Skip to content

Commit

Permalink
style: make checkstyle happier
Browse files Browse the repository at this point in the history
  • Loading branch information
@jeremylong
jeremylong committed Oct 1, 2024
1 parent b77009e commit ac819c6
Show file tree
Hide file tree
Showing 26 changed files with 221 additions and 154 deletions.
9 changes: 5 additions & 4 deletions cli/src/main/java/org/owasp/dependencycheck/CliParser.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -374,7 +374,7 @@ private void addAdvancedOptions(final Options options) {
"Credentials for basic authentication to the NVD API Datafeed."))
.addOption(newOptionWithArg(ARGUMENT.NVD_API_DATAFEED_PASSWORD, "password",
"Credentials for basic authentication to the NVD API Datafeed."))
.addOption(newOptionWithArg(ARGUMENT.NVD_API_MAX_RETRY_COUNT,"count",
.addOption(newOptionWithArg(ARGUMENT.NVD_API_MAX_RETRY_COUNT, "count",
"The maximum number of retry requests for a single call to the NVD API."))
.addOption(newOptionWithArg(ARGUMENT.NVD_API_VALID_FOR_HOURS, "hours",
"The number of hours to wait before checking for new updates from the NVD."))
Expand Down Expand Up @@ -1144,16 +1144,17 @@ public static class ARGUMENT {
*/
public static final String DATA_DIRECTORY = "data";
/**
* The CLI argument name for setting the URL for the NVD API Endpoint
* The CLI argument name for setting the URL for the NVD API Endpoint.
*/
public static final String NVD_API_ENDPOINT = "nvdApiEndpoint";
/**
* The CLI argument name for setting the URL for the NVD API Key.
*/
public static final String NVD_API_KEY = "nvdApiKey";
/**
* The CLI argument name for setting the maximum number of retry requests for a single call to the NVD API.
*/
* The CLI argument name for setting the maximum number of retry
* requests for a single call to the NVD API.
*/
public static final String NVD_API_MAX_RETRY_COUNT = "nvdMaxRetryCount";
/**
* The CLI argument name for setting the number of hours to wait before
Expand Down
6 changes: 4 additions & 2 deletions core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -346,12 +346,14 @@ private List<SuppressionRule> loadSuppressionFile(final SuppressionParser parser
file = getSettings().getTempFile("suppression", "xml");
final URL url = new URL(suppressionFilePath);
try {
Downloader.getInstance().fetchFile(url, file, false, Settings.KEYS.SUPPRESSION_FILE_USER, Settings.KEYS.SUPPRESSION_FILE_PASSWORD);
Downloader.getInstance().fetchFile(url, file, false, Settings.KEYS.SUPPRESSION_FILE_USER,
Settings.KEYS.SUPPRESSION_FILE_PASSWORD);
} catch (DownloadFailedException ex) {
LOGGER.trace("Failed download suppression file - first attempt", ex);
try {
Thread.sleep(500);
Downloader.getInstance().fetchFile(url, file, true, Settings.KEYS.SUPPRESSION_FILE_USER, Settings.KEYS.SUPPRESSION_FILE_PASSWORD);
Downloader.getInstance().fetchFile(url, file, true, Settings.KEYS.SUPPRESSION_FILE_USER,
Settings.KEYS.SUPPRESSION_FILE_PASSWORD);
} catch (TooManyRequestsException ex1) {
throw new SuppressionParseException("Unable to download supression file `" + file
+ "`; received 429 - too many requests", ex1);
Expand Down
40 changes: 18 additions & 22 deletions core/src/main/java/org/owasp/dependencycheck/analyzer/CarthageAnalyzer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,15 +86,16 @@ public class CarthageAnalyzer extends AbstractFileTypeAnalyzer {
private static final FileFilter CARTHAGE_FILTER = FileFilterBuilder.newInstance().addFilenames(CARTFILE_RESOLVED).build();

