diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 880523191e8..18bd2356498 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -9,30 +9,28 @@ on: - '**/*.txt' permissions: {} + jobs: build: + strategy: + matrix: + jdk_default_version: [ '25' ] # Single JDK version to run Maven with and use for compilation etc + jdk_test_version: [ '11', '17', '21', '25' ] # JDK version to run surefire/failsafe tests using + fail-fast: false + + name: Build and Test (JDK ${{ matrix.jdk_test_version }}${{ matrix.jdk_test_version == matrix.jdk_default_version && ' - Default' || '' }}) permissions: contents: read # to fetch code (actions/checkout) - - name: Build dependency-check - runs-on: ubuntu-latest + runs-on: ubuntu-latest steps: - name: Install gpg secret key - if: github.repository_owner == 'dependency-check' + if: matrix.jdk_test_version == matrix.jdk_default_version && github.repository_owner == 'dependency-check' id: install-gpg-key run: | cat <(echo -e "${{ secrets.GPG_PRIVATE_KEY }}") | gpg --batch --import gpg --list-secret-keys --keyid-format LONG - uses: actions/checkout@v6 - - name: Check Maven Cache - id: maven-cache - uses: actions/cache@v5 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- - - name: Check Local Maven Cache + - name: Maven Integration Test Cache id: maven-it-cache uses: actions/cache@v5 with: @@ -47,26 +45,36 @@ jobs: - uses: actions/setup-dotnet@v5.1.0 with: dotnet-version: '8.0.x' - - name: Set up JDK 11 - id: jdk-11 + - name: Set up JDKs uses: actions/setup-java@v5 with: - java-version: 11 + java-version: | # last version takes precedence as default + ${{ matrix.jdk_test_version }} + ${{ matrix.jdk_default_version }} distribution: 'zulu' + check-latest: true + cache: 'maven' + cache-dependency-path: '**/pom.xml' server-id: central server-username: ${{ secrets.CENTRAL_USER }} server-password: ${{ secrets.CENTRAL_PASSWORD }} - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 with: version: 6.0.2 - - name: Build Snapshot with Maven + - name: Build/Test Snapshot with Maven${{ steps.install-gpg-key.outcome == 'success' && ' (then Deploy)' || '' }} id: build-snapshot env: MAVEN_USERNAME: ${{ secrets.CENTRAL_USER }} MAVEN_PASSWORD: ${{ secrets.CENTRAL_PASSWORD }} MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PRIVATE_KEY_PASSWORD }} NVD_API_KEY: ${{ secrets.NVD_API_KEY }} - run: mvn -V -s settings.xml clean package verify source:jar javadoc:jar ${{ steps.install-gpg-key.outcome == 'success' && '-Prelease gpg:sign deploy' || '' }} -DreleaseTesting --no-transfer-progress --batch-mode + run: > + mvn -V -s settings.xml + clean verify -PFullIntegrationTesting + -Dtoolchain.jdk.test.version=${{ matrix.jdk_test_version }} -Dtoolchain.jdk.test.home="$JAVA_HOME_${{ matrix.jdk_test_version }}_X64" + ${{ matrix.jdk_test_version == matrix.jdk_default_version && 'source:jar javadoc:jar site' || '' }} + ${{ steps.install-gpg-key.outcome == 'success' && '-Prelease gpg:sign deploy' || '' }} + --no-transfer-progress --batch-mode -Dstyle.color=always - name: SARIF Multitool uses: microsoft/sarif-actions@v0.2 with: @@ -77,10 +85,11 @@ jobs: if: always() uses: actions/upload-artifact@v6 with: - name: it-test-logs + name: it-test-logs-jdk-${{ matrix.jdk_test_version }} retention-days: 7 path: maven/target/it/**/build.log - name: Archive code coverage results + if: matrix.jdk_test_version == matrix.jdk_default_version id: archive-coverage uses: actions/upload-artifact@v6 with: @@ -90,6 +99,7 @@ jobs: **/target/jacoco-results/jacoco.xml **/target/jacoco-results/**/*.html - name: Archive Snapshot + if: matrix.jdk_test_version == matrix.jdk_default_version id: archive-snapshot uses: actions/upload-artifact@v6 with: @@ -112,14 +122,14 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v6 - - name: Check Maven Cache - id: maven-cache - uses: actions/cache@v5 + - name: Set up JDK + uses: actions/setup-java@v5 with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- + java-version: '25' + distribution: 'zulu' + check-latest: true + cache: 'maven' + cache-dependency-path: '**/pom.xml' - name: Download release build uses: actions/download-artifact@v7 with: @@ -134,6 +144,6 @@ jobs: run: > mvn -V -s settings.xml -pl cli -am package -DskipTests=true - --no-transfer-progress --batch-mode + --no-transfer-progress --batch-mode -Dstyle.color=always - name: Test Docker Image run: ./docker-test.sh diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 926a2863d0c..b9f32b2cd6e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -58,7 +58,7 @@ jobs: # uses a compiled language - run: | - mvn -s settings.xml clean package -DskipTests=true --no-transfer-progress --batch-mode + mvn -s settings.xml clean package -DskipTests=true --no-transfer-progress --batch-mode -Dstyle.color=always - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v4 diff --git a/.github/workflows/false-positive-ops.yml b/.github/workflows/false-positive-ops.yml index 62db1406808..ff8f55d2ea1 100644 --- a/.github/workflows/false-positive-ops.yml +++ b/.github/workflows/false-positive-ops.yml @@ -97,7 +97,7 @@ jobs: cd ./fp-project ## not ideal as verify would be better then using the docker image... ##mvn verify - mvn dependency:copy-dependencies --no-transfer-progress --batch-mode + mvn dependency:copy-dependencies --no-transfer-progress --batch-mode -Dstyle.color=always cd .. - name: Setup npm fp-project if: ${{ fromJSON(steps.purl-parser.outputs.result).type == 'npm' }} diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml index d8db8b1d669..893abad0692 100644 --- a/.github/workflows/pull_requests.yml +++ b/.github/workflows/pull_requests.yml @@ -6,39 +6,53 @@ on: - '**/*.md' - '**/*.txt' +permissions: {} + jobs: - test: - name: Build and Test + build: + strategy: + matrix: + jdk_default_version: [ '25' ] # Single JDK version to run Maven with and use for compilation etc + jdk_test_version: [ '11', '17', '21', '25' ] # JDK version to run surefire/failsafe tests using + fail-fast: false + + name: Build and Test (JDK ${{ matrix.jdk_test_version }}${{ matrix.jdk_test_version == matrix.jdk_default_version && ' - Default' || '' }}) permissions: security-events: write contents: read runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 - - name: Check Maven Cache - id: maven-cache + - name: Check ODC Data Cache + id: odc-data-cache uses: actions/cache@v5 with: - path: ~/.m2/repository/ - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- + path: core/target/data + key: odc-data - uses: actions/setup-dotnet@v5.1.0 with: dotnet-version: '8.0.x' - - name: Set up JDK 11 - id: jdk-11 + - name: Set up JDKs uses: actions/setup-java@v5 with: - java-version: 11 + java-version: | # last version takes precedence as default + ${{ matrix.jdk_test_version }} + ${{ matrix.jdk_default_version }} distribution: 'zulu' + check-latest: true + cache: 'maven' + cache-dependency-path: '**/pom.xml' - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 with: version: 6.0.2 - - name: Test with Maven + - name: Build/Test with Maven id: build - run: | - mvn -V -s settings.xml -pl utils,core,cli,ant,archetype -am compile verify --no-transfer-progress --batch-mode + run: > + mvn -V -s settings.xml -pl '!maven' -am + clean verify + -Dtoolchain.jdk.test.version=${{ matrix.jdk_test_version }} -Dtoolchain.jdk.test.home="$JAVA_HOME_${{ matrix.jdk_test_version }}_X64" + ${{ matrix.jdk_test_version == matrix.jdk_default_version && 'source:jar javadoc:jar site' || '' }} + --no-transfer-progress --batch-mode -Dstyle.color=always - name: SARIF Multitool uses: microsoft/sarif-actions@v0.2 with: @@ -65,6 +79,7 @@ jobs: sarif_file: core/target/spotbugsSarif.json category: spotbugs-core - name: Archive Snapshot + if: matrix.jdk_test_version == matrix.jdk_default_version id: archive-snapshot uses: actions/upload-artifact@v6 with: @@ -78,30 +93,44 @@ jobs: cli/target/*.zip maven: - name: Regression Test Maven Plugin + strategy: + matrix: + jdk_default_version: [ '25' ] # Single JDK version to run Maven with and use for compilation etc + jdk_test_version: [ '11', '17', '21', '25' ] # JDK version to run surefire/failsafe tests using + fail-fast: false + + name: Regression Test Maven Plugin (JDK ${{ matrix.jdk_test_version }}${{ matrix.jdk_test_version == matrix.jdk_default_version && ' - Default' || '' }}) permissions: security-events: write contents: read runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 - - name: Check Maven Cache - id: maven-cache + - name: Maven Integration Test Cache + id: maven-it-cache + uses: actions/cache@v5 + with: + path: maven/target/local-repo + key: mvn-it-repo + - name: Check ODC Data Cache + id: odc-data-cache uses: actions/cache@v5 with: - path: ~/.m2/repository/ - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- + path: core/target/data + key: odc-data - uses: actions/setup-dotnet@v5.1.0 with: dotnet-version: '8.0.x' - - name: Set up JDK 11 - id: jdk-11 + - name: Set up JDKs uses: actions/setup-java@v5 with: - java-version: 11 + java-version: | # last version takes precedence as default + ${{ matrix.jdk_test_version }} + ${{ matrix.jdk_default_version }} distribution: 'zulu' + check-latest: true + cache: 'maven' + cache-dependency-path: '**/pom.xml' - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 with: version: 6.0.2 @@ -109,14 +138,17 @@ jobs: id: build env: NVD_API_KEY: ${{ secrets.NVD_API_KEY }} - run: | - mvn -V -s settings.xml -pl maven -am compile verify -DtestMavenPlugin -DreleaseTesting --no-transfer-progress --batch-mode + run: > + mvn -V -s settings.xml -pl maven -am + clean verify -DskipTests=true -PFullIntegrationTesting + -Dtoolchain.jdk.test.version=${{ matrix.jdk_test_version }} -Dtoolchain.jdk.test.home="$JAVA_HOME_${{ matrix.jdk_test_version }}_X64" + --no-transfer-progress --batch-mode -Dstyle.color=always - name: Archive IT test logs id: archive-logs if: always() uses: actions/upload-artifact@v6 with: - name: it-test-logs + name: it-test-logs-jdk-${{ matrix.jdk_test_version }} retention-days: 7 path: maven/target/it/**/build.log - name: Upload SARIF file @@ -133,24 +165,18 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 - - name: Check Maven Cache - id: maven-cache - uses: actions/cache@v5 - with: - path: ~/.m2/repository/ - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- - - name: Set up JDK 11 - id: jdk-11 + - name: Set up JDK uses: actions/setup-java@v5 with: - java-version: 11 + java-version: '25' distribution: 'zulu' + check-latest: true + cache: 'maven' + cache-dependency-path: '**/pom.xml' - name: Checkstyle id: checkstyle run: | - mvn -V -s settings.xml checkstyle:checkstyle-aggregate --no-transfer-progress --batch-mode + mvn -V -s settings.xml checkstyle:checkstyle-aggregate --no-transfer-progress --batch-mode -Dstyle.color=always - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v4 with: @@ -163,18 +189,18 @@ jobs: name: Build and Test Docker runs-on: ubuntu-latest - needs: test + needs: build steps: - name: Checkout code uses: actions/checkout@v6 - - name: Check Maven Cache - id: maven-cache - uses: actions/cache@v5 + - name: Set up JDK + uses: actions/setup-java@v5 with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- + java-version: '25' + distribution: 'zulu' + check-latest: true + cache: 'maven' + cache-dependency-path: '**/pom.xml' - name: Download release build uses: actions/download-artifact@v7 with: @@ -189,6 +215,6 @@ jobs: run: > mvn -V -s settings.xml -pl cli -am package -DskipTests=true - --no-transfer-progress --batch-mode + --no-transfer-progress --batch-mode -Dstyle.color=always - name: Test Docker Image run: ./docker-test.sh diff --git a/.github/workflows/purge-cache.yml b/.github/workflows/purge-cache.yml index 87e6b02964b..13ebb80f664 100644 --- a/.github/workflows/purge-cache.yml +++ b/.github/workflows/purge-cache.yml @@ -11,15 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 - - name: Check Maven Cache - id: maven-cache - uses: actions/cache@v5 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- - - name: Check Local Maven Cache + - name: Maven Integration Test Cache id: maven-it-cache uses: actions/cache@v5 with: @@ -31,6 +23,14 @@ jobs: with: path: core/target/data key: odc-data + - name: Set up JDK + uses: actions/setup-java@v5 + with: + java-version: '25' + distribution: 'zulu' + check-latest: true + cache: 'maven' + cache-dependency-path: '**/pom.xml' - name: Delete Data Directories run: | rm -rf ~/.m2/repository/org/owasp/dependency-check-data diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 834bee4b461..2706ed4d38a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ on: jobs: build: if: github.repository_owner == 'dependency-check' - name: Build dependency-check + name: Build for release runs-on: ubuntu-latest steps: - name: Install gpg secret key @@ -28,13 +28,7 @@ jobs: cat <(echo -e "${{ secrets.GPG_PRIVATE_KEY }}") | gpg --batch --import gpg --list-secret-keys --keyid-format LONG - uses: actions/checkout@v6 - - name: Check Maven Cache - id: maven-cache - uses: actions/cache@v5 - with: - path: ~/.m2/repository/ - key: mvn-repo - - name: Check Local Maven Cache + - name: Maven Integration Test Cache id: maven-it-cache uses: actions/cache@v5 with: @@ -49,12 +43,14 @@ jobs: - uses: actions/setup-dotnet@v5.1.0 with: dotnet-version: '8.0.x' - - name: Set up JDK 11 - id: jdk-11 + - name: Set up JDK uses: actions/setup-java@v5 with: - java-version: 11 + java-version: '25' distribution: 'zulu' + check-latest: true + cache: 'maven' + cache-dependency-path: '**/pom.xml' server-id: central server-username: ${{ secrets.CENTRAL_USER }} server-password: ${{ secrets.CENTRAL_PASSWORD }} @@ -77,8 +73,12 @@ jobs: MAVEN_PASSWORD: ${{ secrets.CENTRAL_PASSWORD }} MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PRIVATE_KEY_PASSWORD }} NVD_API_KEY: ${{ secrets.NVD_API_KEY }} - run: | - mvn -V -s settings.xml -Prelease clean package source:jar javadoc:jar gpg:sign deploy site site:stage -DreleaseTesting --no-transfer-progress --batch-mode + run: > + mvn -V -s settings.xml + clean verify -PFullIntegrationTesting + source:jar javadoc:jar site + -Prelease gpg:sign deploy site:stage + --no-transfer-progress --batch-mode -Dstyle.color=always - name: Archive code coverage results id: archive-coverage uses: actions/upload-artifact@v6 @@ -109,21 +109,6 @@ jobs: retention-days: 7 path: target/staging/ -# publish_coverage: -# name: publish code coverage reports -# runs-on: ubuntu-latest -# needs: build -# steps: -# - name: Download coverage reports -# uses: actions/download-artifact@v7 -# with: -# name: code-coverage-report -# - name: Run codacy-coverage-reporter -# uses: codacy/codacy-coverage-reporter-action@master -# with: -# project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} -# coverage-reports: utils/target/jacoco-results/jacoco.xml,core/target/jacoco-results/jacoco.xml,maven/target/jacoco-results/jacoco.xml,ant/target/jacoco-results/jacoco.xml,cli/target/jacoco-results/jacoco.xml - docker: name: Publish Docker runs-on: ubuntu-latest @@ -132,12 +117,6 @@ jobs: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} steps: - - name: Check Maven Cache - id: maven-cache - uses: actions/cache@v5 - with: - path: ~/.m2/repository/ - key: mvn-repo - name: Check Docker ODC Cache id: docker-odc-cache uses: actions/cache@v5 @@ -146,6 +125,14 @@ jobs: key: docker-repo - name: Checkout code uses: actions/checkout@v6 + - name: Set up JDK + uses: actions/setup-java@v5 + with: + java-version: '25' + distribution: 'zulu' + check-latest: true + cache: 'maven' + cache-dependency-path: '**/pom.xml' - name: Download release build uses: actions/download-artifact@v7 with: @@ -160,7 +147,7 @@ jobs: run: > mvn -V -s settings.xml -pl cli -am package -DskipTests=true - --no-transfer-progress --batch-mode + --no-transfer-progress --batch-mode -Dstyle.color=always - name: Test Docker Image run: ./docker-test.sh - name: Deploy Docker Image diff --git a/ant/pom.xml b/ant/pom.xml index 5573cd4408a..522cc407c1f 100644 --- a/ant/pom.xml +++ b/ant/pom.xml @@ -226,7 +226,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved. org.owasp dependency-check-core ${project.parent.version} - test-jar + tests test diff --git a/archetype/src/main/resources/archetype-resources/pom.xml b/archetype/src/main/resources/archetype-resources/pom.xml index 44343deafab..c83798ba8a5 100644 --- a/archetype/src/main/resources/archetype-resources/pom.xml +++ b/archetype/src/main/resources/archetype-resources/pom.xml @@ -18,6 +18,17 @@ ${maven.compiler.release} + + + + org.junit + junit-bom + ${junit.version} + pom + import + + + org.owasp @@ -40,19 +51,16 @@ org.junit.jupiter junit-jupiter-api - 5.12.2 test org.junit.jupiter junit-jupiter-engine - 5.12.2 test org.junit.jupiter junit-jupiter-params - 5.12.2 test diff --git a/cli/pom.xml b/cli/pom.xml index c5456fe61e4..37de7786702 100644 --- a/cli/pom.xml +++ b/cli/pom.xml @@ -99,13 +99,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved. lib ${project.basedir}/src/main/conf/unixBinTemplate.sh ${project.basedir}/src/main/conf/windowsBinTemplate.bat - - --enable-native-access=ALL-UNNAMED -XX:+IgnoreUnrecognizedVMOptions + ${runtime.extra.jvm.args} @@ -180,16 +174,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved. org.apache.ant ant-launcher - - com.sun - tools - - - org.mockito - mockito-core - test - diff --git a/core/pom.xml b/core/pom.xml index e876b7f96f1..12cc2ffe398 100644 --- a/core/pom.xml +++ b/core/pom.xml @@ -163,16 +163,9 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved. maven-jar-plugin - test-jar - package test-jar - - - **/*.class - - @@ -232,11 +225,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved. dependency-check-utils ${project.parent.version} - - org.apache.lucene - lucene-test-framework - test - org.apache.commons commons-collections4 @@ -278,6 +266,11 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved. org.slf4j jul-to-slf4j + + + org.slf4j + jcl-over-slf4j + org.apache.velocity velocity-engine-core @@ -332,11 +325,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved. com.hankcs aho-corasick-double-array-trie - - org.mockito - mockito-junit-jupiter - test - commons-validator commons-validator @@ -382,38 +370,11 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved. 1.3.1 - com.vaadin.external.google - android-json - 0.0.20131108.vaadin1 + org.json + json - - TestMavenPlugin-core - - - testMavenPlugin - - - - - - org.apache.maven.plugins - maven-surefire-plugin - - true - - - - org.apache.maven.plugins - maven-failsafe-plugin - - true - - - - - MySQL-IntegrationTest diff --git a/core/src/main/java/org/owasp/dependencycheck/Engine.java b/core/src/main/java/org/owasp/dependencycheck/Engine.java index 0f1411d819b..a0f74f0b49c 100644 --- a/core/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/core/src/main/java/org/owasp/dependencycheck/Engine.java @@ -19,8 +19,8 @@ import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import org.apache.commons.jcs3.JCS; -import org.jetbrains.annotations.NotNull; -import org.jetbrains.annotations.Nullable; +import org.jspecify.annotations.NonNull; +import org.jspecify.annotations.Nullable; import org.owasp.dependencycheck.analyzer.AnalysisPhase; import org.owasp.dependencycheck.analyzer.Analyzer; import org.owasp.dependencycheck.analyzer.AnalyzerService; @@ -145,7 +145,7 @@ public class Engine implements FileFilter, AutoCloseable { * * @param settings reference to the configured settings */ - public Engine(@NotNull final Settings settings) { + public Engine(@NonNull final Settings settings) { this(Mode.STANDALONE, settings); } @@ -155,7 +155,7 @@ public Engine(@NotNull final Settings settings) { * @param mode the mode of operation * @param settings reference to the configured settings */ - public Engine(@NotNull final Mode mode, @NotNull final Settings settings) { + public Engine(@NonNull final Mode mode, @NonNull final Settings settings) { this(Thread.currentThread().getContextClassLoader(), mode, settings); } @@ -165,7 +165,7 @@ public Engine(@NotNull final Mode mode, @NotNull final Settings settings) { * @param serviceClassLoader a reference the class loader being used * @param settings reference to the configured settings */ - public Engine(@NotNull final ClassLoader serviceClassLoader, @NotNull final Settings settings) { + public Engine(@NonNull final ClassLoader serviceClassLoader, @NonNull final Settings settings) { this(serviceClassLoader, Mode.STANDALONE, settings); } @@ -176,7 +176,7 @@ public Engine(@NotNull final ClassLoader serviceClassLoader, @NotNull final Sett * @param mode the mode of the engine * @param settings reference to the configured settings */ - public Engine(@NotNull final ClassLoader serviceClassLoader, @NotNull final Mode mode, @NotNull final Settings settings) { + public Engine(@NonNull final ClassLoader serviceClassLoader, @NonNull final Mode mode, @NonNull final Settings settings) { this.settings = settings; this.serviceClassLoader = serviceClassLoader; this.mode = mode; @@ -277,7 +277,7 @@ public synchronized void sortDependencies() { * * @param dependency the dependency to remove. */ - public synchronized void removeDependency(@NotNull final Dependency dependency) { + public synchronized void removeDependency(@NonNull final Dependency dependency) { dependencies.remove(dependency); dependenciesExternalView = null; } @@ -300,7 +300,7 @@ public synchronized Dependency[] getDependencies() { * * @param dependencies the dependencies */ - public synchronized void setDependencies(@NotNull final List dependencies) { + public synchronized void setDependencies(@NonNull final List dependencies) { this.dependencies.clear(); this.dependencies.addAll(dependencies); dependenciesExternalView = null; @@ -315,7 +315,7 @@ public synchronized void setDependencies(@NotNull final List depende * @return the list of dependencies scanned * @since v0.3.2.5 */ - public List scan(@NotNull final String[] paths) { + public List scan(@NonNull final String[] paths) { return scan(paths, null); } @@ -330,7 +330,7 @@ public List scan(@NotNull final