github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-04-23 16:58:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

coverity suggested updates

Browse Source
This commit is contained in:
Jeremy Long
2017-09-03 21:10:33 -04:00
parent c4ee53e147
commit ed22b6532f
2 changed files with 28 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
View File

@@ -584,7 +584,7 @@ public class Engine implements FileFilter, AutoCloseable {
* @return the scanned dependency
* @since v1.4.4
*/
protected Dependency scanFile(File file, String projectReference) {
protected synchronized Dependency scanFile(File file, String projectReference) {
Dependency dependency = null;
if (file.isFile()) {
if (accept(file)) {
@@ -594,7 +594,7 @@ public class Engine implements FileFilter, AutoCloseable {
}
final String sha1 = dependency.getSha1sum();
boolean found = false;
synchronized (dependencies) {
if (sha1 != null) {
for (Dependency existing : dependencies) {
if (sha1.equals(existing.getSha1sum())) {
@@ -619,7 +619,6 @@ public class Engine implements FileFilter, AutoCloseable {
} else {
LOGGER.debug("Path passed to scanFile(File) is not a file that can be scanned by dependency-check: {}. Skipping the file.", file);
}
}
return dependency;
}
@@ -778,14 +777,12 @@ public class Engine implements FileFilter, AutoCloseable {
* @param exceptions the collection of exceptions to collect
* @return a collection of analysis tasks
*/
protected List<AnalysisTask> getAnalysisTasks(Analyzer analyzer, List<Throwable> exceptions) {
protected synchronized List<AnalysisTask> getAnalysisTasks(Analyzer analyzer, List<Throwable> exceptions) {
final List<AnalysisTask> result = new ArrayList<>();
synchronized (dependencies) {
for (final Dependency dependency : dependencies) {
final AnalysisTask task = new AnalysisTask(analyzer, dependency, this, exceptions);
result.add(task);
}
}
return result;
}

7
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -312,9 +312,10 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
private boolean isZipFile(final Dependency dependency) {
final byte[] buffer = new byte[4];
try (final FileInputStream fileInputStream = new FileInputStream(dependency.getActualFilePath())) {
fileInputStream.read(buffer);
if (Arrays.equals(buffer, ZIP_FIRST_BYTES) || Arrays.equals(buffer, ZIP_EMPTY_FIRST_BYTES)
|| Arrays.equals(buffer, ZIP_SPANNED_FIRST_BYTES)) {
if (fileInputStream.read(buffer) > 0
&& (Arrays.equals(buffer, ZIP_FIRST_BYTES)
|| Arrays.equals(buffer, ZIP_EMPTY_FIRST_BYTES)
|| Arrays.equals(buffer, ZIP_SPANNED_FIRST_BYTES))) {
return true;
}
} catch (Exception e) {