From 274ac339ad00a658381dba60c725a64ec1a8cca0 Mon Sep 17 00:00:00 2001 From: Anthony Whitford Date: Thu, 8 Oct 2015 00:39:57 -0700 Subject: [PATCH 1/7] Corrected a few bugs in Settings. --- .../owasp/dependencycheck/utils/Settings.java | 29 +++---------------- 1 file changed, 4 insertions(+), 25 deletions(-) diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java index 56e7033c0..e560ff9c5 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -460,12 +460,7 @@ public final class Settings { * @param value the value for the property */ public static void setBoolean(String key, boolean value) { - if (value) { - localSettings.get().props.setProperty(key, Boolean.TRUE.toString()); - } else { - localSettings.get().props.setProperty(key, Boolean.FALSE.toString()); - } - LOGGER.debug("Setting: {}='{}'", key, value); + setString(key, Boolean.toString(value)); } /** @@ -708,7 +703,7 @@ public final class Settings { try { value = Long.parseLong(Settings.getString(key)); } catch (NumberFormatException ex) { - throw new InvalidSettingException("Could not convert property '" + key + "' to an int.", ex); + throw new InvalidSettingException("Could not convert property '" + key + "' to a long.", ex); } return value; } @@ -723,13 +718,7 @@ public final class Settings { * @throws InvalidSettingException is thrown if there is an error retrieving the setting */ public static boolean getBoolean(String key) throws InvalidSettingException { - boolean value; - try { - value = Boolean.parseBoolean(Settings.getString(key)); - } catch (NumberFormatException ex) { - throw new InvalidSettingException("Could not convert property '" + key + "' to an int.", ex); - } - return value; + return Boolean.parseBoolean(Settings.getString(key)); } /** @@ -743,17 +732,7 @@ public final class Settings { * @throws InvalidSettingException is thrown if there is an error retrieving the setting */ public static boolean getBoolean(String key, boolean defaultValue) throws InvalidSettingException { - boolean value; - try { - final String strValue = Settings.getString(key); - if (strValue == null) { - return defaultValue; - } - value = Boolean.parseBoolean(strValue); - } catch (NumberFormatException ex) { - throw new InvalidSettingException("Could not convert property '" + key + "' to an int.", ex); - } - return value; + return Boolean.parseBoolean(Settings.getString(key, Boolean.toString(defaultValue))); } /** From f2a2a91682c93113f6c4c742d0109fb1ee6eecb8 Mon Sep 17 00:00:00 2001 From: Anthony Whitford Date: Thu, 8 Oct 2015 00:56:38 -0700 Subject: [PATCH 2/7] Slight simplification to standard getInt and getLong. --- .../java/org/owasp/dependencycheck/utils/Settings.java | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java index e560ff9c5..6e600d9db 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -659,13 +659,11 @@ public final class Settings { * @throws InvalidSettingException is thrown if there is an error retrieving the setting */ public static int getInt(String key) throws InvalidSettingException { - int value; try { - value = Integer.parseInt(Settings.getString(key)); + return Integer.parseInt(Settings.getString(key)); } catch (NumberFormatException ex) { throw new InvalidSettingException("Could not convert property '" + key + "' to an int.", ex); } - return value; } /** @@ -699,13 +697,11 @@ public final class Settings { * @throws InvalidSettingException is thrown if there is an error retrieving the setting */ public static long getLong(String key) throws InvalidSettingException { - long value; try { - value = Long.parseLong(Settings.getString(key)); + return Long.parseLong(Settings.getString(key)); } catch (NumberFormatException ex) { throw new InvalidSettingException("Could not convert property '" + key + "' to a long.", ex); } - return value; } /** From bc1830d8eb43a87968da6a484d0e35f704adb3f5 Mon Sep 17 00:00:00 2001 From: Anthony Whitford Date: Thu, 8 Oct 2015 20:57:28 -0700 Subject: [PATCH 3/7] Removed redundant call to length for substring. --- .../main/java/org/owasp/dependencycheck/utils/FileUtils.