String[] paths) { * @return the list of dependencies scanned * @since v1.4.4 */ - public List scan(@NotNull final String[] paths, @Nullable final String projectReference) { + public List scan(@NonNull final String[] paths, @Nullable final String projectReference) { final List deps = new ArrayList<>(); for (String path : paths) { final List d = scan(path, projectReference); @@ -349,7 +349,7 @@ public List scan(@NotNull final String[] paths, @Nullable final Stri * @param path the path to a file or directory to be analyzed * @return the list of dependencies scanned */ - public List scan(@NotNull final String path) { + public List scan(@NonNull final String path) { return scan(path, null); } @@ -364,7 +364,7 @@ public List scan(@NotNull final String path) { * @return the list of dependencies scanned * @since v1.4.4 */ - public List scan(@NotNull final String path, String projectReference) { + public List scan(@NonNull final String path, String projectReference) { final File file = new File(path); return scan(file, projectReference); } @@ -461,7 +461,7 @@ public List scan(File file) { * @since v1.4.4 */ @Nullable - public List scan(@NotNull final File file, String projectReference) { + public List scan(@NonNull final File file, String projectReference) { if (file.exists()) { if (file.isDirectory()) { return scanDirectory(file, projectReference); @@ -498,7 +498,7 @@ protected List scanDirectory(File dir) { * @return the list of Dependency objects scanned * @since v1.4.4 */ - protected List scanDirectory(@NotNull final File dir, @Nullable final String projectReference) { + protected List scanDirectory(@NonNull final File dir, @Nullable final String projectReference) { final File[] files = dir.listFiles(); final List deps = new ArrayList<>(); if (files != null) { @@ -526,7 +526,7 @@ protected List scanDirectory(@NotNull final File dir, @Nullable fina * @param file The file to scan * @return the scanned dependency */ - protected Dependency scanFile(@NotNull final File file) { + protected Dependency scanFile(@NonNull final File file) { return scanFile(file, null); } @@ -541,7 +541,7 @@ protected Dependency scanFile(@NotNull final File file) { * @return the scanned dependency * @since v1.4.4 */ - protected synchronized Dependency scanFile(@NotNull final File file, @Nullable final String projectReference) { + protected synchronized Dependency scanFile(@NonNull final File file, @Nullable final String projectReference) { Dependency dependency = null; if (file.isFile()) { if (accept(file)) { @@ -681,7 +681,7 @@ public void analyzeDependencies() throws ExceptionCollection { * @param exceptions a collection to store non-fatal exceptions * @throws ExceptionCollection thrown if fatal exceptions occur */ - private void initializeAndUpdateDatabase(@NotNull final List exceptions) throws ExceptionCollection { + private void initializeAndUpdateDatabase(@NonNull final List exceptions) throws ExceptionCollection { if (!mode.isDatabaseRequired()) { return; } @@ -741,7 +741,7 @@ private void throwFatalDatabaseException(DatabaseException ex, final List exceptions) throws ExceptionCollection { + protected void executeAnalysisTasks(@NonNull final Analyzer analyzer, List exceptions) throws ExceptionCollection { LOGGER.debug("Starting {}", analyzer.getName()); final List analysisTasks = getAnalysisTasks(analyzer, exceptions); final ExecutorService executorService = getExecutorService(analyzer); @@ -805,7 +805,7 @@ protected ExecutorService getExecutorService(Analyzer analyzer) { * @throws InitializationException thrown when there is a problem * initializing the analyzer */ - protected void initializeAnalyzer(@NotNull final Analyzer analyzer) throws InitializationException { + protected void initializeAnalyzer(@NonNull final Analyzer analyzer) throws InitializationException { try { LOGGER.debug("Initializing {}", analyzer.getName()); analyzer.prepare(this); @@ -837,7 +837,7 @@ protected void initializeAnalyzer(@NotNull final Analyzer analyzer) throws Initi * * @param analyzer the analyzer to close */ - protected void closeAnalyzer(@NotNull final Analyzer analyzer) { + protected void closeAnalyzer(@NonNull final Analyzer analyzer) { LOGGER.debug("Closing Analyzer '{}'", analyzer.getName()); try { analyzer.close(); @@ -1029,7 +1029,7 @@ public CveDB getDatabase() { * * @return a list of Analyzers */ - @NotNull + @NonNull public List getAnalyzers() { final List analyzerList = new ArrayList<>(); //insteae of forEach - we can just do a collect @@ -1129,7 +1129,7 @@ public Mode getMode() { * * @param fta the file type analyzer to add */ - protected void addFileTypeAnalyzer(@NotNull final FileTypeAnalyzer fta) { + protected void addFileTypeAnalyzer(@NonNull final FileTypeAnalyzer fta) { this.fileTypeAnalyzers.add(fta); } @@ -1154,8 +1154,8 @@ private void ensureDataExists() throws NoDataException { * @throws ExceptionCollection a collection of exceptions that occurred * during analysis */ - private void throwFatalExceptionCollection(String message, @NotNull final Throwable throwable, - @NotNull final List exceptions) throws ExceptionCollection { + private void throwFatalExceptionCollection(String message, @NonNull final Throwable throwable, + @NonNull final List exceptions) throws ExceptionCollection { LOGGER.error(message); LOGGER.debug("", throwable); exceptions.add(throwable); @@ -1212,7 +1212,7 @@ public void writeReports(String applicationName, File outputDir, String format, @Deprecated public synchronized void writeReports(String applicationName, @Nullable final String groupId, @Nullable final String artifactId, @Nullable final String version, - @NotNull final File outputDir, String format) throws ReportException { + @NonNull final File outputDir, String format) throws ReportException { writeReports(applicationName, groupId, artifactId, version, outputDir, format, null); } @@ -1233,7 +1233,7 @@ public synchronized void writeReports(String applicationName, @Nullable final St */ public synchronized void writeReports(String applicationName, @Nullable final String groupId, @Nullable final String artifactId, @Nullable final String version, - @NotNull final File outputDir, String format, ExceptionCollection exceptions) throws ReportException { + @NonNull final File outputDir, String format, ExceptionCollection exceptions) throws ReportException { if (mode == Mode.EVIDENCE_COLLECTION) { throw new UnsupportedOperationException("Cannot generate report in evidence collection mode."); } diff --git a/core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java b/core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java index d0e74ac0199..a8635751162 100644 --- a/core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java +++ b/core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java @@ -31,11 +31,10 @@ import java.util.regex.Pattern; import javax.annotation.concurrent.ThreadSafe; -import org.jetbrains.annotations.NotNull; +import org.jspecify.annotations.NonNull; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.data.update.HostedSuppressionsDataSource; -import org.owasp.dependencycheck.data.update.exception.UpdateException; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.exception.InitializationException; import org.owasp.dependencycheck.exception.WriteLockException; @@ -219,7 +218,7 @@ private void loadPackagedSuppressionBaseData(final SuppressionParser parser, fin } } - private static @NotNull URL getPackagedFile(String packagedFileName) throws SuppressionParseException { + private static @NonNull URL getPackagedFile(String packagedFileName) throws SuppressionParseException { final URL jarLocation = AbstractSuppressionAnalyzer.class.getProtectionDomain().getCodeSource().getLocation(); String suppressionFileLocation = jarLocation.getFile(); if (suppressionFileLocation.endsWith(".jar")) { diff --git a/core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java b/core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java index d2fa159f6c3..35b80900135 100644 --- a/core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java +++ b/core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java @@ -46,8 +46,8 @@ import org.apache.lucene.search.Query; import org.apache.lucene.search.ScoreDoc; import org.apache.lucene.search.TopDocs; -import org.jetbrains.annotations.NotNull; -import org.jetbrains.annotations.Nullable; +import org.jspecify.annotations.NonNull; +import org.jspecify.annotations.Nullable; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.data.cpe.CpeMemoryIndex; @@ -1277,7 +1277,7 @@ public boolean equals(Object obj) { * @return the natural ordering of IdentifierMatch */ @Override - public int compareTo(@NotNull IdentifierMatch o) { + public int compareTo(@NonNull IdentifierMatch o) { return new CompareToBuilder() .append(identifierConfidence, o.identifierConfidence) .append(identifier, o.identifier) diff --git a/core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java b/core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java index f43aad6e973..499314154cd 100644 --- a/core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java +++ b/core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java @@ -17,7 +17,7 @@ */ package org.owasp.dependencycheck.analyzer; -import org.jetbrains.annotations.VisibleForTesting; +import com.google.common.annotations.VisibleForTesting; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Dependency; diff --git a/core/src/main/java/org/owasp/dependencycheck/analyzer/PnpmAuditAnalyzer.java b/core/src/main/java/org/owasp/dependencycheck/analyzer/PnpmAuditAnalyzer.java index 1de332833f5..a9a88c78835 100644 --- a/core/src/main/java/org/owasp/dependencycheck/analyzer/PnpmAuditAnalyzer.java +++ b/core/src/main/java/org/owasp/dependencycheck/analyzer/PnpmAuditAnalyzer.java @@ -20,9 +20,9 @@ import org.apache.commons.collections4.MultiValuedMap; import org.apache.commons.collections4.multimap.HashSetValuedHashMap; import org.apache.commons.lang3.StringUtils; -import org.jetbrains.annotations.NotNull; import org.json.JSONException; import org.json.JSONObject; +import org.jspecify.annotations.NonNull; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.analyzer.exception.SearchException; @@ -281,7 +281,7 @@ private List analyzePackage(final File lockFile, } } - @NotNull + @NonNull private NpmAuditParser getAuditParser() { return new NpmAuditParser(); } diff --git a/core/src/main/java/org/owasp/dependencycheck/analyzer/YarnAuditAnalyzer.java b/core/src/main/java/org/owasp/dependencycheck/analyzer/YarnAuditAnalyzer.java index 25c7f0b58e6..89334b8b8a0 100644 --- a/core/src/main/java/org/owasp/dependencycheck/analyzer/YarnAuditAnalyzer.java +++ b/core/src/main/java/org/owasp/dependencycheck/analyzer/YarnAuditAnalyzer.java @@ -443,7 +443,7 @@ private static List parseAdvisoryJsons(List advisoryJsons) final var advisory = new Advisory(); final var object = advisoryJson.getJSONObject("children"); final var moduleName = advisoryJson.optString("value", null); - final var id = object.getString("ID"); + final