github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-23 09:31:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

checkstyle corrections

Browse Source 
Former-commit-id: f9ae61d41ba01b6931892a339a9b701ae3c91ce2
This commit is contained in:
Jeremy Long
2014-05-10 07:13:07 -04:00
parent 90bdbd6b84
commit ffeab147ce
3 changed files with 26 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
View File

@@ -467,11 +467,11 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
zip = new ZipFile(dependency.getActualFilePath()); zip = new ZipFile(dependency.getActualFilePath());
if (zip.getEntry("META-INF/MANIFEST.MF") != null if (zip.getEntry("META-INF/MANIFEST.MF") != null
|| zip.getEntry("META-INF/maven") != null) { || zip.getEntry("META-INF/maven") != null) {
Enumeration<ZipArchiveEntry> entries = zip.getEntries(); final Enumeration<ZipArchiveEntry> entries = zip.getEntries();
while (entries.hasMoreElements()) { while (entries.hasMoreElements()) {
ZipArchiveEntry entry = entries.nextElement(); final ZipArchiveEntry entry = entries.nextElement();
if (!entry.isDirectory()) { if (!entry.isDirectory()) {
String name = entry.getName().toLowerCase(); final String name = entry.getName().toLowerCase();
if (name.endsWith(".class")) { if (name.endsWith(".class")) {
isJar = true; isJar = true;
break; break;

32
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java
View File

@@ -347,24 +347,24 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
*/ */
private void removeDuplicativeEntriesFromJar(Dependency dependency, Engine engine) { private void removeDuplicativeEntriesFromJar(Dependency dependency, Engine engine) {
if (dependency.getFileName().toLowerCase().endsWith("pom.xml") if (dependency.getFileName().toLowerCase().endsWith("pom.xml")
|| dependency.getFileExtension().equals("dll") || "dll".equals(dependency.getFileExtension())
|| dependency.getFileExtension().equals("exe")) { || "exe".equals(dependency.getFileExtension())) {
String parentPath = dependency.getFilePath().toLowerCase(); String parentPath = dependency.getFilePath().toLowerCase();
if (parentPath.contains(".jar")) { if (parentPath.contains(".jar")) {
parentPath = parentPath.substring(0, parentPath.indexOf(".jar") + 4); parentPath = parentPath.substring(0, parentPath.indexOf(".jar") + 4);
Dependency parent = findDependency(parentPath, engine.getDependencies()); final Dependency parent = findDependency(parentPath, engine.getDependencies());
if (parent != null) { if (parent != null) {
boolean remove = false; boolean remove = false;
for (Identifier i : dependency.getIdentifiers()) { for (Identifier i : dependency.getIdentifiers()) {
if ("cpe".equals(i.getType())) { if ("cpe".equals(i.getType())) {
String trimmedCPE = trimCpeToVendor(i.getValue()); final String trimmedCPE = trimCpeToVendor(i.getValue());
for (Identifier parentId : parent.getIdentifiers()) { for (Identifier parentId : parent.getIdentifiers()) {
if ("cpe".equals(parentId.getType()) && parentId.getValue().startsWith(trimmedCPE)) { if ("cpe".equals(parentId.getType()) && parentId.getValue().startsWith(trimmedCPE)) {
remove |= true; remove |= true;
} }
} }
} }
if (remove == false) { if (!remove) { //we can escape early
return; return;
} }
} }
@@ -377,24 +377,36 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
} }
} }
private Dependency findDependency(String parentPath, List<Dependency> dependencies) { /**
* Retrieves a given dependency, based on a given path, from a list of dependencies.
*
* @param dependencyPath the path of the dependency to return
* @param dependencies the collection of dependencies to search
* @return the dependency object for the given path, otherwise null
*/
private Dependency findDependency(String dependencyPath, List<Dependency> dependencies) {
for (Dependency d : dependencies) { for (Dependency d : dependencies) {
if (d.getFilePath().equalsIgnoreCase(parentPath)) { if (d.getFilePath().equalsIgnoreCase(dependencyPath)) {
return d; return d;
} }
} }
return null; return null;
} }
/**
* Takes a full CPE and returns the CPE trimmed to include only vendor and product.
*
* @param value the CPE value to trim
* @return a CPE value that only includes the vendor and product
*/
private String trimCpeToVendor(String value) { private String trimCpeToVendor(String value) {
//cpe:/a:jruby:jruby:1.0.8 //cpe:/a:jruby:jruby:1.0.8
int pos1 = value.indexOf(":", 7); //right of vendor final int pos1 = value.indexOf(":", 7); //right of vendor
int pos2 = value.indexOf(":", pos1 + 1); //right of product final int pos2 = value.indexOf(":", pos1 + 1); //right of product
if (pos2 < 0) { if (pos2 < 0) {
return value; return value;
} else { } else {
return value.substring(0, pos2); return value.substring(0, pos2);
} }
} }
} }