github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-22 09:09:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

coverity suggested corrections

Browse Source
This commit is contained in:
Jeremy Long
2016-08-21 18:40:28 -04:00
parent 39c2234e38
commit e95e3fb2d0
3 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
View File

@@ -357,10 +357,12 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
*/ */
private void extractFiles(File archive, File destination, Engine engine) throws AnalysisException { private void extractFiles(File archive, File destination, Engine engine) throws AnalysisException {
if (archive != null && destination != null) { if (archive != null && destination != null) {
final String archiveExt = FileUtils.getFileExtension(archive.getName()).toLowerCase(); String archiveExt = FileUtils.getFileExtension(archive.getName());
if (archiveExt == null) { if (archiveExt == null) {
return; return;
} }
archiveExt = archiveExt.toLowerCase();
FileInputStream fis; FileInputStream fis;
try { try {
fis = new FileInputStream(archive); fis = new FileInputStream(archive);

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/SwiftPackageManagerAnalyzer.java
View File

@@ -140,7 +140,7 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer {
//SPM is currently under development for SWIFT 3. Its current metadata includes package name and dependencies. //SPM is currently under development for SWIFT 3. Its current metadata includes package name and dependencies.
//Future interesting metadata: version, license, homepage, author, summary, etc. //Future interesting metadata: version, license, homepage, author, summary, etc.
final String name = addStringEvidence(product, packageDescription, "name", "name", Confidence.HIGHEST); final String name = addStringEvidence(product, packageDescription, "name", "name", Confidence.HIGHEST);
if (!name.isEmpty()) { if (name != null && !name.isEmpty()) {
vendor.addEvidence(SPM_FILE_NAME, "name_project", name, Confidence.HIGHEST); vendor.addEvidence(SPM_FILE_NAME, "name_project", name, Confidence.HIGHEST);
} }
} }

4
dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/PomUtils.java
View File

@@ -90,7 +90,9 @@ public final class PomUtils {
try { try {
final PomParser parser = new PomParser(); final PomParser parser = new PomParser();
model = parser.parse(jar.getInputStream(entry)); model = parser.parse(jar.getInputStream(entry));
LOGGER.debug("Read POM {}", path); if (model == null) {
throw new AnalysisException(String.format("Unable to parse pom '%s/%s'", jar.getName(), path));
}
} catch (SecurityException ex) { } catch (SecurityException ex) {
LOGGER.warn("Unable to parse pom '{}' in jar '{}'; invalid signature", path, jar.getName()); LOGGER.warn("Unable to parse pom '{}' in jar '{}'; invalid signature", path, jar.getName());
LOGGER.debug("", ex); LOGGER.debug("", ex);