     * analyzer
+     * analyzer.
      */
     public static final String DEPENDENCY_ECOSYSTEM = "Python.Pkg";
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundlerAnalyzer.java

@@ -52,10 +52,11 @@ import org.owasp.dependencycheck.dependency.Dependency;
 public class RubyBundlerAnalyzer extends RubyGemspecAnalyzer {
 
     /**
-     * A descriptor for the type of dependencies processed or added by this analyzer
+     * A descriptor for the type of dependencies processed or added by this
+     * analyzer.
      */
     public static final String DEPENDENCY_ECOSYSTEM = "Ruby.Bundle";
-    
+
     /**
      * The name of the analyzer.
      */

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.java

@@ -52,7 +52,7 @@ public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer {
 
     /**
      * A descriptor for the type of dependencies processed or added by this
-     * analyzer
+     * analyzer.
      */
     public static final String DEPENDENCY_ECOSYSTEM = "Ruby.Bundle";
     /**

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/SwiftPackageManagerAnalyzer.java

@@ -47,7 +47,7 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
 
     /**
      * A descriptor for the type of dependencies processed or added by this
-     * analyzer
+     * analyzer.
      */
     public static final String DEPENDENCY_ECOSYSTEM = "Swift.PM";
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java

@@ -73,8 +73,7 @@ public class CentralSearch {
      * Creates a NexusSearch for the given repository URL.
      *
      * @param settings the configured settings
-     * @throws MalformedURLException thrown if the configured URL is
+     * @throws MalformedURLException thrown if the configured URL is invalid
-     *                               invalid
      */
     public CentralSearch(Settings settings) throws MalformedURLException {
         this.settings = settings;
@@ -102,8 +101,7 @@ public class CentralSearch {
      * @param sha1 the SHA-1 hash string for which to search
      * @return the populated Maven GAV.
      * @throws FileNotFoundException if the specified artifact is not found
-     * @throws IOException           if it's unable to connect to the specified
+     * @throws IOException if it's unable to connect to the specified repository
-     *                               repository
      */
     public List<MavenArtifact> searchSha1(String sha1) throws IOException {
         if (null == sha1 || !sha1.matches("^[0-9A-Fa-f]{40}$")) {
@@ -179,7 +177,7 @@ public class CentralSearch {
                 throw new FileNotFoundException("Artifact not found in Central");
             }
         } else {
-            String errorMessage = "Could not connect to MavenCentral (" + conn.getResponseCode() + "): " + conn.getResponseMessage();
+            final String errorMessage = "Could not connect to MavenCentral (" + conn.getResponseCode() + "): " + conn.getResponseMessage();
             throw new IOException(errorMessage);
         }
         return result;

dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java

@@ -195,22 +195,23 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp
     /**
      * Method that split versions for '.', '|' and '-". Then if a token start
      * with a number and then contains letters, it will split it too. For
-     * example "12a" is splitted in ["12", "a"]. This is done to support correct
+     * example "12a" is split into ["12", "a"]. This is done to support correct
      * comparison of "5.0.3a", "5.0.9" and "5.0.30".
      *
+     * @param s the string to split
      * @return an Array of String containing the tokens to be compared
      */
     private String[] split(String s) {
-        String[] splitted = s.split("(\\.|-)");
+        final Pattern pattern = Pattern.compile("^([\\d]+?)(.*)$");
+        final String[] splitted = s.split("(\\.|-)");
 
-        ArrayList<String> res = new ArrayList<>();
+        final ArrayList<String> res = new ArrayList<>();
         for (String token : splitted) {
             if (token.matches("^[\\d]+?[A-z]+")) {
-                Pattern pattern = Pattern.compile("^([\\d]+?)(.*)$");
+                final Matcher matcher = pattern.matcher(token);
-                Matcher matcher = pattern.matcher(token);
                 matcher.find();
-                String g1 = matcher.group(1);
+                final String g1 = matcher.group(1);
-                String g2 = matcher.group(2);
+                final String g2 = matcher.group(2);
 
                 res.add(g1);
                 res.add(g2);

dependency-check-core/src/main/java/org/owasp/dependencycheck/exception/InitializationException.java

@@ -37,7 +37,7 @@ public class InitializationException extends Exception {
     private boolean fatal = true;
 
     /**
-     * Get the value of fatal
+     * Get the value of fatal.
      *
      * @return the value of fatal
      */
@@ -46,7 +46,7 @@ public class InitializationException extends Exception {
     }
 
     /**
-     * Set the value of fatal
+     * Set the value of fatal.
      *
      * @param fatal new value of fatal
      */

dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/EvidenceMatcher.java

@@ -22,11 +22,11 @@ import org.owasp.dependencycheck.dependency.Confidence;
 import org.owasp.dependencycheck.dependency.Evidence;
 
