From 3fad29a70931681d2032ccef63eb9975c1fd85e1 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 13 Sep 2015 10:22:25 -0700
Subject: [PATCH 1/7] Enabled lint check and deprecation warnings during
 compilation.

---
 dependency-check-core/pom.xml | 7 -------
 pom.xml                       | 3 ++-
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index 4bdfc39a2..818820549 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -210,13 +210,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
                     </systemProperties>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
-                <configuration>
-                    <compilerArgument>-Xlint:unchecked</compilerArgument>
-                </configuration>
-            </plugin>
         </plugins>
     </build>
     <reporting>
diff --git a/pom.xml b/pom.xml
index 26ffdfb06..7d6f44fc5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -242,7 +242,8 @@ Copyright (c) 2012 - Jeremy Long
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
                 <configuration>
-                    <showDeprecation>false</showDeprecation>
+                    <compilerArgument>-Xlint</compilerArgument>
+                    <showDeprecation>true</showDeprecation>
                     <source>1.6</source>
                     <target>1.6</target>
                 </configuration>

From c4d8d7abf4f1c8c85607339ae30403b558e33d46 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 13 Sep 2015 10:22:44 -0700
Subject: [PATCH 2/7] Removed redundant maven-compiler-plugin declaration.

---
 dependency-check-ant/pom.xml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index aaeed81e6..645b038df 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -190,10 +190,6 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
                     </execution>
                 </executions>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jar-plugin</artifactId>

From 4f5d5f1afdc481af2670820047e104fa370f4d45 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 13 Sep 2015 10:30:08 -0700
Subject: [PATCH 3/7] Added missing serialVersionUID.

---
 .../owasp/dependencycheck/ant/logging/AntLoggerAdapter.java  | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/ant/logging/AntLoggerAdapter.java b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/ant/logging/AntLoggerAdapter.java
index 6e7784a4e..15b1430dc 100644
--- a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/ant/logging/AntLoggerAdapter.java
+++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/ant/logging/AntLoggerAdapter.java
@@ -30,6 +30,11 @@ import org.slf4j.helpers.MessageFormatter;
  */
 public class AntLoggerAdapter extends MarkerIgnoringBase {
 
+    /**
+     * The serial version UID for serialization.
+     */
+    private static final long serialVersionUID = 1L;
+
     /**
      * A reference to the Ant task used for logging.
      */

From 0efc9d1cd211c4a515f07aba233921854babcde4 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 13 Sep 2015 10:34:19 -0700
Subject: [PATCH 4/7] Added missing serialVersionUID.

---
 .../dependencycheck/maven/slf4j/MavenLoggerAdapter.java      | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/slf4j/MavenLoggerAdapter.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/slf4j/MavenLoggerAdapter.java
index f1ab7b953..6f2b9054f 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/slf4j/MavenLoggerAdapter.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/slf4j/MavenLoggerAdapter.java
@@ -28,6 +28,11 @@ import org.slf4j.helpers.MessageFormatter;
  */
 public class MavenLoggerAdapter extends MarkerIgnoringBase {
 
+    /**
+     * The serial version UID for serialization.
+     */
+    private static final long serialVersionUID = 1L;
+
     /**
      * A reference to the Maven log.
      */

From f17d8f38fb205d5d938b49ff429e756f9c6c4a07 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 13 Sep 2015 10:48:03 -0700
Subject: [PATCH 5/7] Replaced equals and hashCode to leverage builders instead
 of deprecated ObjectUtils methods.

---
 .../dependency/Dependency.java                | 62 +++++++++++--------
 1 file changed, 37 insertions(+), 25 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
index a847aba13..64976cc97 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
@@ -28,7 +28,8 @@ import java.util.Set;
 import java.util.SortedSet;
 import java.util.TreeSet;
 
-import org.apache.commons.lang3.ObjectUtils;
+import org.apache.commons.lang3.builder.EqualsBuilder;
+import org.apache.commons.lang3.builder.HashCodeBuilder;
 import org.owasp.dependencycheck.data.nexus.MavenArtifact;
 import org.owasp.dependencycheck.utils.Checksum;
 import org.slf4j.Logger;
@@ -712,21 +713,24 @@ public class Dependency implements Serializable, Comparable<Dependency> {
             return false;
         }
         final Dependency other = (Dependency) obj;
-        return ObjectUtils.equals(this.actualFilePath, other.actualFilePath)
-                && ObjectUtils.equals(this.filePath, other.filePath)
-                && ObjectUtils.equals(this.fileName, other.fileName)
-                && ObjectUtils.equals(this.md5sum, other.md5sum)
-                && ObjectUtils.equals(this.sha1sum, other.sha1sum)
-                && ObjectUtils.equals(this.identifiers, other.identifiers)
-                && ObjectUtils.equals(this.vendorEvidence, other.vendorEvidence)
-                && ObjectUtils.equals(this.productEvidence, other.productEvidence)
-                && ObjectUtils.equals(this.versionEvidence, other.versionEvidence)
-                && ObjectUtils.equals(this.description, other.description)
-                && ObjectUtils.equals(this.license, other.license)
-                && ObjectUtils.equals(this.vulnerabilities, other.vulnerabilities)
-                //&& ObjectUtils.equals(this.relatedDependencies, other.relatedDependencies)
-                && ObjectUtils.equals(this.projectReferences, other.projectReferences)
-                && ObjectUtils.equals(this.availableVersions, other.availableVersions);
+        return new EqualsBuilder()
+            .appendSuper(super.equals(obj))
+            .append(this.actualFilePath, other.actualFilePath)
+            .append(this.filePath, other.filePath)
+            .append(this.fileName, other.fileName)
+            .append(this.md5sum, other.md5sum)
+            .append(this.sha1sum, other.sha1sum)
+            .append(this.identifiers, other.identifiers)
+            .append(this.vendorEvidence, other.vendorEvidence)
+            .append(this.productEvidence, other.productEvidence)
+            .append(this.versionEvidence, other.versionEvidence)
+            .append(this.description, other.description)
+            .append(this.license, other.license)
+            .append(this.vulnerabilities, other.vulnerabilities)
+            //.append(this.relatedDependencies, other.relatedDependencies)
+            .append(this.projectReferences, other.projectReferences)
+            .append(this.availableVersions, other.availableVersions)
+            .isEquals();
     }
 