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java index b066bb884..11b0aa3af 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java @@ -61,7 +61,7 @@ public final class FileUtils { String ret = null; final int pos = fileName.lastIndexOf("."); if (pos >= 0) { - ret = fileName.substring(pos + 1, fileName.length()).toLowerCase(); + ret = fileName.substring(pos + 1).toLowerCase(); } return ret; } From 64f373fb43de031dc6fcc23ca8a574c58b86a4ac Mon Sep 17 00:00:00 2001 From: Anthony Whitford Date: Thu, 8 Oct 2015 20:58:20 -0700 Subject: [PATCH 4/7] Removed old warning suppression. --- .../java/org/owasp/dependencycheck/utils/Checksum.java | 7 ------- 1 file changed, 7 deletions(-) diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Checksum.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Checksum.java index 97b254e80..62c0bf4ad 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Checksum.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Checksum.java @@ -57,7 +57,6 @@ public final class Checksum { * @throws IOException when the file does not exist * @throws NoSuchAlgorithmException when an algorithm is specified that does not exist */ - @SuppressWarnings("empty-statement") public static byte[] getChecksum(String algorithm, File file) throws NoSuchAlgorithmException, IOException { MessageDigest digest = MessageDigest.getInstance(algorithm); FileInputStream fis = null; @@ -79,12 +78,6 @@ public final class Checksum { digest.update(byteBuffer); start += amountToRead; } - -// BufferedInputStream bis = new BufferedInputStream(fis); -// DigestInputStream dis = new DigestInputStream(bis, digest); -// //yes, we are reading in a buffer for performance reasons - 1 byte at a time is SLOW -// byte[] buffer = new byte[8192]; -// while (dis.read(buffer) != -1); } finally { if (fis != null) { try { From 24b4741aafa7304e3a94f3bb780d060ea6994119 Mon Sep 17 00:00:00 2001 From: Anthony Whitford Date: Thu, 8 Oct 2015 23:40:14 -0700 Subject: [PATCH 5/7] Removed unnecessary @SuppressWarnings. --- .../java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java index 15bbdcdb1..12b26632b 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java @@ -149,7 +149,6 @@ public final class CpeMemoryIndex { * * @return the CPE Analyzer. */ - @SuppressWarnings("unchecked") private Analyzer createIndexingAnalyzer() { final Map fieldAnalyzers = new HashMap(); fieldAnalyzers.put(Fields.DOCUMENT_KEY, new KeywordAnalyzer()); @@ -161,7 +160,6 @@ public final class CpeMemoryIndex { * * @return the CPE Analyzer. */ - @SuppressWarnings("unchecked") private Analyzer createSearchingAnalyzer() { final Map fieldAnalyzers = new HashMap(); fieldAnalyzers.put(Fields.DOCUMENT_KEY, new KeywordAnalyzer()); From 39f30eab7afcdcdc30cdaa29ef2a19e0c7222b70 Mon Sep 17 00:00:00 2001 From: Anthony Whitford Date: Fri, 9 Oct 2015 00:38:55 -0700 Subject: [PATCH 6/7] Re-use Document and Field instances to minimize GC overhead. See http://wiki.apache.org/lucene-java/ImproveIndexingSpeed --- .../data/cpe/CpeMemoryIndex.java | 31 +++++++------------ 1 file changed, 12 insertions(+), 19 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java index 15bbdcdb1..90ab76711 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java @@ -173,24 +173,6 @@ public final class CpeMemoryIndex { return new PerFieldAnalyzerWrapper(new FieldAnalyzer(LuceneUtils.CURRENT_VERSION), fieldAnalyzers); } - /** - * Saves a CPE IndexEntry into the Lucene index. - * - * @param vendor the vendor to index - * @param product the product to index - * @param indexWriter the index writer to write the entry into - * @throws CorruptIndexException is thrown if the index is corrupt - * @throws IOException is thrown if an IOException occurs - */ - public void saveEntry(String vendor, String product, IndexWriter indexWriter) throws