 /**
- * EvidenceMatcher can match one or more {@link Evidence}s.
+ * EvidenceMatcher can match one or more {@link Evidence}s. By using regular
- * By using regular expressions for some fields and allowing omission of
+ * expressions for some fields and allowing omission of Evidence fields it can
- * Evidence fields it can be used to match more than one occurrence of evidence
+ * be used to match more than one occurrence of evidence to enable hints that
- * to enable hints that work for a range of similar false positives/false negatives.
+ * work for a range of similar false positives/false negatives.
- * 
+ *
  * The EvidenceMatcher is used for processing Evidences of a project's
  * dependencies in conjuction with the {@code <given>} and {@code <remove>}
  * clauses of the hints file.
@@ -41,8 +41,8 @@ public class EvidenceMatcher {
     private String name;
 
     /**
-     * The source that the {@link Evidence} should have for a match.
+     * The source that the {@link Evidence} should have for a match. A
-     * A {@code null}-value is allowed and functions as a wildcard.
+     * {@code null}-value is allowed and functions as a wildcard.
      */
     private String source;
 
@@ -55,23 +55,24 @@ public class EvidenceMatcher {
      * Whether the {@link EvidenceMatcher#value} should be interpreted as a
      * regular expression.
      */
-    private boolean regex=false;
+    private boolean regex = false;
 
-    
     /**
-     * The confidence that the {@link Evidence} should have for a match.
+     * The confidence that the {@link Evidence} should have for a match. A
-     * A {@code null}-value is allowed and functions as a wildcard.
+     * {@code null}-value is allowed and functions as a wildcard.
      */
     private Confidence confidence;
 
     /**
      * Creates a new EvidenceMatcher objects.
      *
-     * @param source the source of the evidence, a source that is {@code null} indicates any source should match.
+     * @param source the source of the evidence, a source that is {@code null}
+     * indicates any source should match.
      * @param name the non-{@code null} name of the evidence.
      * @param value the non-{@code null} value of the evidence.
      * @param regex whether value is a regex.
-     * @param confidence the confidence of the evidence, a confidence that is {@code null} indicates any confidence should match.
+     * @param confidence the confidence of the evidence, a confidence that is
+     * {@code null} indicates any confidence should match.
      */
     public EvidenceMatcher(String source, String name, String value, boolean regex, Confidence confidence) {
         this.source = source;
@@ -83,11 +84,12 @@ public class EvidenceMatcher {
 
     /**
      * Tests whether the given Evidence matches this EvidenceMatcher.
-     * @param evidence
+     *
-     * @return whehter the evidence matches this matcher.
+     * @param evidence the evidence to match
+     * @return whether the evidence matches this matcher
      */
     public boolean matches(Evidence evidence) {
-        return sourceMatches(evidence) 
+        return sourceMatches(evidence)
                 && confidenceMatches(evidence)
                 && name.equalsIgnoreCase(evidence.getName())
                 && valueMatches(evidence);
@@ -100,11 +102,13 @@ public class EvidenceMatcher {
      */
     @Override
     public String toString() {
-        return "HintEvidenceMatcher{" + "name=" + name + ", source=" + source + ", value=" + value + ", confidence=" + confidence + ", regex=" + regex +'}';
+        return "HintEvidenceMatcher{" + "name=" + name + ", source=" + source + ", value=" + value
+                + ", confidence=" + confidence + ", regex=" + regex + '}';
     }
 
     /**
      * package-private getter to allow testability of the parser without mocking
+     *
      * @return The name property
      */
     String getName() {
@@ -113,6 +117,7 @@ public class EvidenceMatcher {
 
     /**
      * package-private getter to allow testability of the parser without mocking
+     *
      * @return The source property
      */
     String getSource() {
@@ -121,6 +126,7 @@ public class EvidenceMatcher {
 
     /**
      * package-private getter to allow testability of the parser without mocking
+     *
      * @return The value property
      */
     String getValue() {
@@ -129,6 +135,7 @@ public class EvidenceMatcher {
 
     /**
      * package-private getter to allow testability of the parser without mocking
+     *
      * @return The regex property
      */
     boolean isRegex() {
@@ -137,6 +144,7 @@ public class EvidenceMatcher {
 
     /**
      * package-private getter to allow testability of the parser without mocking
+     *
      * @return The confidence property
      */
     Confidence getConfidence() {
@@ -144,13 +152,17 @@ public class EvidenceMatcher {
     }
 
