diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
index ae1bb5e9f..5cd139ccc 100644
--- a/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
+++ b/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
@@ -43,6 +43,18 @@ import org.owasp.dependencycheck.utils.DependencyVersionUtil;
*/
public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Analyzer {
+ //
+ /**
+ * A pattern for obtaining the first part of a filename.
+ */
+ private static final Pattern STARTING_TEXT_PATTERN = Pattern.compile("^[a-zA-Z]*");
+ /**
+ * a flag indicating if this analyzer has run. This analyzer only runs once.
+ */
+ private boolean analyzed = false;
+ //
+
+ //
/**
* The set of file extensions supported by this analyzer.
*/
@@ -55,14 +67,8 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
* The phase that this analyzer is intended to run in.
*/
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.PRE_FINDING_ANALYSIS;
- /**
- * A pattern for obtaining the first part of a filename.
- */
- private static final Pattern STARTING_TEXT_PATTERN = Pattern.compile("^[a-zA-Z]*");
-
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
- *
* @return a list of file EXTENSIONS supported by this analyzer.
*/
public Set getSupportedExtensions() {
@@ -71,7 +77,6 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
/**
* Returns the name of the analyzer.
- *
* @return the name of the analyzer.
*/
public String getName() {
@@ -80,7 +85,6 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
/**
* Returns whether or not this analyzer can process the given extension.
- *
* @param extension the file extension to test for support
* @return whether or not the specified file extension is supported by this
* analyzer.
@@ -91,16 +95,12 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
/**
* Returns the phase that the analyzer is intended to run in.
- *
* @return the phase that the analyzer is intended to run in.
*/
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
- /**
- * a flag indicating if this analyzer has run. This analyzer only runs once.
- */
- private boolean analyzed = false;
+ //
/**
* Analyzes a set of dependencies. If they have been found to have the same
diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java
index 5c0e7336d..9dfebbe78 100644
--- a/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java
+++ b/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java
@@ -41,6 +41,7 @@ import org.owasp.dependencycheck.utils.Settings;
*/
public class FalsePositiveAnalyzer extends AbstractAnalyzer {
+ //
/**
* The set of file extensions supported by this analyzer.
*/
@@ -56,7 +57,6 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
- *
* @return a list of file EXTENSIONS supported by this analyzer.
*/
public Set getSupportedExtensions() {
@@ -65,7 +65,6 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
/**
* Returns the name of the analyzer.
- *
* @return the name of the analyzer.
*/
public String getName() {
@@ -74,27 +73,26 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
/**
* Returns whether or not this analyzer can process the given extension.
- *
* @param extension the file extension to test for support
* @return whether or not the specified file extension is supported by this
* analyzer.
*/
public boolean supportsExtension(String extension) {
- return true; //EXTENSIONS.contains(extension);
+ return true;
}
/**
* Returns the phase that the analyzer is intended to run in.
- *
* @return the phase that the analyzer is intended to run in.
*/
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
+ //
/**
- *
- *
+ * Analyzes the dependencies and removes bad/incorrect CPE associations
+ * based on various heuristics.
* @param dependency the dependency to analyze.
* @param engine the engine that is scanning the dependencies
* @throws AnalysisException is thrown if there is an error reading the JAR
@@ -232,6 +230,5 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
itr.remove();
}
}
-
}
}
diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java
index 9d33103fc..d92723277 100644
--- a/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java
+++ b/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java
@@ -31,6 +31,7 @@ import org.owasp.dependencycheck.Engine;
*/
public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
+ //
/**
* The name of the analyzer.
*/
@@ -46,7 +47,6 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
- *
* @return a list of file EXTENSIONS supported by this analyzer.
*/
public Set getSupportedExtensions() {
@@ -55,7 +55,6 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
/**
* Returns the name of the analyzer.
- *
* @return the name of the analyzer.
*/
public String getName() {
@@ -64,7 +63,6 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
/**
* Returns whether or not this analyzer can process the given extension.
- *
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by this
* analyzer.
@@ -75,12 +73,12 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
/**
* Returns the phase that the analyzer is intended to run in.
- *
* @return the phase that the analyzer is intended to run in.
*/
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
+ //
/**
* Collects information about the file name.
diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java
index f15e48075..e27565651 100644
--- a/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java
+++ b/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java
@@ -29,6 +29,7 @@ import org.owasp.dependencycheck.dependency.Evidence;
*/
public class HintAnalyzer extends AbstractAnalyzer implements Analyzer {
+ //
/**
* The name of the analyzer.
*/
@@ -41,10 +42,8 @@ public class HintAnalyzer extends AbstractAnalyzer implements Analyzer {
* The set of file extensions supported by this analyzer.
*/
private static final Set EXTENSIONS = null;
-
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
- *
* @return a list of file EXTENSIONS supported by this analyzer.
*/
public Set getSupportedExtensions() {
@@ -53,7 +52,6 @@ public class HintAnalyzer extends AbstractAnalyzer implements Analyzer {
/**
* Returns the name of the analyzer.