CorruptIndexException, IOException { - final Document doc = new Document(); - final Field v = new TextField(Fields.VENDOR, vendor, Field.Store.YES); - final Field p = new TextField(Fields.PRODUCT, product, Field.Store.YES); - doc.add(v); - doc.add(p); - indexWriter.addDocument(doc); - } - /** * Closes the CPE Index. */ @@ -230,9 +212,20 @@ public final class CpeMemoryIndex { final IndexWriterConfig conf = new IndexWriterConfig(LuceneUtils.CURRENT_VERSION, analyzer); indexWriter = new IndexWriter(index, conf); try { + // Tip: reuse the Document and Fields for performance... + // See "Re-use Document and Field instances" from + // http://wiki.apache.org/lucene-java/ImproveIndexingSpeed + final Document doc = new Document(); + final Field v = new TextField(Fields.VENDOR, Fields.VENDOR, Field.Store.YES); + final Field p = new TextField(Fields.PRODUCT, Fields.PRODUCT, Field.Store.YES); + doc.add(v); + doc.add(p); + final Set> data = cve.getVendorProductList(); for (Pair pair : data) { - saveEntry(pair.getLeft(), pair.getRight(), indexWriter); + v.setStringValue(pair.getLeft()); + p.setStringValue(pair.getRight()); + indexWriter.addDocument(doc); } } catch (DatabaseException ex) { LOGGER.debug("", ex); From 960283bdcf9d4f82fdaeae60c1ff6024f1282880 Mon Sep 17 00:00:00 2001 From: Anthony Whitford Date: Fri, 9 Oct 2015 02:08:07 -0700 Subject: [PATCH 7/7] Do not need or want to call toString for a logger parameter. --- .../org/owasp/dependencycheck/analyzer/CentralAnalyzer.java | 2 +- .../java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java | 2 +- .../org/owasp/dependencycheck/data/central/CentralSearch.java | 2 +- .../java/org/owasp/dependencycheck/dependency/Dependency.java | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java index 70e8d3159..08b9d4f63 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java @@ -192,7 +192,7 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer { final List mas = searcher.searchSha1(dependency.getSha1sum()); final Confidence confidence = mas.size() > 1 ? Confidence.HIGH : Confidence.HIGHEST; for (MavenArtifact ma : mas) { - LOGGER.debug("Central analyzer found artifact ({}) for dependency ({})", ma.toString(), dependency.getFileName()); + LOGGER.debug("Central analyzer found artifact ({}) for dependency ({})", ma, dependency.getFileName()); dependency.addAsEvidence("central", ma, confidence); boolean pomAnalyzed = false; for (Evidence e : dependency.getVendorEvidence()) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java index 9e24f56f5..d3950c793 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java @@ -126,7 +126,7 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer { */ @Override public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException { - LOGGER.debug("Checking Nuspec file {}", dependency.toString()); + LOGGER.debug("Checking Nuspec file {}", dependency); try { final NuspecParser parser = new XPathNuspecParser(); NugetPackage np = null; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java index a5f484c43..d4ba768c1 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java @@ -90,7 +90,7 @@ public class CentralSearch { final URL url = new URL(rootURL + String.format("?q=1:\"%s\"&wt=xml", sha1)); - LOGGER.debug("Searching Central url {}", url.toString()); + LOGGER.debug("Searching Central url {}", url); // Determine if we need to use a proxy. The rules: // 1) If the proxy is set, AND the setting is set to true, use the proxy diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java index 85588f093..457bb4cb3 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java @@ -341,7 +341,7 @@ public class Dependency implements Serializable, Comparable { } } if (!found) { - LOGGER.debug("Adding new maven identifier {}", mavenArtifact.toString()); + LOGGER.debug("Adding new maven identifier {}", mavenArtifact); this.addIdentifier("maven", mavenArtifact.toString(), mavenArtifact.getArtifactUrl(), Confidence.HIGHEST); } }