var id = object.get("ID"); final var url = object.optString("URL", null); final var ghsaId = extractGhsaId(url); final var issue = object.optString("Issue", null); diff --git a/core/src/main/java/org/owasp/dependencycheck/data/lucene/AbstractTokenizingFilter.java b/core/src/main/java/org/owasp/dependencycheck/data/lucene/AbstractTokenizingFilter.java index 73db757beaf..406532a1fa0 100644 --- a/core/src/main/java/org/owasp/dependencycheck/data/lucene/AbstractTokenizingFilter.java +++ b/core/src/main/java/org/owasp/dependencycheck/data/lucene/AbstractTokenizingFilter.java @@ -90,8 +90,12 @@ protected boolean addTerm() { if (termAdded) { final String term = tokens.pop(); clearAttributes(); - termAtt.append(term); + appendTerm(term); } return termAdded; } + + protected void appendTerm(String term) { + termAtt.append(term); + } } diff --git a/core/src/main/java/org/owasp/dependencycheck/data/lucene/AlphaNumericFilter.java b/core/src/main/java/org/owasp/dependencycheck/data/lucene/AlphaNumericFilter.java index aa5b326248c..e1bb6384c4e 100644 --- a/core/src/main/java/org/owasp/dependencycheck/data/lucene/AlphaNumericFilter.java +++ b/core/src/main/java/org/owasp/dependencycheck/data/lucene/AlphaNumericFilter.java @@ -40,7 +40,7 @@ * * @author jeremy long */ -public final class AlphaNumericFilter extends AbstractTokenizingFilter { +public class AlphaNumericFilter extends AbstractTokenizingFilter { /** * The position increment attribute. @@ -65,7 +65,7 @@ public AlphaNumericFilter(TokenStream stream) { * {@inheritDoc} */ @Override - public boolean incrementToken() throws IOException { + public final boolean incrementToken() throws IOException { final ArrayDeque tokens = getTokens(); final CharTermAttribute termAtt = getTermAtt(); if (tokens.isEmpty()) { diff --git a/core/src/main/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java b/core/src/main/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java index 0a94fe80493..44addc0f0c0 100644 --- a/core/src/main/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java +++ b/core/src/main/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java @@ -36,7 +36,7 @@ * @author Jeremy Long */ @NotThreadSafe -public final class TokenPairConcatenatingFilter extends TokenFilter { +public class TokenPairConcatenatingFilter extends TokenFilter { /** * The char term attribute. @@ -72,11 +72,11 @@ public TokenPairConcatenatingFilter(TokenStream stream) { * @throws IOException is thrown when an IOException occurs */ @Override - public boolean incrementToken() throws IOException { + public final boolean incrementToken() throws IOException { if (addSingleTerm && previousWord != null) { addSingleTerm = false; clearAttributes(); - termAtt.append(previousWord); + appendTerm(previousWord); return true; } else if (input.incrementToken()) { @@ -86,12 +86,13 @@ public boolean incrementToken() throws IOException { } if (addSingleTerm) { clearAttributes(); - termAtt.append(word); + appendTerm(word); previousWord = word; addSingleTerm = false; } else { clearAttributes(); - termAtt.append(previousWord).append(word); + appendTerm(previousWord); + appendTerm(word); previousWord = word; addSingleTerm = true; } @@ -100,6 +101,10 @@ public boolean incrementToken() throws IOException { return false; } + protected void appendTerm(String term) { + termAtt.append(term); + } + /** * Resets the filter. This must be manually called between searching and * indexing. Unable to rely on `reset` as it appears to be called between diff --git a/core/src/main/java/org/owasp/dependencycheck/data/lucene/UrlTokenizingFilter.java b/core/src/main/java/org/owasp/dependencycheck/data/lucene/UrlTokenizingFilter.java index 831799fd761..a9cbd0da1ba 100644 --- a/core/src/main/java/org/owasp/dependencycheck/data/lucene/UrlTokenizingFilter.java +++ b/core/src/main/java/org/owasp/dependencycheck/data/lucene/UrlTokenizingFilter.java @@ -35,7 +35,7 @@ * @author Jeremy Long */ @NotThreadSafe -public final class UrlTokenizingFilter extends AbstractTokenizingFilter { +public class UrlTokenizingFilter extends AbstractTokenizingFilter { /** * The logger. @@ -60,8 +60,7 @@ public UrlTokenizingFilter(TokenStream stream) { * @throws IOException is thrown when an IOException occurs */ @Override - @SuppressWarnings("StringSplitter") - public boolean incrementToken() throws IOException { + public final boolean incrementToken() throws IOException { final ArrayDeque tokens = getTokens(); final CharTermAttribute termAtt = getTermAtt(); if (tokens.isEmpty() && input.incrementToken()) { diff --git a/core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusV3Search.java b/core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusV3Search.java index 8bb31bc7573..757db222705 100644 --- a/core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusV3Search.java +++ b/core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusV3Search.java @@ -24,7 +24,7 @@ import org.apache.hc.core5.http.HttpEntity; import org.apache.hc.core5.http.HttpHeaders; import org.apache.hc.core5.http.message.BasicHeader; -import org.jetbrains.annotations.Nullable; +import org.jspecify.annotations.Nullable; import org.owasp.dependencycheck.utils.DownloadFailedException; import org.owasp.dependencycheck.utils.Downloader; import org.owasp.dependencycheck.utils.ForbiddenException; diff --git a/core/src/main/java/org/owasp/dependencycheck/data/nodeaudit/NodeAuditSearch.java b/core/src/main/java/org/owasp/dependencycheck/data/nodeaudit/NodeAuditSearch.java index c1f058ca6eb..01ff8d97962 100644 --- a/core/src/main/java/org/owasp/dependencycheck/data/nodeaudit/NodeAuditSearch.java +++ b/core/src/main/java/org/owasp/dependencycheck/data/nodeaudit/NodeAuditSearch.java @@ -31,7 +31,6 @@ import org.apache.hc.core5.http.Header; import org.apache.hc.core5.http.HttpHeaders; import org.apache.hc.core5.http.message.BasicHeader; -import org.json.JSONException; import org.json.JSONObject; import org.owasp.dependencycheck.utils.DownloadFailedException; import org.owasp.dependencycheck.utils.Downloader; @@ -171,7 +170,7 @@ private List submitPackage(JsonObject packageJson, String key, int cou cache.put(key, advisories); } return advisories; - } catch (RuntimeException | URISyntaxException | JSONException | TooManyRequestsException | ResourceNotFoundException ex) { + } catch (RuntimeException | URISyntaxException | TooManyRequestsException | ResourceNotFoundException ex) { LOGGER.debug("Error connecting to Node Audit API. Error: {}", ex.getMessage()); throw new SearchException("Could not connect to Node Audit API: " + ex.getMessage(), ex); diff --git a/core/src/main/java/org/owasp/dependencycheck/data/update/NvdApiDataSource.java b/core/src/main/java/org/owasp/dependencycheck/data/update/NvdApiDataSource.java index aeb05a8073a..9876bae4cb3 100644 --- a/core/src/main/java/org/owasp/dependencycheck/data/update/NvdApiDataSource.java +++ b/core/src/main/java/org/owasp/dependencycheck/data/update/NvdApiDataSource.java @@ -55,7 +55,7 @@ import java.util.function.Function; import java.util.zip.GZIPOutputStream; -import org.jetbrains.annotations.NotNull; +import org.jspecify.annotations.NonNull; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.data.nvdcve.CveDB; import org.owasp.dependencycheck.data.nvdcve.DatabaseException; @@ -666,20 +666,20 @@ public FeedUrl withPattern(Function, String> patternTransformer return new FeedUrl(url, patternTransformer.apply(Optional.ofNullable(pattern))); } - @NotNull String toFormattedUrlString(String formatArg) { + @NonNull String toFormattedUrlString(String formatArg) { return url + MessageFormat.format(Optional.ofNullable(pattern).orElseThrow(), formatArg); } - @NotNull String toFormattedUrlString(int formatArg) { + @NonNull String toFormattedUrlString(int formatArg) { return toFormattedUrlString(String.valueOf(formatArg)); } - @NotNull URL toFormattedUrl(@NotNull String formatArg) throws MalformedURLException, URISyntaxException { + @NonNull URL toFormattedUrl(@NonNull String formatArg) throws MalformedURLException, URISyntaxException { return new URI(toFormattedUrlString(formatArg)).toURL(); } @SuppressWarnings("SameParameterValue") - @NotNull URL toSuffixedUrl(String suffix) throws MalformedURLException, URISyntaxException { + @NonNull URL toSuffixedUrl(String suffix) throws MalformedURLException, URISyntaxException { return new URI(url + suffix).toURL(); } @@ -705,7 +705,7 @@ protected static FeedUrl extractFromUrlOptionalPattern(String url) { return new FeedUrl(baseUrl, pattern); } - private static @NotNull Pair toYearRange(Settings settings, ZonedDateTime now) { + private static @NonNull Pair toYearRange(Settings settings, ZonedDateTime now) { // for establishing the current year use the timezone where the new year starts first // as from that moment on CNAs might start assigning CVEs with the new year depending // on the CNA's timezone @@ -714,11 +714,11 @@ protected static FeedUrl extractFromUrlOptionalPattern(String url) { return new Pair<>(startYear, endYear); } - private @NotNull ZonedDateTime getLastModifiedFor(int year) throws UpdateException { + private @NonNull ZonedDateTime getLastModifiedFor(int year) throws UpdateException { return getLastModifiedFor(String.valueOf(year)); } - private @NotNull ZonedDateTime getLastModifiedFor(String fileVersion) throws UpdateException { + private @NonNull ZonedDateTime getLastModifiedFor(String fileVersion) throws UpdateException { try { String content = Downloader.getInstance().fetchContent(toFormattedUrl(fileVersion), UTF_8); Properties props = new Properties(); diff --git a/core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java b/core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java index a726d613850..4025b5a1c9f 100644 --- a/core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java +++ b/core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java @@ -21,7 +21,7 @@ import org.apache.commons.lang3.builder.CompareToBuilder; import org.apache.commons.lang3.builder.EqualsBuilder; import org.apache.commons.lang3.builder.HashCodeBuilder; -import org.jetbrains.annotations.NotNull; +import org.jspecify.annotations.NonNull; import java.io.Serializable; import javax.annotation.concurrent.ThreadSafe; @@ -235,7 +235,7 @@ public boolean equals(Object obj) { * @return an integer indicating the ordering of the two objects */ @Override - public int compareTo(@NotNull Evidence o) { + public int compareTo(@NonNull Evidence o) { return new CompareToBuilder() .append(this.source == null ? null : this.source.toLowerCase(), o.source == null ? null : o.source.toLowerCase()) .append(this.name == null ? null : this.name.toLowerCase(), o.name == null ? null : o.name.toLowerCase()) diff --git a/core/src/main/java/org/owasp/dependencycheck/dependency/Reference.java b/core/src/main/java/org/owasp/dependencycheck/dependency/Reference.java index 2922e8a185d..e3f14284084 100644 --- a/core/src/main/java/org/owasp/dependencycheck/dependency/Reference.java +++ b/core/src/main/java/org/owasp/dependencycheck/dependency/Reference.java @@ -22,7 +22,7 @@ import org.apache.commons.lang3.builder.CompareToBuilder; import org.apache.commons.lang3.builder.EqualsBuilder; import org.apache.commons.lang3.builder.HashCodeBuilder; -import org.jetbrains.annotations.NotNull; +import org.jspecify.annotations.NonNull; /** * An external reference for a vulnerability. This contains a name, URL, and a @@ -160,7 +160,7 @@ public int hashCode() { * @return an integer indicating the ordering of the two objects */ @Override - public int compareTo(@NotNull Reference o) { + public int compareTo(@NonNull Reference o) { return new CompareToBuilder() .append(source, o.source) .append(name, o.name) diff --git a/core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java b/core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java index 395dd3d38bd..118a2deb932 100644 --- a/core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java +++ b/core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java @@ -31,7 +31,7 @@ import org.apache.commons.lang3.builder.CompareToBuilder; import org.apache.commons.lang3.builder.EqualsBuilder; import org.apache.commons.lang3.builder.HashCodeBuilder; -import org.jetbrains.annotations.NotNull; +import org.jspecify.annotations.NonNull; import org.owasp.dependencycheck.utils.SeverityUtil; /** @@ -506,7 +506,7 @@ public String toString() { * @see #bestEffortSeverityLevelForSorting() */ @Override - public int compareTo(@NotNull Vulnerability o) { + public int compareTo(@NonNull Vulnerability o) { return new CompareToBuilder() .append(o.bestEffortSeverityLevelForSorting(), this.bestEffortSeverityLevelForSorting()) .append(this.name, o.name) @@ -529,7 +529,7 @@ public int compareTo(@NotNull Vulnerability o) { * highest CVSSv2 HIGH and the lowest CVSSv3 CRITICAL severity level. * * @see SeverityUtil#estimatedSortAdjustedCVSSv3(String) - * @see SeverityUtil#sortAdjustedCVSSv3BaseScore(float) + * @see SeverityUtil#sortAdjustedCVSSv3BaseScore(Double) * @return A float value that allows for best-effort sorting on * vulnerability severity */ diff --git a/core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java b/core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java index 6225be01f27..fbf63b57e06 100644 --- a/core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java +++ b/core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java @@ -26,7 +26,7 @@ import org.apache.commons.lang3.builder.CompareToBuilder; import org.apache.commons.lang3.builder.EqualsBuilder; import org.apache.commons.lang3.builder.HashCodeBuilder; -import org.jetbrains.annotations.NotNull; +import org.jspecify.annotations.NonNull; import org.owasp.dependencycheck.analyzer.exception.UnexpectedAnalysisException; import org.owasp.dependencycheck.dependency.naming.CpeIdentifier; import org.owasp.dependencycheck.utils.DependencyVersion; @@ -134,7 +134,7 @@ private static String normalizeForComparison(String s) { } @Override - public int compareTo(@NotNull ICpe o) { + public int compareTo(@NonNull ICpe o) { if (o instanceof VulnerableSoftware) { final VulnerableSoftware other = (VulnerableSoftware) o; return new CompareToBuilder() diff --git a/core/src/main/java/org/owasp/dependencycheck/dependency/naming/CpeIdentifier.java b/core/src/main/java/org/owasp/dependencycheck/dependency/naming/CpeIdentifier.java index 0f6dc48006b..d10a3e5ad53 100644 --- a/core/src/main/java/org/owasp/dependencycheck/dependency/naming/CpeIdentifier.java +++ b/core/src/main/java/org/owasp/dependencycheck/dependency/naming/CpeIdentifier.java @@ -21,7 +21,7 @@ import org.apache.commons.lang3.builder.EqualsBuilder; import org.apache.commons.lang3.builder.HashCodeBuilder; import org.apache.hc.core5.net.PercentCodec; -import org.jetbrains.annotations.NotNull; +import org.jspecify.annotations.NonNull; import org.owasp.dependencycheck.dependency.Confidence; import us.springett.parsers.cpe.Cpe; import us.springett.parsers.cpe.CpeBuilder; @@ -190,7 +190,7 @@ public boolean equals(Object obj) { } @Override - public int compareTo(@NotNull Identifier o) { + public int compareTo(@NonNull Identifier o) { if (o instanceof CpeIdentifier) { final CpeIdentifier other = (CpeIdentifier) o; return new CompareToBuilder() diff --git a/core/src/main/java/org/owasp/dependencycheck/dependency/naming/GenericIdentifier.java b/core/src/main/java/org/owasp/dependencycheck/dependency/naming/GenericIdentifier.java index 5ce7b437ca1..d01639d23e6 100644 --- a/core/src/main/java/org/owasp/dependencycheck/dependency/naming/GenericIdentifier.java +++ b/core/src/main/java/org/owasp/dependencycheck/dependency/naming/GenericIdentifier.java @@ -21,7 +21,7 @@ import org.apache.commons.lang3.builder.CompareToBuilder; import org.apache.commons.lang3.builder.EqualsBuilder; import org.apache.commons.lang3.builder.HashCodeBuilder; -import org.jetbrains.annotations.NotNull; +import org.jspecify.annotations.NonNull; import org.owasp.dependencycheck.dependency.Confidence; /** @@ -189,7 +189,7 @@ public String toString() { * @return an integer indicating the ordering */ @Override - public int compareTo(@NotNull Identifier o) { + public int compareTo(@NonNull Identifier o) { return new CompareToBuilder() .append(this.value, o.toString()) .append(this.url, o.getUrl()) diff --git a/core/src/main/java/org/owasp/dependencycheck/dependency/naming/PurlIdentifier.java b/core/src/main/java/org/owasp/dependencycheck/dependency/naming/PurlIdentifier.java index ea74f2329fa..702b5c41692 100644 --- a/core/src/main/java/org/owasp/dependencycheck/dependency/naming/PurlIdentifier.java +++ b/core/src/main/java/org/owasp/dependencycheck/dependency/naming/PurlIdentifier.java @@ -19,7 +19,7 @@ import com.github.packageurl.MalformedPackageURLException; import org.apache.commons.lang3.builder.CompareToBuilder; -import org.jetbrains.annotations.NotNull; +import org.jspecify.annotations.NonNull; import org.owasp.dependencycheck.dependency.Confidence; import com.github.packageurl.PackageURL; import com.github.packageurl.PackageURLBuilder; @@ -212,7 +212,7 @@ public String toGav() { } @Override - public int compareTo(@NotNull Identifier o) { + public int compareTo(@NonNull Identifier o) { if (o instanceof PurlIdentifier) { final PurlIdentifier other = (PurlIdentifier) o; return new CompareToBuilder() diff --git a/core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java b/core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java index 7f14f4e3f43..144816cec27 100644 --- a/core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java +++ b/core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java @@ -25,7 +25,7 @@ import javax.annotation.concurrent.NotThreadSafe; import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.builder.HashCodeBuilder; -import org.jetbrains.annotations.NotNull; +import org.jspecify.annotations.NonNull; /** *

@@ -113,7 +113,7 @@ public void setVersionParts(List versionParts) { * * @return an iterator for the version parts */ - @NotNull + @NonNull @Override public Iterator iterator() { return versionParts.iterator(); @@ -232,10 +232,7 @@ public boolean matchesAtLeastThreeLevels(DependencyVersion version) { } @Override - public int compareTo(@NotNull DependencyVersion version) { - if (version == null) { - return 1; - } + public int compareTo(@NonNull DependencyVersion version) { final List left = this.getVersionParts(); final List right = version.getVersionParts(); final int max = Math.min(left.size(), right.size()); diff --git a/core/src/main/java/org/owasp/dependencycheck/utils/Filter.java b/core/src/main/java/org/owasp/dependencycheck/utils/Filter.java index bbbaf0602f1..28fde4b169e 100644 --- a/core/src/main/java/org/owasp/dependencycheck/utils/Filter.java +++ b/core/src/main/java/org/owasp/dependencycheck/utils/Filter.java @@ -1,6 +1,5 @@ package org.owasp.dependencycheck.utils; -import org.jetbrains.annotations.NotNull; import java.util.Iterator; import java.util.NoSuchElementException; diff --git a/core/src/main/java/org/owasp/dependencycheck/xml/XmlInputStream.java b/core/src/main/java/org/owasp/dependencycheck/xml/XmlInputStream.java index 68d7fc13ec9..4f4026ed112 100644 --- a/core/src/main/java/org/owasp/dependencycheck/xml/XmlInputStream.java +++ b/core/src/main/java/org/owasp/dependencycheck/xml/XmlInputStream.java @@ -5,7 +5,7 @@ import java.io.InputStream; import javax.annotation.concurrent.NotThreadSafe; -import org.jetbrains.annotations.NotNull; +import org.jspecify.annotations.NonNull; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -212,7 +212,7 @@ public int read() throws IOException { * stream */ @Override - public int read(@NotNull byte[] data, int offset, int length) throws IOException { + public int read(@NonNull byte[] data, int offset, int length) throws IOException { final StringBuilder s = read(length); int n = 0; for (int i = 0; i < Math.min(length, s.length()); i++) { diff --git a/core/src/test/java/org/owasp/dependencycheck/data/lucene/AlphaNumericFilterTest.java b/core/src/test/java/org/owasp/dependencycheck/data/lucene/AlphaNumericFilterTest.java index 5f5c52ee148..17fadad7c8a 100644 --- a/core/src/test/java/org/owasp/dependencycheck/data/lucene/AlphaNumericFilterTest.java +++ b/core/src/test/java/org/owasp/dependencycheck/data/lucene/AlphaNumericFilterTest.java @@ -17,100 +17,40 @@ */ package org.owasp.dependencycheck.data.lucene; -import java.io.IOException; -import org.apache.lucene.analysis.Analyzer; -import org.apache.lucene.tests.analysis.BaseTokenStreamTestCase; -import static org.apache.lucene.tests.analysis.BaseTokenStreamTestCase.checkOneTerm; -import static org.apache.lucene.tests.analysis.BaseTokenStreamTestCase.checkRandomData; -import org.apache.lucene.tests.analysis.MockTokenizer; -import org.apache.lucene.analysis.Tokenizer; -import org.apache.lucene.analysis.core.KeywordTokenizer; -import static org.apache.lucene.tests.util.LuceneTestCase.RANDOM_MULTIPLIER; -import static org.apache.lucene.tests.util.LuceneTestCase.random; -import org.junit.Test; -import static org.junit.Assert.*; -import org.junit.Before; +import org.apache.lucene.analysis.TokenFilter; +import org.apache.lucene.analysis.TokenStream; +import org.hamcrest.Matchers; +import org.jspecify.annotations.NonNull; +import org.junit.jupiter.api.Test; + +import java.util.List; + +import static org.hamcrest.MatcherAssert.assertThat; /** * * @author Jeremy Long */ -public class AlphaNumericFilterTest extends BaseTokenStreamTestCase { - - private Analyzer analyzer; - - @Before - @Override - public void setUp() throws Exception { - super.setUp(); - analyzer = new Analyzer() { - @Override - protected Analyzer.TokenStreamComponents createComponents(String fieldName) { - Tokenizer source = new MockTokenizer(MockTokenizer.WHITESPACE, false); - return new Analyzer.TokenStreamComponents(source, new AlphaNumericFilter(source)); - } - }; - } +public class AlphaNumericFilterTest extends BaseTokenFilterTest { - /** - * Test of incrementToken method, of class AlphaNumericFilter. - * - * @throws Exception thrown if there is a problem - */ @Test public void testIncrementToken() throws Exception { - String[] expected = new String[6]; - expected[0] = "http"; - expected[1] = "www"; - expected[2] = "domain"; - expected[3] = "com"; - expected[4] = "test"; - expected[5] = "php"; - assertAnalyzesTo(analyzer, "http://www.domain.com/test.php", expected); + assertThat(processAllFrom("http://www.domain.com/test.php"), Matchers.contains("http", "www", "domain", "com", "test", "php")); } - /** - * Test of incrementToken method, of class AlphaNumericFilter. - * - * @throws Exception thrown if there is a problem - */ @Test public void testGarbage() throws Exception { - String[] expected = new String[2]; - expected[0] = "test"; - expected[1] = "two"; - assertAnalyzesTo(analyzer, "!