coverity suggested updates

dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java

@@ -584,7 +584,7 @@ public class Engine implements FileFilter, AutoCloseable {
      * @return the scanned dependency
      * @since v1.4.4
      */
-    protected Dependency scanFile(File file, String projectReference) {
+    protected synchronized Dependency scanFile(File file, String projectReference) {
         Dependency dependency = null;
         if (file.isFile()) {
             if (accept(file)) {
@@ -594,7 +594,7 @@ public class Engine implements FileFilter, AutoCloseable {
                 }
                 final String sha1 = dependency.getSha1sum();
                 boolean found = false;
-                synchronized (dependencies) {
+
                 if (sha1 != null) {
                     for (Dependency existing : dependencies) {
                         if (sha1.equals(existing.getSha1sum())) {
@@ -619,7 +619,6 @@ public class Engine implements FileFilter, AutoCloseable {
         } else {
             LOGGER.debug("Path passed to scanFile(File) is not a file that can be scanned by dependency-check: {}. Skipping the file.", file);
         }
-        }
         return dependency;
     }
 
@@ -778,14 +777,12 @@ public class Engine implements FileFilter, AutoCloseable {
      * @param exceptions the collection of exceptions to collect
      * @return a collection of analysis tasks
      */
-    protected List<AnalysisTask> getAnalysisTasks(Analyzer analyzer, List<Throwable> exceptions) {
+    protected synchronized List<AnalysisTask> getAnalysisTasks(Analyzer analyzer, List<Throwable> exceptions) {
         final List<AnalysisTask> result = new ArrayList<>();
-        synchronized (dependencies) {
         for (final Dependency dependency : dependencies) {
             final AnalysisTask task = new AnalysisTask(analyzer, dependency, this, exceptions);
             result.add(task);
         }
-        }
         return result;
     }
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java

@@ -312,9 +312,10 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
     private boolean isZipFile(final Dependency dependency) {
         final byte[] buffer = new byte[4];
         try (final FileInputStream fileInputStream = new FileInputStream(dependency.getActualFilePath())) {
-            fileInputStream.read(buffer);
+            if (fileInputStream.read(buffer) > 0
-            if (Arrays.equals(buffer, ZIP_FIRST_BYTES) || Arrays.equals(buffer, ZIP_EMPTY_FIRST_BYTES)
+                    && (Arrays.equals(buffer, ZIP_FIRST_BYTES)
-                    || Arrays.equals(buffer, ZIP_SPANNED_FIRST_BYTES)) {
+                    || Arrays.equals(buffer, ZIP_EMPTY_FIRST_BYTES)
+                    || Arrays.equals(buffer, ZIP_SPANNED_FIRST_BYTES))) {
                 return true;
             }
         } catch (Exception e) {