/**
* The capture group #1 is the dependency type, #2 is the name, #3 is dependency version.
* The version can be a commit ref, so we can't assume it's a number
* The capture group #1 is the dependency type, #2 is the name, #3 is
* dependency version. The version can be a commit ref, so we can't assume
* it's a number
*
* Example values:
* - binary "https://dl.google.com/geosdk/GoogleMaps.json" "7.2.0"
* - git "https://gitlab.matrix.org/matrix-org/olm.git" "3.2.16"
* - github "alinradut/SwiftEntryKit" "95f4a08f41ddcf2c02e2b22789038774c8c94df5""
* - github "CocoaLumberjack/CocoaLumberjack" "3.8.5"
* - github "realm/realm-swift" "v10.44.0"
* Example values: - binary "https://dl.google.com/geosdk/GoogleMaps.json"
* "7.2.0" - git "https://gitlab.matrix.org/matrix-org/olm.git" "3.2.16" -
* github "alinradut/SwiftEntryKit"
* "95f4a08f41ddcf2c02e2b22789038774c8c94df5"" - github
* "CocoaLumberjack/CocoaLumberjack" "3.8.5" - github "realm/realm-swift"
* "v10.44.0"
*/
private static final Pattern CARTFILE_RESOLVED_DEPENDENCY_PATTERN = Pattern.compile("(github|git|binary) \"([^\"]+)\" \"([^\"]+)\"");

Expand All @@ -106,9 +107,8 @@ public class CarthageAnalyzer extends AbstractFileTypeAnalyzer {
/**
* Capture group #1 is the dependency name.
*
* Example values:
* - robbiehanson/XMPPFramework
* - CocoaLumberjack/CocoaLumberjack
* Example values: - robbiehanson/XMPPFramework -
* CocoaLumberjack/CocoaLumberjack
*/
private static final Pattern CARTFILE_RESOLVED_GITHUB_DEPENDENCY = Pattern.compile("[a-zA-Z0-9-_]+/([a-zA-Z0-9\\-_\\.]+)");

Expand All @@ -120,11 +120,9 @@ public class CarthageAnalyzer extends AbstractFileTypeAnalyzer {
/**
* Capture group #1 is the dependency name.
*
* Example values:
* - https://my.domain.com/release/MyFramework.json
* - file:///some/Path/MyFramework.json
* - relative/path/MyFramework.json
* - /absolute/path/MyFramework.json
* Example values: - https://my.domain.com/release/MyFramework.json -
* file:///some/Path/MyFramework.json - relative/path/MyFramework.json -
* /absolute/path/MyFramework.json
*/
private static final Pattern CARTFILE_RESOLVED_BINARY_DEPENDENCY = Pattern.compile("([a-zA-Z0-9\\-_\\.]+).json");

Expand Down Expand Up @@ -186,6 +184,7 @@ protected void analyzeDependency(Dependency dependency, Engine engine)
* Analyzes the Cartfile.resolved and adds the evidence to the dependency.
*
* @param cartfileResolved the dependency
* @param engine a reference to the dependency-check engine
* @throws AnalysisException thrown if there is an error analyzing the
* Cartfile
*/
Expand All @@ -210,8 +209,7 @@ private void analyzeCartfileResolvedDependency(Dependency cartfileResolved, Engi
final Matcher versionMatcher = CARTFILE_VERSION_PATTERN.matcher(version);
if (versionMatcher.find()) {
version = versionMatcher.group(1);
}
else {
} else {
// this is probably a git commit reference, so we'll default to 0.0.0.
// this will probably bubble up a ton of CVEs, but serves you right for
// not using semantic versioning.
Expand All @@ -224,15 +222,13 @@ private void analyzeCartfileResolvedDependency(Dependency cartfileResolved, Engi
continue;
}
name = nameMatcher.group(1);
}
else if (type.contentEquals("github")) {
} else if (type.contentEquals("github")) {
final Matcher nameMatcher = CARTFILE_RESOLVED_GITHUB_DEPENDENCY.matcher(name);
if (!nameMatcher.find()) {
continue;
}
name = nameMatcher.group(1);
}
else if (type.contentEquals("binary")) {
} else if (type.contentEquals("binary")) {
final Matcher nameMatcher = CARTFILE_RESOLVED_BINARY_DEPENDENCY.matcher(name);
if (!nameMatcher.find()) {
continue;
Expand Down
66 changes: 37 additions & 29 deletions core/src/main/java/org/owasp/dependencycheck/analyzer/PinnedMavenInstallAnalyzer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,11 +123,11 @@ protected void analyzeDependency(Dependency dependency, Engine engine) throws An
final DependencyTree tree;
List<MavenDependency> deps;
try {
JsonNode jsonNode = MAPPER.readTree(dependencyFile);
JsonNode v2Version = jsonNode.path("version");
JsonNode v010Version = jsonNode.path("dependency_tree").path("version");
final JsonNode jsonNode = MAPPER.readTree(dependencyFile);
final JsonNode v2Version = jsonNode.path("version");
final JsonNode v010Version = jsonNode.path("dependency_tree").path("version");

