code cleanup

dependency-check · jeremylong · Mar 12, 2017 · Mar 10, 2017 · Mar 10, 2017 · Mar 11, 2017
commit a61bba2f72313df7a74636f1682cacc26133b1f5
diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
@@ -288,7 +288,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
                 <version>${reporting.pmd-plugin.version}</version>
                 <configuration>
                     <targetJdk>1.6</targetJdk>
-                    <linkXref>true</linkXref>
+                    <linkXRef>true</linkXRef>
                     <sourceEncoding>utf-8</sourceEncoding>
                     <excludes>
                         <exclude>**/generated/*.java</exclude>

diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml
@@ -196,7 +196,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
                 <version>${reporting.pmd-plugin.version}</version>
                 <configuration>
                     <targetJdk>1.6</targetJdk>
-                    <linkXref>true</linkXref>
+                    <linkXRef>true</linkXRef>
                     <sourceEncoding>utf-8</sourceEncoding>
                     <excludes>
                         <exclude>**/generated/*.java</exclude>

diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
@@ -244,7 +244,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
                 <version>${reporting.pmd-plugin.version}</version>
                 <configuration>
                     <targetJdk>1.6</targetJdk>
-                    <linkXref>true</linkXref>
+                    <linkXRef>true</linkXRef>
                     <sourceEncoding>utf-8</sourceEncoding>
                     <excludes>
                         <exclude>**/generated/*.java</exclude>

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
@@ -630,7 +630,7 @@ protected ExecutorService getExecutorService(Analyzer analyzer) {
      * @throws InitializationException thrown when there is a problem
      * initializing the analyzer
      */
-    protected Analyzer initializeAnalyzer(Analyzer analyzer) throws InitializationException {
+    protected void initializeAnalyzer(Analyzer analyzer) throws InitializationException {
         try {
             LOGGER.debug("Initializing {}", analyzer.getName());
             analyzer.initialize();
@@ -653,7 +653,6 @@ protected Analyzer initializeAnalyzer(Analyzer analyzer) throws InitializationEx
             }
             throw new InitializationException("Unexpected Exception", ex);
         }
-        return analyzer;
     }
 
     /**

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
@@ -347,8 +347,7 @@ private void addDisguisedJarsToDependencies(Dependency dependency, Engine engine
      * @return any dependencies that weren't known to the engine before
      */
     private static List<Dependency> findMoreDependencies(Engine engine, File file) {
-        final List<Dependency> added = engine.scan(file);
-        return added;
+        return engine.scan(file);
     }
 
     /**

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java
@@ -87,10 +87,6 @@ public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
      */
     private static final String SUPPORTED_EXTENSIONS = "jar";
 
-    /**
-     * Whether or not the Nexus analyzer should use a proxy if configured.
-     */
-    private boolean useProxy;
     /**
      * The Nexus Search to be set up for this analyzer.
      */
@@ -148,7 +144,7 @@ public void initializeFileTypeAnalyzer() throws InitializationException {
         LOGGER.debug("Initializing Nexus Analyzer");
         LOGGER.debug("Nexus Analyzer enabled: {}", isEnabled());
         if (isEnabled()) {
-            useProxy = useProxy();
+            boolean useProxy = useProxy();
             final String searchUrl = Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL);
             LOGGER.debug("Nexus Analyzer URL: {}", searchUrl);
             try {

diff --git a/...-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerLockParser.java b/...-check-core/src/main/java/org/owasp/dependencycheck/data/composer/ComposerLockParser.java
@@ -42,11 +42,6 @@ public class ComposerLockParser {
      */
     private final JsonReader jsonReader;
 
-    /**
-     * The input stream we'll read
-     */
-    private final InputStream inputStream; // NOPMD - it gets set in the constructor, read later
-
     /**
      * The List of ComposerDependencies found
      */
@@ -58,13 +53,12 @@ public class ComposerLockParser {
     private static final Logger LOGGER = LoggerFactory.getLogger(ComposerLockParser.class);
 
     /**
-     * Createas a ComposerLockParser from a JsonReader and an InputStream.
+     * Creates a ComposerLockParser from a JsonReader and an InputStream.
      *
      * @param inputStream the InputStream to parse
      */
     public ComposerLockParser(InputStream inputStream) {
         LOGGER.info("Creating a ComposerLockParser");
-        this.inputStream = inputStream;
         this.jsonReader = Json.createReader(inputStream);
         this.composerDependencies = new ArrayList<>();
     }

diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
@@ -155,7 +155,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                 <version>${reporting.pmd-plugin.version}</version>
                 <configuration>
                     <targetJdk>1.6</targetJdk>
-                    <linkXref>true</linkXref>
+                    <linkXRef>true</linkXRef>
                     <sourceEncoding>utf-8</sourceEncoding>
                     <excludes>
                         <exclude>**/generated/**/*.java</exclude>

diff --git a/...cy-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/...cy-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
@@ -608,8 +608,7 @@ protected File getDataFile(MavenProject current) {
         final Object obj = current.getContextValue(getDataFileContextKey());
         if (obj != null) {
             if (obj instanceof String) {
-                final File f = new File((String) obj);
-                return f;
+             return new File((String) obj);
             }
         } else if (getLog().isDebugEnabled()) {
             getLog().debug("Context value not found");

diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
@@ -120,7 +120,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
                 <version>${reporting.pmd-plugin.version}</version>
                 <configuration>
                     <targetJdk>1.6</targetJdk>
-                    <linkXref>true</linkXref>
+                    <linkXRef>true</linkXRef>
                     <sourceEncoding>utf-8</sourceEncoding>
                     <excludes>
                         <exclude>**/org/owasp/dependencycheck/org/apache/**/*.java</exclude>

diff --git a/...y-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStream.java b/...y-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStream.java
@@ -36,7 +36,7 @@ public class ExpectedOjectInputStream extends ObjectInputStream {
     /**
      * The list of fully qualified class names that are able to be deserialized.
      */
-    private List<String> expected = new ArrayList<>();
+    private final List<String> expected = new ArrayList<>();
 
     /**
      * Constructs a new ExpectedOjectInputStream that can be used to securely deserialize an object by restricting the classes

diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
@@ -784,8 +784,7 @@ private static File getJarPath() {
      * @return the property from the properties file
      */
     public static String getString(String key, String defaultValue) {
-        final String str = System.getProperty(key, LOCAL_SETTINGS.get().props.getProperty(key, defaultValue));
-        return str;
+        return System.getProperty(key, LOCAL_SETTINGS.get().props.getProperty(key, defaultValue));
     }
 
     /**

diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/XmlUtils.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/XmlUtils.java
@@ -120,8 +120,7 @@ public static DocumentBuilder buildSecureDocumentBuilder() throws ParserConfigur
         factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
         factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
         factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
-        final DocumentBuilder db = factory.newDocumentBuilder();
-        return db;
+        return factory.newDocumentBuilder();
     }
 
     /**

diff --git a/src/site/markdown/general/internals.md b/src/site/markdown/general/internals.md
@@ -15,6 +15,9 @@ a list of vulnerable software:
       <vuln:product>cpe:/a:vmware:springsource_spring_security:3.1.2</vuln:product>
       <vuln:product>cpe:/a:vmware:springsource_spring_security:2.0.4</vuln:product>
       <vuln:product>cpe:/a:vmware:springsource_spring_security:3.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+  ...
+  </entry>
 ```
 
 These CPE entries are read "cpe:/[Entry Type]:[Vendor]:[Product]:[Version]:[Revision]:...". The CPE data is collected