coverity suggested updates

2026-01-15 00:03:43 +01:00 · 2017-09-03 21:10:33 -04:00
parent c4ee53e147
commit ed22b6532f
2 changed files with 28 additions and 30 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
@@ -584,7 +584,7 @@ public class Engine implements FileFilter, AutoCloseable {
     * @return the scanned dependency
     * @since v1.4.4
     */
-    protected Dependency scanFile(File file, String projectReference) {
+    protected synchronized Dependency scanFile(File file, String projectReference) {
        Dependency dependency = null;
        if (file.isFile()) {
            if (accept(file)) {
@@ -594,31 +594,30 @@ public class Engine implements FileFilter, AutoCloseable {
                }
                final String sha1 = dependency.getSha1sum();
                boolean found = false;
-                synchronized (dependencies) {
-                    if (sha1 != null) {
-                        for (Dependency existing : dependencies) {
-                            if (sha1.equals(existing.getSha1sum())) {
-                                found = true;
-                                if (projectReference != null) {
-                                    existing.addProjectReference(projectReference);
-                                }
-                                if (existing.getActualFilePath() != null && dependency.getActualFilePath() != null
-                                        && !existing.getActualFilePath().equals(dependency.getActualFilePath())) {
-                                    existing.addRelatedDependency(dependency);
-                                } else {
-                                    dependency = existing;
-                                }
-                                break;
+
+                if (sha1 != null) {
+                    for (Dependency existing : dependencies) {
+                        if (sha1.equals(existing.getSha1sum())) {
+                            found = true;
+                            if (projectReference != null) {
+                                existing.addProjectReference(projectReference);
                            }
+                            if (existing.getActualFilePath() != null && dependency.getActualFilePath() != null
+                                    && !existing.getActualFilePath().equals(dependency.getActualFilePath())) {
+                                existing.addRelatedDependency(dependency);
+                            } else {
+                                dependency = existing;
+                            }
+                            break;
                        }
                    }
-                    if (!found) {
-                        dependencies.add(dependency);
-                    }
                }
-            } else {
-                LOGGER.debug("Path passed to scanFile(File) is not a file that can be scanned by dependency-check: {}. Skipping the file.", file);
+                if (!found) {
+                    dependencies.add(dependency);
+                }
            }
+        } else {
+            LOGGER.debug("Path passed to scanFile(File) is not a file that can be scanned by dependency-check: {}. Skipping the file.", file);
        }
        return dependency;
    }
@@ -778,13 +777,11 @@ public class Engine implements FileFilter, AutoCloseable {
     * @param exceptions the collection of exceptions to collect
     * @return a collection of analysis tasks
     */
-    protected List<AnalysisTask> getAnalysisTasks(Analyzer analyzer, List<Throwable> exceptions) {
+    protected synchronized List<AnalysisTask> getAnalysisTasks(Analyzer analyzer, List<Throwable> exceptions) {
        final List<AnalysisTask> result = new ArrayList<>();
-        synchronized (dependencies) {
-            for (final Dependency dependency : dependencies) {
-                final AnalysisTask task = new AnalysisTask(analyzer, dependency, this, exceptions);
-                result.add(task);
-            }
+        for (final Dependency dependency : dependencies) {
+            final AnalysisTask task = new AnalysisTask(analyzer, dependency, this, exceptions);
+            result.add(task);
        }
        return result;
    }
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
@@ -312,9 +312,10 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
    private boolean isZipFile(final Dependency dependency) {
        final byte[] buffer = new byte[4];
        try (final FileInputStream fileInputStream = new FileInputStream(dependency.getActualFilePath())) {
-            fileInputStream.read(buffer);
-            if (Arrays.equals(buffer, ZIP_FIRST_BYTES) || Arrays.equals(buffer, ZIP_EMPTY_FIRST_BYTES)
-                    || Arrays.equals(buffer, ZIP_SPANNED_FIRST_BYTES)) {
+            if (fileInputStream.read(buffer) > 0
+                    && (Arrays.equals(buffer, ZIP_FIRST_BYTES)
+                    || Arrays.equals(buffer, ZIP_EMPTY_FIRST_BYTES)
+                    || Arrays.equals(buffer, ZIP_SPANNED_FIRST_BYTES))) {
                return true;
            }
        } catch (Exception e) {