if (v2Version.isTextual()) {
if (v2Version.isTextual()) {
final InstallFileV2 installFile = INSTALL_FILE_V2_READER.readValue(dependencyFile);
if (!Objects.equals(installFile.getAutogeneratedSentinel(), "THERE_IS_NO_DATA_ONLY_ZUUL")) {
return;
Expand Down Expand Up @@ -155,7 +155,6 @@ protected void analyzeDependency(Dependency dependency, Engine engine) throws An
return;
}


} catch (IOException e) {
System.out.println("e");
return;
Expand Down Expand Up @@ -325,11 +324,12 @@ public String getVersion() {
* {@code .dependency_tree.dependencies}.
*/
private static class MavenDependency {
public MavenDependency(String coord) {

MavenDependency(String coord) {
this.coord = coord;
}

public MavenDependency() {
MavenDependency() {
}
/**
* The standard Maven coordinate string
Expand All @@ -352,7 +352,13 @@ public String getCoord() {
* A reusable reader for {@link InstallFile}.
*/
private static final ObjectReader INSTALL_FILE_READER;
/**
* A reusable reader for {@link InstallFileV2}.
*/
private static final ObjectReader INSTALL_FILE_V2_READER;
/**
* A reusable object mapper.
*/
private static final ObjectMapper MAPPER;

static {
Expand All @@ -367,11 +373,12 @@ public String getCoord() {
* file.
*
* <p>
* At the time of writing, the latest version is 2, and the dependencies
* are stored in {@code .artifacts}.
* At the time of writing, the latest version is 2, and the dependencies are
* stored in {@code .artifacts}.
*
* <p>
* The top-level keys we care about are {@code .artifacts}. {@code .version}.
* The top-level keys we care about are {@code .artifacts}.
* {@code .version}.
*/
private static class InstallFileV2 {

Expand All @@ -382,8 +389,9 @@ private static class InstallFileV2 {
private String version;

/**
* A list of Maven dependencies made available. Note that this map is transitively closed and
* pinned to a specific version of each artifact.
* A list of Maven dependencies made available. Note that this map is
* transitively closed and pinned to a specific version of each
* artifact.
* <p>
* The key is the Maven coordinate string, less the version
* {@code group:artifact[:optional classifier][:optional packaging]}.
Expand All @@ -394,8 +402,8 @@ private static class InstallFileV2 {
private Map<String, Artifactv2> artifacts;

/**
* A sentinel value placed in the file to indicate that it is an auto-generated pinned maven
* install file.
* A sentinel value placed in the file to indicate that it is an
* auto-generated pinned maven install file.
*/
@JsonProperty("__AUTOGENERATED_FILE_DO_NOT_MODIFY_THIS_FILE_MANUALLY")
private String autogeneratedSentinel;
Expand Down Expand Up @@ -427,23 +435,23 @@ public String getAutogeneratedSentinel() {
return autogeneratedSentinel;
}
}

private static class Artifactv2 {

/**
* The version of the artifact.
*/
@JsonProperty("version")
private String version;

/**
* Returns the value of version.
*
* @return the value of version
*/
public String getVersion() {
return version;
}
}
/**
* The version of the artifact.
*/
@JsonProperty("version")
private String version;

/**
* Returns the value of version.
*
* @return the value of version
*/
public String getVersion() {
return version;
}
}