     /**
-     * Checks whether the value of the evidence matches this matcher.
+     * Checks whether the value of the evidence matches this matcher. When
-     * When {@link #isRegEx()} is {@code true} value is used as a 
+     * {@link #isRegEx()} is {@code true} value is used as a
-     * {@link java.util.regex.Pattern} that it should match. Otherwise the 
+     * {@link java.util.regex.Pattern} that it should match. Otherwise the value
-     * value must be case-insensitive equal to the evidence's value.
+     * must be case-insensitive equal to the evidence's value.
-     * 
+     *
      * Uses {@link Evidence#getValue(java.lang.Boolean) to avoid setting
      * evidences to used while just checking for a match.
+     *
+     * @param evidence the evidence to match
+     * @return <code>true</code> if the evidence matches; otherwise
+     * <code>false</code>
      */
     private boolean valueMatches(Evidence evidence) {
         boolean result;
@@ -163,30 +175,30 @@ public class EvidenceMatcher {
     }
 
     /**
-     * Checks whether the source of the evidence matches this matcher.
+     * Checks whether the source of the evidence matches this matcher. If our
-     * If our source is {@code null} any source in the evidence matches.
+     * source is {@code null} any source in the evidence matches. Otherwise the
-     * Otherwise the source in the evidence must be case-insensitive equal to 
+     * source in the evidence must be case-insensitive equal to our source.
-     * our source.
      *
      * @param evidence The evidence to inspect
-     * @return {@code true} is the source of the evidence matches, false otherwise.
+     * @return {@code true} is the source of the evidence matches, false
+     * otherwise.
      */
     private boolean sourceMatches(Evidence evidence) {
         return this.source == null || source.equalsIgnoreCase(evidence.getSource());
     }
-    
+
     /**
-     * Checks whether the confidence of the evidence matches this matcher.
+     * Checks whether the confidence of the evidence matches this matcher. If
-     * If our confidence is {@code null} any confidence in the evidence matches.
+     * our confidence is {@code null} any confidence in the evidence matches.
      * Otherwise the confidence in the evidence must be exactly equal to our
      * confidence.
      *
      * @param evidence The evidence to inspect
-     * @return {@code true} is the confidence of the evidence matches, false otherwise.
+     * @return {@code true} is the confidence of the evidence matches, false
+     * otherwise.
      */
     private boolean confidenceMatches(Evidence evidence) {
         return this.confidence == null || confidence.equals(evidence.getConfidence());
     }
-    
+
-    
 }

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CentralAnalyzerTest.java

@@ -50,18 +50,20 @@ public class CentralAnalyzerTest {
     @Test
     @SuppressWarnings("PMD.NonStaticInitializer")
     public void testFetchMavenArtifactsWithoutException(@Mocked final CentralSearch centralSearch,
-                                                        @Mocked final Dependency dependency)
+            @Mocked final Dependency dependency)
             throws IOException {
 
         CentralAnalyzer instance = new CentralAnalyzer();
-        instance.searcher = centralSearch;
+        instance.setCentralSearch(centralSearch);
         specifySha1SumFor(dependency);
 
         final List<MavenArtifact> expectedMavenArtifacts = Collections.emptyList();
-        new Expectations() {{
+        new Expectations() {
-            centralSearch.searchSha1(SHA1_SUM);
+            {
-            returns(expectedMavenArtifacts);
+                centralSearch.searchSha1(SHA1_SUM);
-        }};
+                returns(expectedMavenArtifacts);
+            }
+        };
 
         final List<MavenArtifact> actualMavenArtifacts = instance.fetchMavenArtifacts(dependency);
 
@@ -71,20 +73,22 @@ public class CentralAnalyzerTest {
     @Test
     @SuppressWarnings("PMD.NonStaticInitializer")
     public void testFetchMavenArtifactsWithSporadicIOException(@Mocked final CentralSearch centralSearch,
-                                                               @Mocked final Dependency dependency)
+            @Mocked final Dependency dependency)
             throws IOException {
 
         CentralAnalyzer instance = new CentralAnalyzer();
-        instance.searcher = centralSearch;
+        instance.setCentralSearch(centralSearch);
         specifySha1SumFor(dependency);
 
         final List<MavenArtifact> expectedMavenArtifacts = Collections.emptyList();
-        new Expectations() {{
+        new Expectations() {
-            centralSearch.searchSha1(SHA1_SUM);
+            {
-            result = new IOException("Could not connect to MavenCentral (500): Internal Server Error");
+                centralSearch.searchSha1(SHA1_SUM);
-            result = new IOException("Could not connect to MavenCentral (500): Internal Server Error");
+                result = new IOException("Could not connect to MavenCentral (500): Internal Server Error");
-            result = expectedMavenArtifacts;
+                result = new IOException("Could not connect to MavenCentral (500): Internal Server Error");
-        }};
+                result = expectedMavenArtifacts;
+            }
+        };
 
         final List<MavenArtifact> actualMavenArtifacts = instance.fetchMavenArtifacts(dependency);
 