@#$% !@#$ &*(@#$ test-two @#$%", expected); + assertThat(processAllFrom("!@#$% !@#$ &*(@#$ test-two @#$%"), Matchers.contains("test", "two")); } - /** - * copied from - * http://svn.apache.org/repos/asf/lucene/dev/trunk/lucene/analysis/common/src/test/org/apache/lucene/analysis/en/TestEnglishMinimalStemFilter.java - * blast some random strings through the analyzer - */ - @Test - public void testRandomStrings() { - try { - checkRandomData(random(), analyzer, 1000 * RANDOM_MULTIPLIER); - } catch (IOException ex) { - fail("Failed test random strings: " + ex.getMessage()); - } - } - - /** - * copied from - * http://svn.apache.org/repos/asf/lucene/dev/trunk/lucene/analysis/common/src/test/org/apache/lucene/analysis/en/TestEnglishMinimalStemFilter.java - * - * @throws IOException - */ - @Test - public void testEmptyTerm() throws IOException { - Analyzer a = new Analyzer() { + @Override + TokenFilter newFilter(@NonNull final TokenStream stream, List terms) { + return new AlphaNumericFilter(stream) { @Override - protected Analyzer.TokenStreamComponents createComponents(String fieldName) { - Tokenizer tokenizer = new KeywordTokenizer(); - return new Analyzer.TokenStreamComponents(tokenizer, new AlphaNumericFilter(tokenizer)); + protected void appendTerm(String term) { + super.appendTerm(term); + terms.add(term); } }; - checkOneTerm(a, "", ""); } } diff --git a/core/src/test/java/org/owasp/dependencycheck/data/lucene/BaseTokenFilterTest.java b/core/src/test/java/org/owasp/dependencycheck/data/lucene/BaseTokenFilterTest.java new file mode 100644 index 00000000000..83fd70874b7 --- /dev/null +++ b/core/src/test/java/org/owasp/dependencycheck/data/lucene/BaseTokenFilterTest.java @@ -0,0 +1,55 @@ +package org.owasp.dependencycheck.data.lucene; + +import org.apache.commons.lang3.RandomStringUtils; +import org.apache.lucene.analysis.Analyzer; +import org.apache.lucene.analysis.TokenFilter; +import org.apache.lucene.analysis.TokenStream; +import org.apache.lucene.analysis.core.KeywordAnalyzer; +import org.jspecify.annotations.NonNull; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.RepeatedTest; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; + +public abstract class BaseTokenFilterTest { + private Analyzer analyzer; + + @BeforeEach + public void setUp() throws Exception { + analyzer = new KeywordAnalyzer(); + } + + @AfterEach + public void tearDown() throws Exception { + analyzer.close(); + } + + @RepeatedTest(1000) + public void testRandomStrings() { + String input = RandomStringUtils.insecure().nextAlphanumeric(1, 1000); + assertDoesNotThrow(() -> processAllFrom(input), () -> "Failed to process input: " + input); + } + + protected @NonNull TokenStream freshTokenStream(String input) throws IOException { + TokenStream dummy = analyzer.tokenStream("dummy", input); + dummy.reset(); + return dummy; + } + + @NonNull + protected List processAllFrom(String input) throws IOException { + List terms = new ArrayList<>(); + try (TokenFilter filter = newFilter(freshTokenStream(input), terms)) { + //noinspection StatementWithEmptyBody + while (filter.incrementToken()) {} + return terms; + } + } + + abstract TokenFilter newFilter(@NonNull final TokenStream stream, List terms); +} diff --git a/core/src/test/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilterTest.java b/core/src/test/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilterTest.java index 49aedacabf4..60250fd6dcd 100644 --- a/core/src/test/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilterTest.java +++ b/core/src/test/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilterTest.java @@ -17,82 +17,33 @@ */ package org.owasp.dependencycheck.data.lucene; -import java.io.IOException; -import org.apache.lucene.analysis.Analyzer; -import org.apache.lucene.tests.analysis.BaseTokenStreamTestCase; -import static org.apache.lucene.tests.analysis.BaseTokenStreamTestCase.checkOneTerm; -import org.apache.lucene.tests.analysis.MockTokenizer; -import org.apache.lucene.analysis.Tokenizer; -import org.apache.lucene.analysis.core.KeywordTokenizer; -import static org.junit.Assert.fail; -import org.junit.Before; -import org.junit.Test; +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.contains; -/** - * - * @author Jeremy Long - */ -public class TokenPairConcatenatingFilterTest extends BaseTokenStreamTestCase { +import org.apache.lucene.analysis.TokenFilter; +import org.apache.lucene.analysis.TokenStream; +import org.jspecify.annotations.NonNull; +import org.junit.jupiter.api.Disabled; +import org.junit.jupiter.api.Test; + +import java.util.List; + +public class TokenPairConcatenatingFilterTest extends BaseTokenFilterTest { -// private Analyzer analyzer; -// -// @Before -// @Override -// public void setUp() throws Exception { -// super.setUp(); -// analyzer = new Analyzer() { -// @Override -// protected Analyzer.TokenStreamComponents createComponents(String fieldName) { -// Tokenizer source = new MockTokenizer(MockTokenizer.WHITESPACE, false); -// return new Analyzer.TokenStreamComponents(source, new TokenPairConcatenatingFilter(source)); -// } -// }; -// } -// -// /** -// * Test of incrementToken method, of class TokenPairConcatenatingFilter. -// */ -// @Test -// public void testIncrementToken() throws Exception { -// String[] expected = new String[5]; -// expected[0] = "red"; -// expected[1] = "redblue"; -// expected[2] = "blue"; -// expected[3] = "bluegreen"; -// expected[4] = "green"; -// assertAnalyzesTo(analyzer, "red blue green", expected); -// } -// /** -// * copied from -// * http://svn.apache.org/repos/asf/lucene/dev/trunk/lucene/analysis/common/src/test/org/apache/lucene/analysis/en/TestEnglishMinimalStemFilter.java -// * blast some random strings through the analyzer -// */ -// public void testRandomStrings() { -// try { -// checkRandomData(random(), analyzer, 1000 * RANDOM_MULTIPLIER); -// } catch (IOException ex) { -// fail("Failed test random strings: " + ex.getMessage()); -// } -// } - /** - * copied from - * http://svn.apache.org/repos/asf/lucene/dev/trunk/lucene/analysis/common/src/test/org/apache/lucene/analysis/en/TestEnglishMinimalStemFilter.java - * - * @throws IOException - */ @Test - public void testEmptyTerm() { - Analyzer a = new Analyzer() { + @Disabled("Has been broken since change to reset logic in 74ff6d99e78eaef15c595fe35d7ed12d8c22a7a9") + public void testIncrementToken() throws Exception { + assertThat(processAllFrom("red blue green"), contains("red", "redblue", "blue", "bluegreen", "green")); + } + + @Override + TokenFilter newFilter(@NonNull final TokenStream stream, List terms) { + return new TokenPairConcatenatingFilter(stream) { @Override - protected Analyzer.TokenStreamComponents createComponents(String fieldName) { - Tokenizer tokenizer = new KeywordTokenizer(); - return new Analyzer.TokenStreamComponents(tokenizer, new TokenPairConcatenatingFilter(tokenizer)); + protected void appendTerm(String term) { + super.appendTerm(term); + terms.add(term); } }; - try { - checkOneTerm(a, "", ""); - } catch (IOException ex) { - fail("Failed test random strings: " + ex.getMessage()); - } } } diff --git a/core/src/test/java/org/owasp/dependencycheck/data/lucene/UrlTokenizingFilterTest.java b/core/src/test/java/org/owasp/dependencycheck/data/lucene/UrlTokenizingFilterTest.java index fd25509743a..8c8930cf308 100644 --- a/core/src/test/java/org/owasp/dependencycheck/data/lucene/UrlTokenizingFilterTest.java +++ b/core/src/test/java/org/owasp/dependencycheck/data/lucene/UrlTokenizingFilterTest.java @@ -17,73 +17,35 @@ */ package org.owasp.dependencycheck.data.lucene; -import java.io.IOException; -import org.apache.lucene.analysis.Analyzer; -import org.apache.lucene.tests.analysis.BaseTokenStreamTestCase; -import org.apache.lucene.tests.analysis.MockTokenizer; -import org.apache.lucene.analysis.Tokenizer; -import org.apache.lucene.analysis.core.KeywordTokenizer; -import org.junit.Test; +import org.apache.lucene.analysis.TokenFilter; +import org.apache.lucene.analysis.TokenStream; +import org.hamcrest.Matchers; +import org.jspecify.annotations.NonNull; +import org.junit.jupiter.api.Test; + +import java.util.List; + +import static org.hamcrest.MatcherAssert.assertThat; /** * * @author Jeremy Long */ -public class UrlTokenizingFilterTest extends BaseTokenStreamTestCase { - - private final Analyzer analyzer; - - public UrlTokenizingFilterTest() { - analyzer = new Analyzer() { - @Override - protected TokenStreamComponents createComponents(String fieldName) { - Tokenizer source = new MockTokenizer(MockTokenizer.WHITESPACE, false); - return new TokenStreamComponents(source, new UrlTokenizingFilter(source)); - } - }; - } - - /** - * test some example domains - */ - @Test - public void testExamples() throws IOException { - String[] expected = new String[2]; - expected[0] = "domain"; - expected[1] = "test"; - assertAnalyzesTo(analyzer, "http://www.domain.com/test.php", expected); - checkOneTerm(analyzer, "https://apache.org", "apache"); - } - - /** - * copied from - * http://svn.apache.org/repos/asf/lucene/dev/trunk/lucene/analysis/common/src/test/org/apache/lucene/analysis/en/TestEnglishMinimalStemFilter.java - * blast some random strings through the analyzer - */ +public class UrlTokenizingFilterTest extends BaseTokenFilterTest { @Test - public void testRandomStrings() { - try { - checkRandomData(random(), analyzer, 1000 * RANDOM_MULTIPLIER); - } catch (IOException ex) { - fail("Failed test random strings: " + ex.getMessage()); - } + public void testIncrementToken() throws Exception { + assertThat(processAllFrom("http://www.domain.com/test.php"), Matchers.contains("domain", "test")); + assertThat(processAllFrom("https://apache.org"), Matchers.contains("apache")); } - /** - * copied from - * http://svn.apache.org/repos/asf/lucene/dev/trunk/lucene/analysis/common/src/test/org/apache/lucene/analysis/en/TestEnglishMinimalStemFilter.java - * - * @throws IOException - */ - @Test - public void testEmptyTerm() throws IOException { - Analyzer a = new Analyzer() { + @Override + TokenFilter newFilter(@NonNull final TokenStream stream, List terms) { + return new UrlTokenizingFilter(stream) { @Override - protected TokenStreamComponents createComponents(String fieldName) { - Tokenizer tokenizer = new