From ffeab147ceb634a96b823cd7cacfcd181abd5940 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sat, 10 May 2014 07:13:07 -0400 Subject: [PATCH] checkstyle corrections Former-commit-id: f9ae61d41ba01b6931892a339a9b701ae3c91ce2 --- .../analyzer/ArchiveAnalyzer.java | 6 ++-- .../analyzer/AssemblyAnalyzer.java | 2 +- .../analyzer/FalsePositiveAnalyzer.java | 32 +++++++++++++------ 3 files changed, 26 insertions(+), 14 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java index d8fb025ca..2e0cb8351 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java @@ -467,11 +467,11 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { zip = new ZipFile(dependency.getActualFilePath()); if (zip.getEntry("META-INF/MANIFEST.MF") != null || zip.getEntry("META-INF/maven") != null) { - Enumeration entries = zip.getEntries(); + final Enumeration entries = zip.getEntries(); while (entries.hasMoreElements()) { - ZipArchiveEntry entry = entries.nextElement(); + final ZipArchiveEntry entry = entries.nextElement(); if (!entry.isDirectory()) { - String name = entry.getName().toLowerCase(); + final String name = entry.getName().toLowerCase(); if (name.endsWith(".class")) { isJar = true; break; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java index 83632b1e1..4778dc70f 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java @@ -137,7 +137,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { } else if (rc != 0) { LOGGER.log(Level.WARNING, "analyzer.AssemblyAnalyzer.grokassembly.rc", rc); } - + final XPath xpath = XPathFactory.newInstance().newXPath(); // First, see if there was an error diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java index a02942685..29acf74df 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java @@ -347,24 +347,24 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer { */ private void removeDuplicativeEntriesFromJar(Dependency dependency, Engine engine) { if (dependency.getFileName().toLowerCase().endsWith("pom.xml") - || dependency.getFileExtension().equals("dll") - || dependency.getFileExtension().equals("exe")) { + || "dll".equals(dependency.getFileExtension()) + || "exe".equals(dependency.getFileExtension())) { String parentPath = dependency.getFilePath().toLowerCase(); if (parentPath.contains(".jar")) { parentPath = parentPath.substring(0, parentPath.indexOf(".jar") + 4); - Dependency parent = findDependency(parentPath, engine.getDependencies()); + final Dependency parent = findDependency(parentPath, engine.getDependencies()); if (parent != null) { boolean remove = false; for (Identifier i : dependency.getIdentifiers()) { if ("cpe".equals(i.getType())) { - String trimmedCPE = trimCpeToVendor(i.getValue()); + final String trimmedCPE = trimCpeToVendor(i.getValue()); for (Identifier parentId : parent.getIdentifiers()) { if ("cpe".equals(parentId.getType()) && parentId.getValue().startsWith(trimmedCPE)) { remove |= true; } } } - if (remove == false) { + if (!remove) { //we can escape early return; } } @@ -377,24 +377,36 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer { } } - private Dependency findDependency(String parentPath, List dependencies) { + /** + * Retrieves a given dependency, based on a given path, from a list of dependencies. + * + * @param dependencyPath the path of the dependency to return + * @param dependencies the collection of dependencies to search + * @return the dependency object for the given path, otherwise null + */ + private Dependency findDependency(String dependencyPath, List dependencies) { for (Dependency d : dependencies) { - if (d.getFilePath().equalsIgnoreCase(parentPath)) { + if (d.getFilePath().equalsIgnoreCase(dependencyPath)) { return d; } } return null; } + /** + * Takes a full CPE and returns the CPE trimmed to include only vendor and product. + * + * @param value the CPE value to trim + * @return a CPE value that only includes the vendor and product + */ private String trimCpeToVendor(String value) { //cpe:/a:jruby:jruby:1.0.8 - int pos1 = value.indexOf(":", 7); //right of vendor - int pos2 = value.indexOf(":", pos1 + 1); //right of product + final int pos1 = value.indexOf(":", 7); //right of vendor + final int pos2 = value.indexOf(":", pos1 + 1); //right of product if (pos2 < 0) { return value; } else { return value.substring(0, pos2); } - } }