@@ -94,17 +98,19 @@ public class CentralAnalyzerTest {
     @Test(expected = FileNotFoundException.class)
     @SuppressWarnings("PMD.NonStaticInitializer")
     public void testFetchMavenArtifactsRethrowsFileNotFoundException(@Mocked final CentralSearch centralSearch,
-                                                                     @Mocked final Dependency dependency)
+            @Mocked final Dependency dependency)
             throws IOException {
 
         CentralAnalyzer instance = new CentralAnalyzer();
-        instance.searcher = centralSearch;
+        instance.setCentralSearch(centralSearch);
         specifySha1SumFor(dependency);
 
-        new Expectations() {{
+        new Expectations() {
-            centralSearch.searchSha1(SHA1_SUM);
+            {
-            result = new FileNotFoundException("Artifact not found in Central");
+                centralSearch.searchSha1(SHA1_SUM);
-        }};
+                result = new FileNotFoundException("Artifact not found in Central");
+            }
+        };
 
         instance.fetchMavenArtifacts(dependency);
     }
@@ -112,35 +118,39 @@ public class CentralAnalyzerTest {
     @Test(expected = IOException.class)
     @SuppressWarnings("PMD.NonStaticInitializer")
     public void testFetchMavenArtifactsAlwaysThrowsIOException(@Mocked final CentralSearch centralSearch,
-                                                               @Mocked final Dependency dependency)
+            @Mocked final Dependency dependency)
             throws IOException {
 
         CentralAnalyzer instance = new CentralAnalyzer();
-        instance.searcher = centralSearch;
+        instance.setCentralSearch(centralSearch);
         specifySha1SumFor(dependency);
 
-        new Expectations() {{
+        new Expectations() {
-            centralSearch.searchSha1(SHA1_SUM);
+            {
-            result = new IOException("no internet connection");
+                centralSearch.searchSha1(SHA1_SUM);
-        }};
+                result = new IOException("no internet connection");
+            }
+        };
 
         instance.fetchMavenArtifacts(dependency);
     }
 
     @Test(expected = AnalysisException.class)
     @SuppressWarnings("PMD.NonStaticInitializer")
-    public void testFetchMavenArtifactsAlwaysThrowsIOExceptionLetsTheAnalysisFail(@Mocked final CentralSearch centralSearch,
+    public void testFetchMavenArtifactsAlwaysThrowsIOExceptionLetsTheAnalysisFail(
-                                                                                  @Mocked final Dependency dependency)
+            @Mocked final CentralSearch centralSearch, @Mocked final Dependency dependency)
             throws AnalysisException, IOException {
 
         CentralAnalyzer instance = new CentralAnalyzer();
-        instance.searcher = centralSearch;
+        instance.setCentralSearch(centralSearch);
         specifySha1SumFor(dependency);
 
-        new Expectations() {{
+        new Expectations() {
-            centralSearch.searchSha1(SHA1_SUM);
+            {
-            result = new IOException("no internet connection");
+                centralSearch.searchSha1(SHA1_SUM);
-        }};
+                result = new IOException("no internet connection");
+            }
+        };
 
         instance.analyze(dependency, null);
     }
@@ -164,9 +174,11 @@ public class CentralAnalyzerTest {
      */
     @SuppressWarnings("PMD.NonStaticInitializer")
     private void specifySha1SumFor(final Dependency dependency) {
-        new Expectations() {{
+        new Expectations() {
-            dependency.getSha1sum();
+            {
-            returns(SHA1_SUM);
+                dependency.getSha1sum();
-        }};
+                returns(SHA1_SUM);
+            }
+        };
     }
 }

src/main/config/checkstyle-header.txt

@@ -13,6 +13,6 @@
 ^ \* See the License for the specific language governing permissions and\s*$
 ^ \* limitations under the License\.\s*$
 ^ \*\s*$
-^ \* Copyright \(c\) 201[0-9] (Jeremy Long|Steve Springett|Stefan Neuhaus|Bianca Jiang|Josh Cain|IBM Corporation|The OWASP Foundation|Institute for Defense Analyses)\. All Rights Reserved\.\s*$
+^ \* Copyright \(c\) 201[0-9] (Jeremy Long|Steve Springett|Stefan Neuhaus|Bianca Jiang|Josh Cain|IBM Corporation|The OWASP Foundation|Institute for Defense Analyses|Hans Aikema)\. All Rights Reserved\.\s*$
 ^ \*/\s*$
 ^package