From 52293f25968c9bfaabedd8dfc6b94e61d71386a1 Mon Sep 17 00:00:00 2001 From: Hans Joachim Desserud Date: Sat, 10 Jan 2015 19:28:12 +0100 Subject: [PATCH 1/5] More elaborate comment on issue which should be fixed once the next release of ant-testutil is out Former-commit-id: e65ea8afeeb2cc631385ad6bf1e80c7cee745c7a --- .../dependencycheck/taskdefs/DependencyCheckTaskTest.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/dependency-check-ant/src/test/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTaskTest.java b/dependency-check-ant/src/test/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTaskTest.java index d78cae5f6..758f4a549 100644 --- a/dependency-check-ant/src/test/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTaskTest.java +++ b/dependency-check-ant/src/test/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTaskTest.java @@ -31,8 +31,9 @@ import org.owasp.dependencycheck.utils.Settings; */ public class DependencyCheckTaskTest extends BuildFileTest { //TODO: The use of deprecated class BuildFileTestcan possibly - //be replaced with BuildFileRule. However, it doesn't seem to be included - //in the ant-testutil jar. + //be replaced with BuildFileRule. However, it currently isn't included in the ant-testutil jar. + //This should be fixed in ant-testutil 1.9.5, so we can check back once that has been released. + //Reference: http://mail-archives.apache.org/mod_mbox/ant-user/201406.mbox/%3C000001cf87ba$8949b690$9bdd23b0$@de%3E @Before @Override From 9f348cfa16d857f665160457fc68af2b8f0a8ecc Mon Sep 17 00:00:00 2001 From: Hans Joachim Desserud Date: Sat, 10 Jan 2015 19:36:29 +0100 Subject: [PATCH 2/5] The Version-less constructor for StopFilter will simply default to Version.LATEST under the hood which is exactly what we send in. Former-commit-id: cc3010532e9203d663d977f0df0892d8f5694b5f --- .../dependencycheck/data/cpe/CpeMemoryIndex.java | 8 ++++---- .../dependencycheck/data/lucene/FieldAnalyzer.java | 13 ++----------- .../data/lucene/SearchFieldAnalyzer.java | 12 ++---------- .../data/lucene/FieldAnalyzerTest.java | 6 +++--- 4 files changed, 11 insertions(+), 28 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java index edd7da7c0..e3fc75bae 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java @@ -153,7 +153,7 @@ public final class CpeMemoryIndex { private Analyzer createIndexingAnalyzer() { final Map fieldAnalyzers = new HashMap(); fieldAnalyzers.put(Fields.DOCUMENT_KEY, new KeywordAnalyzer()); - return new PerFieldAnalyzerWrapper(new FieldAnalyzer(LuceneUtils.CURRENT_VERSION), fieldAnalyzers); + return new PerFieldAnalyzerWrapper(new FieldAnalyzer(), fieldAnalyzers); } /** @@ -165,12 +165,12 @@ public final class CpeMemoryIndex { private Analyzer createSearchingAnalyzer() { final Map fieldAnalyzers = new HashMap(); fieldAnalyzers.put(Fields.DOCUMENT_KEY, new KeywordAnalyzer()); - productSearchFieldAnalyzer = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION); - vendorSearchFieldAnalyzer = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION); + productSearchFieldAnalyzer = new SearchFieldAnalyzer(); + vendorSearchFieldAnalyzer = new SearchFieldAnalyzer(); fieldAnalyzers.put(Fields.PRODUCT, productSearchFieldAnalyzer); fieldAnalyzers.put(Fields.VENDOR, vendorSearchFieldAnalyzer); - return new PerFieldAnalyzerWrapper(new FieldAnalyzer(LuceneUtils.CURRENT_VERSION), fieldAnalyzers); + return new PerFieldAnalyzerWrapper(new FieldAnalyzer(), fieldAnalyzers); } /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/FieldAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/FieldAnalyzer.java index 8eb1c1b35..797733edb 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/FieldAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/FieldAnalyzer.java @@ -25,7 +25,6 @@ import org.apache.lucene.analysis.core.LowerCaseFilter; import org.apache.lucene.analysis.core.StopAnalyzer; import org.apache.lucene.analysis.core.StopFilter; import org.apache.lucene.analysis.miscellaneous.WordDelimiterFilter; -import org.apache.lucene.util.Version; /** *