     /**
@@ -736,15 +740,23 @@ public class Dependency implements Serializable, Comparable<Dependency> {
      */
     @Override
     public int hashCode() {
-        int hash = MAGIC_HASH_INIT_VALUE;
-        for (Object field : new Object[]{this.actualFilePath, this.filePath, this.fileName, this.md5sum,
-            this.sha1sum, this.identifiers, this.vendorEvidence, this.productEvidence, this.versionEvidence,
-            this.description, this.license, this.vulnerabilities,
-            //this.relatedDependencies,
-            this.projectReferences, this.availableVersions}) {
-            hash = MAGIC_HASH_MULTIPLIER * hash + ObjectUtils.hashCode(field);
-        }
-        return hash;
+        return new HashCodeBuilder(MAGIC_HASH_INIT_VALUE, MAGIC_HASH_MULTIPLIER)
+            .append(actualFilePath)
+            .append(filePath)
+            .append(fileName)
+            .append(md5sum)
+            .append(sha1sum)
+            .append(identifiers)
+            .append(vendorEvidence)
+            .append(productEvidence)
+            .append(versionEvidence)
+            .append(description)
+            .append(license)
+            .append(vulnerabilities)
+            //.append(relatedDependencies)
+            .append(projectReferences)
+            .append(availableVersions)
+            .toHashCode();
     }
 
     /**

From 9d9b1cbcd5eaa94e0eb85c4e41f1d7bf637fb078 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 13 Sep 2015 10:55:02 -0700
Subject: [PATCH 6/7] Replaced hashCode to leverage builder instead of
 deprecated ObjectUtils methods.

---
 .../owasp/dependencycheck/dependency/Evidence.java  | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java
index e95fe7d11..bb8fc20d6 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java
@@ -19,6 +19,7 @@ package org.owasp.dependencycheck.dependency;
 
 import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.builder.HashCodeBuilder;
 
 import java.io.Serializable;
 
@@ -198,12 +199,12 @@ public class Evidence implements Serializable, Comparable<Evidence> {
      */
     @Override
     public int hashCode() {
-        int hash = MAGIC_HASH_INIT_VALUE;
-        hash = MAGIC_HASH_MULTIPLIER * hash + ObjectUtils.hashCode(StringUtils.lowerCase(this.name));
-        hash = MAGIC_HASH_MULTIPLIER * hash + ObjectUtils.hashCode(StringUtils.lowerCase(this.source));
-        hash = MAGIC_HASH_MULTIPLIER * hash + ObjectUtils.hashCode(StringUtils.lowerCase(this.value));
-        hash = MAGIC_HASH_MULTIPLIER * hash + ObjectUtils.hashCode(this.confidence);
-        return hash;
+        return new HashCodeBuilder(MAGIC_HASH_INIT_VALUE, MAGIC_HASH_MULTIPLIER)
+            .append(StringUtils.lowerCase(name))
+            .append(StringUtils.lowerCase(source))
+            .append(StringUtils.lowerCase(value))
+            .append(confidence)
+            .toHashCode();
     }
 
     /**

From ea4410cd16902734c0a50515665496498ef17360 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Sun, 13 Sep 2015 10:57:54 -0700
Subject: [PATCH 7/7] Added missing serialVersionUID.

---
 .../org/owasp/dependencycheck/InvalidScanPathException.java  | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/InvalidScanPathException.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/InvalidScanPathException.java
index 5868b5d99..092595c84 100644
--- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/InvalidScanPathException.java
+++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/InvalidScanPathException.java
@@ -24,6 +24,11 @@ package org.owasp.dependencycheck;
  */
 class InvalidScanPathException extends Exception {
 
+    /**
+     * The serial version UID for serialization.
+     */
+    private static final long serialVersionUID = 1L;
+
     /**
      * Creates a new InvalidScanPathException.
      */