- *
* @return the name of the analyzer.
*/
public String getName() {
@@ -62,7 +60,6 @@ public class HintAnalyzer extends AbstractAnalyzer implements Analyzer {
/**
* Returns whether or not this analyzer can process the given extension.
- *
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by this
* analyzer.
@@ -73,12 +70,12 @@ public class HintAnalyzer extends AbstractAnalyzer implements Analyzer {
/**
* Returns the phase that the analyzer is intended to run in.
- *
* @return the phase that the analyzer is intended to run in.
*/
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
+ //
/**
* The HintAnalyzer uses knowledge about a dependency to add additional information
diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
index f328297ae..139d6b4ee 100644
--- a/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
+++ b/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
@@ -71,18 +71,11 @@ import org.xml.sax.XMLReader;
*/
public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
+ //
/**
* The system independent newline character.
*/
private static final String NEWLINE = System.getProperty("line.separator");
- /**
- * The name of the analyzer.
- */
- private static final String ANALYZER_NAME = "Jar Analyzer";
- /**
- * The phase that this analyzer is intended to run in.
- */
- private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
/**
* A list of elements in the manifest to ignore.
*/
@@ -110,10 +103,7 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
"bundle-manifestversion",
"bundlemanifestversion",
"include-resource");
- /**
- * The set of file extensions supported by this analyzer.
- */
- private static final Set EXTENSIONS = newHashSet("jar");
+
/**
* item in some manifest, should be considered medium confidence.
*/
@@ -130,10 +120,15 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
* item in some manifest, should be considered medium confidence.
*/
private static final String BUNDLE_VENDOR = "Bundle-Vendor"; //: Apache Software Foundation
+ /**
+ * A pattern to detect HTML within text.
+ */
+ private static final Pattern HTML_DETECTION_PATTERN = Pattern.compile("\\<[a-z]+.*/?\\>", Pattern.CASE_INSENSITIVE);
/**
* The unmarshaller used to parse the pom.xml from a JAR file.
*/
private Unmarshaller pomUnmarshaller;
+ //
/**
* Constructs a new JarAnalyzer.
@@ -147,27 +142,35 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
}
}
+ //
+ /**
+ * The name of the analyzer.
+ */
+ private static final String ANALYZER_NAME = "Jar Analyzer";
+ /**
+ * The phase that this analyzer is intended to run in.
+ */
+ private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
+ /**
+ * The set of file extensions supported by this analyzer.
+ */
+ private static final Set EXTENSIONS = newHashSet("jar");
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
- *
* @return a list of file EXTENSIONS supported by this analyzer.
*/
public Set getSupportedExtensions() {
return EXTENSIONS;
}
-
/**
* Returns the name of the analyzer.
- *
* @return the name of the analyzer.
*/
public String getName() {
return ANALYZER_NAME;
}
-
/**
* Returns whether or not this analyzer can process the given extension.
- *
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by this
* analyzer.
@@ -175,7 +178,6 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
public boolean supportsExtension(String extension) {
return EXTENSIONS.contains(extension);
}
-
/**
* Returns the phase that the analyzer is intended to run in.
*
@@ -184,6 +186,7 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
+ //
/**
* Loads a specified JAR file and collects information from the manifest and
@@ -217,10 +220,6 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
throw new AnalysisException("Exception occurred reading the JAR file.", ex);
}
}
- /**
- * A pattern to detect HTML within text.
- */
- private static final Pattern HTML_DETECTION_PATTERN = Pattern.compile("\\<[a-z]+.*/?\\>", Pattern.CASE_INSENSITIVE);
/**
* Attempts to find a pom.xml within the JAR file. If found it extracts
diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java
index c2462c5db..c377b92ac 100644
--- a/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java
+++ b/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java
@@ -31,11 +31,8 @@ import java.util.regex.Pattern;
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer {
-
- /**
- * The system independent newline character.
- */
- private static final String NEWLINE = System.getProperty("line.separator");
+
+ //
/**
* The name of the analyzer.
*/
@@ -51,7 +48,6 @@ public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer {
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
- *
* @return a list of file EXTENSIONS supported by this analyzer.
*/
public Set getSupportedExtensions() {
@@ -60,7 +56,6 @@ public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer {
/**
* Returns the name of the analyzer.
- *
* @return the name of the analyzer.
*/
public String getName() {
@@ -69,7 +64,6 @@ public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer {
/**
* Returns whether or not this analyzer can process the given extension.
- *
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by this
* analyzer.
@@ -80,12 +74,17 @@ public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer {
/**
* Returns the phase that the analyzer is intended to run in.
- *
* @return the phase that the analyzer is intended to run in.
*/
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
+ //
+
+ /**
+ * The system independent newline character.
+ */
+ private static final String NEWLINE = System.getProperty("line.separator");
/**
* Loads a specified JAR file and collects information from the manifest and