}
2 changes: 1 addition & 1 deletion core/src/main/java/org/owasp/dependencycheck/analyzer/YarnAuditAnalyzer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -280,7 +280,7 @@ private List<Advisory> analyzePackage(final File lockFile, final File packageFil
final JsonObject lockJson = fetchYarnAuditJson(dependency, skipDevDependencies);
// Retrieves the contents of package-lock.json from the Dependency
final JsonObject packageJson;
try (final JsonReader packageReader = Json.createReader(Files.newInputStream(packageFile.toPath()))) {
try (JsonReader packageReader = Json.createReader(Files.newInputStream(packageFile.toPath()))) {
packageJson = packageReader.readObject();
}
// Modify the payload to meet the NPM Audit API requirements
Expand Down
4 changes: 2 additions & 2 deletions core/src/main/java/org/owasp/dependencycheck/data/nodeaudit/NodeAuditSearch.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,6 @@
import org.owasp.dependencycheck.data.cache.DataCache;
import org.owasp.dependencycheck.data.cache.DataCacheFactory;
import org.owasp.dependencycheck.utils.Checksum;
import org.owasp.dependencycheck.utils.URLConnectionFailureException;

/**
* Class of methods to search via Node Audit API.
Expand Down Expand Up @@ -163,7 +162,8 @@ private List<Advisory> submitPackage(JsonObject packageJson, String key, int cou
additionalHeaders.add(new BasicHeader("npm-session", generateRandomSession()));

try {
final String response = Downloader.getInstance().postBasedFetchContent(nodeAuditUrl.toURI(), packageJson.toString(), ContentType.APPLICATION_JSON, additionalHeaders);
final String response = Downloader.getInstance().postBasedFetchContent(nodeAuditUrl.toURI(),
packageJson.toString(), ContentType.APPLICATION_JSON, additionalHeaders);
final JSONObject jsonResponse = new JSONObject(response);
final NpmAuditParser parser = new NpmAuditParser();
final List<Advisory> advisories = parser.parse(jsonResponse);
Expand Down
11 changes: 6 additions & 5 deletions core/src/main/java/org/owasp/dependencycheck/data/nodeaudit/NpmPayloadBuilder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@
*/
@ThreadSafe
public final class NpmPayloadBuilder {

/**
* Private constructor for utility class.
*/
Expand Down Expand Up @@ -119,12 +120,12 @@ public static JsonObject build(JsonObject lockJson, JsonObject packageJson,

//After Version 3, dependencies can't be taken directly from package-lock.json
if (lockJsonVersion > 2 && dep.containsKey("dependencies") && dep.get("dependencies") instanceof JsonObject) {
JsonObjectBuilder depBuilder = Json.createObjectBuilder(dep);
final JsonObjectBuilder depBuilder = Json.createObjectBuilder(dep);
depBuilder.remove("dependencies");
depBuilder.add("requires", dep.get("dependencies"));
dep = depBuilder.build();
}

final String version = dep.getString("version", "");
final boolean isDev = dep.getBoolean("dev", false);
if (skipDevDependencies && isDev) {
Expand Down Expand Up @@ -154,7 +155,7 @@ public static JsonObject build(JsonObject lockJson, JsonObject packageJson,
* @return the JSON payload for NPN Audit
*/
public static JsonObject build(JsonObject packageJson, MultiValuedMap<String, String> dependencyMap,
final boolean skipDevDependencies) {
final boolean skipDevDependencies) {
final JsonObjectBuilder payloadBuilder = Json.createObjectBuilder();
addProjectInfo(packageJson, payloadBuilder);

Expand Down Expand Up @@ -246,8 +247,8 @@ private static void addConstantElements(final JsonObjectBuilder payloadBuilder)
private static JsonObject buildDependencies(JsonObject dep, MultiValuedMap<String, String> dependencyMap) {
final JsonObjectBuilder depBuilder = Json.createObjectBuilder();
Optional.ofNullable(dep.getJsonString("version"))
.map(JsonString::getString)
.ifPresent(version -> depBuilder.add("version", version));
.map(JsonString::getString)
.ifPresent(version -> depBuilder.add("version", version));

//not installed package (like, dependency of an optional dependency) doesn't contains integrity
if (dep.containsKey("integrity")) {
Expand Down
Loading

0 comments on commit ac819c6

Please sign in to comment.