@@ -36,19 +35,11 @@ import org.apache.lucene.util.Version; */ public class FieldAnalyzer extends Analyzer { - /** - * The Lucene Version used. - */ - private final Version version; - /** * Creates a new FieldAnalyzer. * - * @param version the Lucene version */ - public FieldAnalyzer(Version version) { - this.version = version; - } + public FieldAnalyzer() { } /** * Creates the TokenStreamComponents @@ -73,7 +64,7 @@ public class FieldAnalyzer extends Analyzer { | WordDelimiterFilter.STEM_ENGLISH_POSSESSIVE, null); stream = new LowerCaseFilter(stream); - stream = new StopFilter(version, stream, StopAnalyzer.ENGLISH_STOP_WORDS_SET); + stream = new StopFilter(stream, StopAnalyzer.ENGLISH_STOP_WORDS_SET); return new TokenStreamComponents(source, stream); } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/SearchFieldAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/SearchFieldAnalyzer.java index b5b8928d1..72880fedf 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/SearchFieldAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/SearchFieldAnalyzer.java @@ -25,7 +25,6 @@ import org.apache.lucene.analysis.core.LowerCaseFilter; import org.apache.lucene.analysis.core.StopAnalyzer; import org.apache.lucene.analysis.core.StopFilter; import org.apache.lucene.analysis.miscellaneous.WordDelimiterFilter; -import org.apache.lucene.util.Version; /** * A Lucene field analyzer used to analyzer queries against the CPE data. @@ -34,10 +33,6 @@ import org.apache.lucene.util.Version; */ public class SearchFieldAnalyzer extends Analyzer { - /** - * The Lucene Version used. - */ - private final Version version; /** * A local reference to the TokenPairConcatenatingFilter so that we can clear any left over state if this analyzer * is re-used. @@ -47,11 +42,8 @@ public class SearchFieldAnalyzer extends Analyzer { /** * Constructs a new SearchFieldAnalyzer. * - * @param version the Lucene version */ - public SearchFieldAnalyzer(Version version) { - this.version = version; - } + public SearchFieldAnalyzer() { } /** * Creates a the TokenStreamComponents used to analyze the stream. @@ -78,7 +70,7 @@ public class SearchFieldAnalyzer extends Analyzer { stream = new UrlTokenizingFilter(stream); concatenatingFilter = new TokenPairConcatenatingFilter(stream); stream = concatenatingFilter; - stream = new StopFilter(version, stream, StopAnalyzer.ENGLISH_STOP_WORDS_SET); + stream = new StopFilter(stream, StopAnalyzer.ENGLISH_STOP_WORDS_SET); return new TokenStreamComponents(source, stream); } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/lucene/FieldAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/lucene/FieldAnalyzerTest.java index def2af8b6..99fb652e3 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/lucene/FieldAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/lucene/FieldAnalyzerTest.java @@ -69,7 +69,7 @@ public class FieldAnalyzerTest { @Test public void testAnalyzers() throws Exception { - Analyzer analyzer = new FieldAnalyzer(LuceneUtils.CURRENT_VERSION); + Analyzer analyzer = new FieldAnalyzer(); Directory index = new RAMDirectory(); String field1 = "product"; @@ -83,8 +83,8 @@ public class FieldAnalyzerTest { //Analyzer searchingAnalyzer = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION); String querystr = "product:\"(Spring Framework Core)\" vendor:(SpringSource)"; - SearchFieldAnalyzer searchAnalyzerProduct = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION); - SearchFieldAnalyzer searchAnalyzerVendor = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION); + SearchFieldAnalyzer searchAnalyzerProduct = new SearchFieldAnalyzer(); + SearchFieldAnalyzer searchAnalyzerVendor = new SearchFieldAnalyzer(); HashMap map = new HashMap(); map.put(field1, searchAnalyzerProduct); map.put(field2, searchAnalyzerVendor); From a37853def6c7c03b686bef9de9218bc056482c9d Mon Sep 17 00:00:00 2001 From: Hans Joachim Desserud Date: Sat, 10 Jan 2015 19:52:42 +0100 Subject: [PATCH 3/5] Also StandardAnalyzer can use the Version-less constructor. The superclass Analyzer will actually default to LUCENE_CURRENT which is equivalent with LATEST which was sent in Former-commit-id: 43c8e3350b72bac8eb952ff138887c7232ecb39c --- .../owasp/dependencycheck/data/lucene/FieldAnalyzerTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/lucene/FieldAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/lucene/FieldAnalyzerTest.java index 99fb652e3..13ccded65 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/lucene/FieldAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/lucene/FieldAnalyzerTest.java @@ -88,7 +88,7 @@ public class FieldAnalyzerTest { HashMap map = new HashMap(); map.put(field1, searchAnalyzerProduct); map.put(field2, searchAnalyzerVendor); - PerFieldAnalyzerWrapper wrapper = new PerFieldAnalyzerWrapper(new StandardAnalyzer(LuceneUtils.CURRENT_VERSION), map); + PerFieldAnalyzerWrapper wrapper = new PerFieldAnalyzerWrapper(new StandardAnalyzer(), map); QueryParser parser = new QueryParser(field1, wrapper); Query q = parser.parse(querystr); From 6609481cc18098e167881d34facffe42fb9fd36b Mon Sep 17 00:00:00 2001 From: Hans Joachim Desserud Date: Sat, 10 Jan 2015 21:23:44 +0100 Subject: [PATCH 4/5] Switch to non-deprecated FindBugs-SuppressWarnings tags which should avoid name collision Former-commit-id: a4a978ee4a6621033064488a71577bdb93cddab4 --- .../java/org/owasp/dependencycheck/data/lucene/LuceneUtils.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/LuceneUtils.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/LuceneUtils.java index b64544ebb..d73ba1ae0 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/LuceneUtils.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/LuceneUtils.java @@ -46,7 +46,7 @@ public final class LuceneUtils { * @param text the data to be escaped */ @SuppressWarnings("fallthrough") - @edu.umd.cs.findbugs.annotations.SuppressWarnings( + @edu.umd.cs.findbugs.annotations.SuppressFBWarnings( value = "SF_SWITCH_NO_DEFAULT", justification = "The switch below does have a default.") public static void appendEscapedLuceneQuery(StringBuilder buf, From 63c7a9d926e5c603aae2be5d29a9ee40dc400012 Mon Sep 17 00:00:00 2001 From: Hans Joachim Desserud Date: Sun, 11 Jan 2015 11:09:02 +0100 Subject: [PATCH 5/5] And since the annotation was switched to avoid name collision, the full name is no longer needed Former-commit-id: ddbe16d074ca2fed635c2e9f4ca8157af0fe9c24 --- .../org/owasp/dependencycheck/data/lucene/LuceneUtils.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/LuceneUtils.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/LuceneUtils.java index d73ba1ae0..3a44c6485 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/LuceneUtils.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/LuceneUtils.java @@ -17,6 +17,7 @@ */ package org.owasp.dependencycheck.data.lucene; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import org.apache.lucene.util.Version; /** @@ -46,7 +47,7 @@ public final class LuceneUtils { * @param text the data to be escaped */ @SuppressWarnings("fallthrough") - @edu.umd.cs.findbugs.annotations.SuppressFBWarnings( + @SuppressFBWarnings( value = "SF_SWITCH_NO_DEFAULT", justification = "The switch below does have a default.") public static void appendEscapedLuceneQuery(StringBuilder buf,