KeywordTokenizer(); - return new TokenStreamComponents(tokenizer, new UrlTokenizingFilter(tokenizer)); + protected void appendTerm(String term) { + super.appendTerm(term); + terms.add(term); } }; - checkOneTerm(a, "", ""); } } diff --git a/maven/pom.xml b/maven/pom.xml index b1472b652dd..23314800601 100644 --- a/maven/pom.xml +++ b/maven/pom.xml @@ -29,6 +29,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved. 2013 3.15.2 + ${java.home} scm:git:https://github.com/dependency-check/DependencyCheck.git @@ -92,17 +93,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved. - - - - org.apache.maven - maven-resolver-provider - ${maven.api.version} - pom - import - - - org.owasp @@ -114,16 +104,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved. dependency-check-utils ${project.parent.version} - - org.mockito - mockito-core - test - - - org.mockito - mockito-junit-jupiter - test - org.apache.maven maven-plugin-api @@ -191,11 +171,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved. maven-artifact provided - - org.apache.maven.resolver - maven-resolver-api - provided - org.apache.maven.shared maven-common-artifact-filters @@ -216,25 +191,31 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved. FullIntegrationTesting - - - releaseTesting - - + + org.apache.maven.plugins + maven-surefire-plugin + + + false + + org.apache.maven.plugins maven-invoker-plugin 4 - ${failsafeArgLine} ${project.build.directory}/it target/local-repo ${project.version} + + ${toolchain.jdk.test.home} @@ -245,13 +226,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved. - - - org.apache.commons - commons-lang3 - ${commons-lang3.version} - - diff --git a/maven/src/it/1751-use-child-repositories/postbuild.groovy b/maven/src/it/1751-use-child-repositories/postbuild.groovy index 6f0f1ed977a..9035bf378d9 100644 --- a/maven/src/it/1751-use-child-repositories/postbuild.groovy +++ b/maven/src/it/1751-use-child-repositories/postbuild.groovy @@ -16,7 +16,7 @@ * Copyright (c) 2014 Jeremy Long. All Rights Reserved. */ -import groovy.util.XmlSlurper +import groovy.xml.XmlSlurper String report = new File(basedir, "target/dependency-check-report.xml").text; diff --git a/maven/src/it/690-threadsafety/first-a/pom.xml b/maven/src/it/690-threadsafety/first-a/pom.xml index 09edb141215..ac713977c94 100644 --- a/maven/src/it/690-threadsafety/first-a/pom.xml +++ b/maven/src/it/690-threadsafety/first-a/pom.xml @@ -39,7 +39,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved. org.springframework.boot spring-boot-starter-data-jpa - 1.5.2.RELEASE + 1.5.22.RELEASE org.apache.james diff --git a/maven/src/it/690-threadsafety/first/pom.xml b/maven/src/it/690-threadsafety/first/pom.xml index 558d5c1324c..e172fa73ca5 100644 --- a/maven/src/it/690-threadsafety/first/pom.xml +++ b/maven/src/it/690-threadsafety/first/pom.xml @@ -39,7 +39,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved. org.springframework.boot spring-boot-starter-data-jpa - 1.5.2.RELEASE + 1.5.22.RELEASE org.apache.james diff --git a/pom.xml b/pom.xml index ee3771281d4..a6eda0607c5 100644 --- a/pom.xml +++ b/pom.xml @@ -130,9 +130,9 @@ Copyright (c) 2012 - Jeremy Long 9.3 2.0.0 3.2.0 - 3.9.0 + 3.10.0 3.12.0 - + 2.5 3.9.0 3.5.4 @@ -140,8 +140,6 @@ Copyright (c) 2012 - Jeremy Long 4.9.8.2 3.2.2 2.21.0 - 26.0.2-1 - 4.9.8 2.4.240 1.11.0 2.21.0 @@ -149,9 +147,6 @@ Copyright (c) 2012 - Jeremy Long 1.15.0 5.5.1 5.3.6 - 3.2.1 1.2.3 5.14.2 @@ -168,7 +163,6 @@ Copyright (c) 2012 - Jeremy Long 1.1.7 0.13.1 3.4.0 - 2.4.21 4.3.0 3.0.4 2.21.0 @@ -176,7 +170,15 @@ Copyright (c) 2012 - Jeremy Long 9.6.0 - 5.15.0 + + + --enable-native-access=ALL-UNNAMED -XX:+IgnoreUnrecognizedVMOptions @@ -197,7 +199,7 @@ Copyright (c) 2012 - Jeremy Long org.jsonschema2pojo jsonschema2pojo-maven-plugin - 1.2.2 + 1.3.3 org.codehaus.mojo @@ -278,6 +280,9 @@ Copyright (c) 2012 - Jeremy Long org.apache.maven.plugins maven-resources-plugin 3.4.0 + + ISO-8859-1 + org.owasp.maven-tools @@ -340,13 +345,6 @@ Copyright (c) 2012 - Jeremy Long org.apache.maven.plugins maven-invoker-plugin 3.9.1 - - - org.codehaus.groovy - groovy-all - ${groovy-all.version} - - org.codehaus.gmavenplus @@ -354,27 +352,27 @@ Copyright (c) 2012 - Jeremy Long ${gmavenplus-plugin.version} - org.codehaus.groovy - groovy-all - ${groovy-all.version} + org.apache.groovy + groovy-ant + 5.0.4 runtime + + org.codehaus.mojo + versions-maven-plugin + ${versions-maven-plugin.version} + + .*-(alpha|beta|M|rc)[-0-9]+ + + org.codehaus.gmavenplus gmavenplus-plugin - - - org.codehaus.groovy - groovy-all - ${groovy-all.version} - runtime - - add-dynamic-properties-clean @@ -440,8 +438,10 @@ Copyright (c) 2012 - Jeremy Long org.apache.maven.plugins maven-compiler-plugin + ${maven.compiler.release} true + -proc:none -Xlint @@ -561,14 +561,14 @@ Copyright (c) 2012 - Jeremy Long - enforce-maven-3 + enforce-maven enforce - [3.1,] + 3.9.0 true @@ -627,11 +627,22 @@ Copyright (c) 2012 - Jeremy Long + + org.apache.maven.plugins + maven-dependency-plugin + + + + properties + + + + org.apache.maven.plugins maven-surefire-plugin - @{surefireArgLine} -Dfile.encoding=UTF-8 + @{surefireArgLine} -javaagent:${org.mockito:mockito-core:jar} ${runtime.extra.jvm.args} -Dfile.encoding=UTF-8 false ${project.build.directory}/data @@ -644,7 +655,7 @@ Copyright (c) 2012 - Jeremy Long org.apache.maven.plugins maven-failsafe-plugin - @{failsafeArgLine} + @{failsafeArgLine} -javaagent:${org.mockito:mockito-core:jar} ${runtime.extra.jvm.args} ${project.build.directory}/data ${project.build.directory}/temp @@ -839,7 +850,7 @@ Copyright (c) 2012 - Jeremy Long summary - issue-management + issue-management modules team scm @@ -914,7 +925,6 @@ Copyright (c) 2012 - Jeremy Long org.codehaus.mojo versions-maven-plugin - ${versions-maven-plugin.version} @@ -938,36 +948,6 @@ Copyright (c) 2012 - Jeremy Long jdiagnostics 1.0.7 - - org.mock-server - mockserver-core - ${mock-server.version} - test - - - org.mock-server - mockserver-client-java - test - ${mock-server.version} - - - org.mock-server - mockserver-junit-jupiter - ${mock-server.version} - test - - - org.mockito - mockito-core - ${mockito.version} - test - - - org.mockito - mockito-junit-jupiter - ${mockito.version} - test - org.apache.commons commons-jcs3-core @@ -978,6 +958,11 @@ Copyright (c) 2012 - Jeremy Long httpclient5 ${httpcomponents.client.version} + + org.apache.httpcomponents.client5 + httpclient5-cache + ${httpcomponents.client.version} + org.apache.httpcomponents.core5 httpcore5 @@ -993,16 +978,37 @@ Copyright (c) 2012 - Jeremy Long commons-validator 1.10.1 + commons-beanutils commons-beanutils + + commons-collections + commons-collections + + + commons-digester + commons-digester + + + + commons-logging + commons-logging + org.apache.commons commons-dbcp2 2.14.0 + + + + commons-logging + commons-logging + + com.github.package-url @@ -1025,9 +1031,10 @@ Copyright (c) 2012 - Jeremy Long 5.8.0 - org.jetbrains - annotations - ${jetbrains.annotations.version} + org.jspecify + jspecify + 1.0.0 + true com.h2database @@ -1060,11 +1067,6 @@ Copyright (c) 2012 - Jeremy Long pom import - - com.fasterxml.jackson.datatype - jackson-datatype-jsr310 - ${jackson.version} - commons-io commons-io @@ -1091,22 +1093,18 @@ Copyright (c) 2012 - Jeremy Long ${logback.version} - org.junit.jupiter - junit-jupiter-api - ${junit.version} - test - - - org.junit.jupiter - junit-jupiter-engine - ${junit.version} - test + org.mockito + mockito-bom + ${mockito.version} + pom + import - org.junit.jupiter - junit-jupiter-params + org.junit + junit-bom ${junit.version} - test + pom + import org.apache.commons @@ -1117,21 +1115,16 @@ Copyright (c) 2012 - Jeremy Long org.apache.ant ant ${apache.ant.version} - - - com.sun - tools - - org.apache.ant ant-testutil ${apache.ant.version} + - com.sun - tools + org.hamcrest + hamcrest-core @@ -1150,11 +1143,6 @@ Copyright (c) 2012 - Jeremy Long lucene-queryparser ${apache.lucene.version} - - org.apache.lucene - lucene-test-framework - ${apache.lucene.version} - commons-codec commons-codec @@ -1164,6 +1152,18 @@ Copyright (c) 2012 - Jeremy Long com.h3xstream.retirejs retirejs-core ${com.h3xstream.retirejs.core.version} + + + + com.vaadin.external.google + android-json + + + + + org.json + json + 20251224 org.apache.maven @@ -1212,6 +1212,7 @@ Copyright (c) 2012 - Jeremy Long org.apache.maven.plugin-testing maven-plugin-testing-harness ${maven-plugin-testing-harness.version} + test org.apache.maven.plugin-tools @@ -1266,6 +1267,11 @@ Copyright (c) 2012 - Jeremy Long jul-to-slf4j ${slf4j.version} + + org.slf4j + jcl-over-slf4j + ${slf4j.version} + org.apache.maven.shared maven-artifact-transfer @@ -1281,16 +1287,12 @@ Copyright (c) 2012 - Jeremy Long doxia-sink-api ${doxia-base.version} - - com.github.spotbugs - spotbugs-annotations - ${findbugs.spotbugs.version} - org.sonatype.ossindex ossindex-service-client 1.8.2 + org.apache.httpcomponents httpclient @@ -1299,20 +1301,27 @@ Copyright (c) 2012 - Jeremy Long org.apache.httpcomponents httpcore - - com.google.guava - guava - - - org.slf4j - jcl-over-slf4j - com.google.guava guava 33.5.0-jre + + + + com.google.guava + listenablefuture + + + com.google.errorprone + error_prone_annotations + + + com.google.j2objc + j2objc-annotations + + com.hankcs @@ -1326,11 +1335,7 @@ Copyright (c) 2012 - Jeremy Long org.bouncycastle - bcprov-jdk15on - - - org.bouncycastle - bcpg-jdk15on + * @@ -1345,12 +1350,22 @@ Copyright (c) 2012 - Jeremy Long org.junit.jupiter - junit-jupiter-engine + junit-jupiter-params test org.junit.jupiter - junit-jupiter-params + junit-jupiter-engine + test + + + org.mockito + mockito-core + test + + + org.mockito + mockito-junit-jupiter test @@ -1361,20 +1376,51 @@ Copyright (c) 2012 - Jeremy Long - org.jetbrains - annotations + org.jspecify + jspecify compile true com.github.spotbugs spotbugs-annotations + 4.9.8 compile true + + test-with-specific-toolchain + + + toolchain.jdk.test.version + + + + + + org.apache.maven.plugins + maven-surefire-plugin + + + ${toolchain.jdk.test.version} + + + + + org.apache.maven.plugins + maven-failsafe-plugin + + + ${toolchain.jdk.test.version} + + + + + + release diff --git a/utils/pom.xml b/utils/pom.xml index e508c33fc0a..a45e43efad7 100644 --- a/utils/pom.xml +++ b/utils/pom.xml @@ -60,17 +60,18 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved. com.fasterxml.jackson.core jackson-databind - ${jackson.version} com.fasterxml.jackson.core jackson-core - ${jackson.version} org.slf4j slf4j-api - compile + + + com.google.guava + guava ch.qos.logback @@ -82,27 +83,6 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved. logback-classic test - - org.mock-server - mockserver-core - test - - - org.mock-server - mockserver-client-java - test - - - io.netty - netty-codec-http - 4.2.10.Final - test - - - org.mock-server - mockserver-junit-jupiter - test - @@ -120,36 +100,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved. - - - - utils - - - testMavenPlugin - - - - - - org.apache.maven.plugins - maven-surefire-plugin - - true - - - - org.apache.maven.plugins - maven-failsafe-plugin - - true - - - - - - diff --git a/utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java b/utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java index df2ec1f746d..8fd86e73f50 100644 --- a/utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java +++ b/utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java @@ -45,7 +45,7 @@ import org.apache.hc.core5.http.io.entity.StringEntity; import org.apache.hc.core5.http.message.BasicClassicHttpRequest; import org.apache.hc.core5.http.message.BasicClassicHttpResponse; -import org.jetbrains.annotations.NotNull; +import org.jspecify.annotations.NonNull; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -507,7 +507,7 @@ public void fetchFile(URL url, File outputPath, boolean useProxy, String userKey * @param credentialsProvider The credentialStore to configure the credentials in * @param authCache The AuthCache to cache the pre-empted credentials in */ - private void tryConfigureProxyCredentials(@NotNull CredentialsStore credentialsProvider, @NotNull AuthCache authCache) { + private void tryConfigureProxyCredentials(@NonNull CredentialsStore credentialsProvider, @NonNull AuthCache authCache) { if (proxyPreEmptAuth != null) { credentialsProvider.setCredentials(proxyAuthScope, proxyCreds); authCache.put(proxyHttpHost, proxyPreEmptAuth); @@ -648,7 +648,7 @@ public CloseableHttpClient getHttpClient(boolean useProxy) { * @throws TooManyRequestsException When HTTP status 429 is encountered * @throws ResourceNotFoundException When HTTP status 404 is encountered */ - public T fetchAndHandle(@NotNull URL url, @NotNull HttpClientResponseHandler handler) + public T fetchAndHandle(@NonNull URL url, @NonNull HttpClientResponseHandler handler) throws IOException, TooManyRequestsException, ResourceNotFoundException, URISyntaxException, ForbiddenException { return fetchAndHandle(url, handler, Collections.emptyList(), true); } @@ -665,7 +665,7 @@ public T fetchAndHandle(@NotNull URL url, @NotNull HttpClientResponseHandler * @throws TooManyRequestsException When HTTP status 429 is encountered * @throws ResourceNotFoundException When HTTP status 404 is encountered */ - public T fetchAndHandle(@NotNull URL url, @NotNull HttpClientResponseHandler handler, @NotNull List

hdr) + public T fetchAndHandle(@NonNull URL url, @NonNull HttpClientResponseHandler handler, @NonNull List
hdr) throws IOException, TooManyRequestsException, ResourceNotFoundException, URISyntaxException, ForbiddenException { return fetchAndHandle(url, handler, hdr, true); } @@ -683,7 +683,7 @@ public T fetchAndHandle(@NotNull URL url, @NotNull HttpClientResponseHandler * @throws TooManyRequestsException When HTTP status 429 is encountered * @throws ResourceNotFoundException When HTTP status 404 is encountered */ - public T fetchAndHandle(@NotNull URL url, @NotNull HttpClientResponseHandler handler, @NotNull List
hdr, boolean useProxy) + public T fetchAndHandle(@NonNull URL url, @NonNull HttpClientResponseHandler handler, @NonNull List
hdr, boolean useProxy) throws IOException, TooManyRequestsException, ResourceNotFoundException, URISyntaxException, ForbiddenException { final T data; if ("file".equals(url.getProtocol())) { @@ -716,8 +716,8 @@ public T fetchAndHandle(@NotNull URL url, @NotNull HttpClientResponseHandler * @throws TooManyRequestsException When HTTP status 429 is encountered * @throws ResourceNotFoundException When HTTP status 404 is encountered */ - public T fetchAndHandle(@NotNull CloseableHttpClient client, @NotNull URL url, @NotNull HttpClientResponseHandler handler, - @NotNull List
hdr) throws IOException, TooManyRequestsException, + public T fetchAndHandle(@NonNull CloseableHttpClient client, @NonNull URL url, @NonNull HttpClientResponseHandler handler, + @NonNull List
hdr) throws IOException, TooManyRequestsException, ResourceNotFoundException, ForbiddenException { try { final String theProtocol = url.getProtocol(); diff --git a/utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java b/utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java index 2e6eb6e5806..88428dee453 100644 --- a/utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java +++ b/utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java @@ -33,8 +33,8 @@ import org.apache.commons.io.FilenameUtils; import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.SystemUtils; -import org.jetbrains.annotations.NotNull; -import org.jetbrains.annotations.Nullable; +import org.jspecify.annotations.NonNull; +import org.jspecify.annotations.Nullable; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -72,8 +72,7 @@ private FileUtils() { * @return the file extension. */ @Nullable - public static String getFileExtension(@NotNull String fileName) { - @Nullable + public static String getFileExtension(@NonNull String fileName) { final String fileExt = FilenameUtils.getExtension(fileName); return StringUtils.isNoneEmpty(fileExt) ? StringUtils.lowerCase(fileExt) : null; } @@ -113,7 +112,7 @@ public static boolean delete(@Nullable File file) { * @throws java.io.IOException thrown when a directory cannot be created * within the base directory */ - @NotNull + @NonNull public static File createTempDirectory(@Nullable final File base) throws IOException { final File tempDir = new File(base, "dctemp" + UUID.randomUUID()); if (tempDir.exists()) { @@ -132,7 +131,7 @@ public static File createTempDirectory(@Nullable final File base) throws IOExcep * * @return a String containing the bit bucket */ - @NotNull + @NonNull public static String getBitBucket() { return SystemUtils.IS_OS_WINDOWS ? BIT_BUCKET_WIN : BIT_BUCKET_UNIX; } @@ -160,7 +159,7 @@ public static void close(@Nullable final Closeable closeable) { * @return the input stream for the given resource * @throws FileNotFoundException if the file could not be found */ - public static InputStream getResourceAsStream(@NotNull String resource) throws FileNotFoundException { + public static InputStream getResourceAsStream(@NonNull String resource) throws FileNotFoundException { final ClassLoader classLoader = FileUtils.class.getClassLoader(); final InputStream inputStream = classLoader != null ? classLoader.getResourceAsStream(resource) diff --git a/utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java index b23319b34fd..594ab6cfc2e 100644 --- a/utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -18,15 +18,14 @@ package org.owasp.dependencycheck.utils; import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; +import org.jspecify.annotations.NonNull; +import org.jspecify.annotations.Nullable; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; -import org.jetbrains.annotations.NotNull; -import org.jetbrains.annotations.Nullable; - import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; @@ -958,7 +957,7 @@ public Settings(final Properties properties) { * * @param propertiesFilePath the path to the base properties file to load */ - public Settings(@NotNull final String propertiesFilePath) { + public Settings(@NonNull final String propertiesFilePath) { initialize(propertiesFilePath); } @@ -967,7 +966,7 @@ public Settings(@NotNull final String propertiesFilePath) { * * @param propertiesFilePath the path to the settings property file */ - private void initialize(@NotNull final String propertiesFilePath) { + private void initialize(@NonNull final String propertiesFilePath) { props = new Properties(); try (InputStream in = FileUtils.getResourceAsStream(propertiesFilePath)) { props.load(in); @@ -1009,7 +1008,7 @@ public synchronized void cleanup(boolean deleteTemporary) { * @return true if the key is for a sensitive property value; * otherwise false */ - private boolean isKeyMasked(@NotNull String key) { + private boolean isKeyMasked(@NonNull String key) { if (maskedKeys == null || maskedKeys.isEmpty()) { initMaskedKeys(); } @@ -1024,7 +1023,7 @@ private boolean isKeyMasked(@NotNull String key) { * @param value the property value * @return the printable value */ - String getPrintableValue(@NotNull String key, String value) { + String getPrintableValue(@NonNull String key, String value) { String printableValue = null; if (value != null) { printableValue = isKeyMasked(key) ? "********" : value; @@ -1056,7 +1055,7 @@ void initMaskedKeys() { * @param header the header to print with the log message * @param properties the properties to log */ - private void logProperties(@NotNull final String header, @NotNull final Properties properties) { + private void logProperties(@NonNull final String header, @NonNull final Properties properties) { if (LOGGER.isDebugEnabled()) { initMaskedKeys(); final StringWriter sw = new StringWriter(); @@ -1082,7 +1081,7 @@ private void logProperties(@NotNull final String header, @NotNull final Properti * @param key the key for the property * @param value the value for the property */ - public void setString(@NotNull final String key, @NotNull final String value) { + public void setString(@NonNull final String key, @NonNull final String value) { props.setProperty(key, value); LOGGER.debug("Setting: {}='{}'", key, getPrintableValue(key, value)); } @@ -1093,7 +1092,7 @@ public void setString(@NotNull final String key, @NotNull final String value) { * @param key the key for the property * @param value the value for the property */ - public void setStringIfNotNull(@NotNull final String key, @Nullable final String value) { + public void setStringIfNotNull(@NonNull final String key, @Nullable final String value) { if (null != value) { setString(key, value); } @@ -1105,7 +1104,7 @@ public void setStringIfNotNull(@NotNull final String key, @Nullable final String * @param key the key for the property * @param value the value for the property */ - public void setStringIfNotEmpty(@NotNull final String key, @Nullable final String value) { + public void setStringIfNotEmpty(@NonNull final String key, @Nullable final String value) { if (null != value && !value.isEmpty()) { setString(key, value); } @@ -1117,7 +1116,7 @@ public void setStringIfNotEmpty(@NotNull final String key, @Nullable final Strin * @param key the key for the property * @param value the value for the property */ - public void setArrayIfNotEmpty(@NotNull final String key, @Nullable final String[] value) { + public void setArrayIfNotEmpty(@NonNull final String key, @Nullable final String[] value) { if (null != value && value.length > 0) { try { setString(key, objectMapper.writeValueAsString(value)); @@ -1133,7 +1132,7 @@ public void setArrayIfNotEmpty(@NotNull final String key, @Nullable final String * @param key the key for the property * @param value the value for the property */ - public void setArrayIfNotEmpty(@NotNull final String key, @Nullable final List value) { + public void setArrayIfNotEmpty(@NonNull final String key, @Nullable final List value) { if (null != value && !value.isEmpty()) { try { setString(key, objectMapper.writeValueAsString(value)); @@ -1149,7 +1148,7 @@ public void setArrayIfNotEmpty(@NotNull final String key, @Nullable final List