Permalink
Browse files

Findbugs

  • Loading branch information...
stevespringett committed Apr 27, 2018
1 parent ceae0d1 commit 15a5270734280558f9356bd8681303b37f44f020
@@ -17,7 +17,7 @@
<artifactId>fortify-cloudscan-jenkins-plugin</artifactId>

<name>Fortify CloudScan Plugin</name>
<version>1.5.1-SNAPSHOT</version>
<version>1.5.1</version>
<packaging>hpi</packaging>
<inceptionYear>2015</inceptionYear>

@@ -133,7 +133,7 @@
<connection>scm:git:git@github.com:jenkinsci/fortify-cloudscan-plugin.git</connection>
<url>https://github.com/jenkinsci/fortify-cloudscan-plugin.git</url>
<developerConnection>scm:git:git@github.com:jenkinsci/fortify-cloudscan-plugin.git</developerConnection>
<tag>HEAD</tag>
<tag>fortify-cloudscan-jenkins-plugin-1.5.1</tag>
</scm>

<issueManagement>
@@ -597,7 +597,7 @@ public ListBoxModel doFillProjectVersionItems(@QueryParameter String project) {
}
try {
FortifySsc ssc = new FortifySsc(new URL(this.sscUrl + "/fm-ws/services"), this.globalSscToken);
List<ProjectVersionLite> projectVersions = ssc.getActiveProjectVersions(Long.valueOf(project));
List<ProjectVersionLite> projectVersions = ssc.getActiveProjectVersions(Long.parseLong(project));
m.add("---- " + Messages.select() + " ---- ", "");
for (ProjectVersionLite projectVersion : projectVersions) {
m.add(projectVersion.getName(), String.valueOf(projectVersion.getId()));
@@ -52,14 +52,14 @@ public FortifyCloudScanExecutor(TaskListener listener, Options options) {
*/
public String prepare() {
// Generate a list of Strings representing the entire command to execute
ArrayList<String> mergedCommand = new ArrayList<String>();
final ArrayList<String> mergedCommand = new ArrayList<String>();
mergedCommand.add(options.getCommand());
mergedCommand.addAll(options.getArgs());
mergedCommand.addAll(processRules(options.getRules(), options.getWorkspace()));
mergedCommand.addAll(options.getScanOpts());

// Convert/cast to a String[] so that it can be logged and executed
String[] command = mergedCommand.toArray(new String[mergedCommand.size()]);
final String[] command = mergedCommand.toArray(new String[mergedCommand.size()]);
return CommandUtil.generateShellCommand(command);
}

@@ -69,12 +69,12 @@ public String prepare() {
* @return the command arguments containing resolved rulepack locations
*/
private List<String> processRules(List<String> rules, String workspace) {
List<String> command = new ArrayList<String>();
RulepackResolver resolver = new RulepackResolver(logger);
final List<String> command = new ArrayList<String>();
final RulepackResolver resolver = new RulepackResolver(logger);
//todo: need to make this configurable for workspace or any other user-defined directory
//resolver.setTempDir(workspace);
for (String rule : rules) {
File file = resolver.resolve(rule);
final File file = resolver.resolve(rule);
if (file != null) {
CommandUtil.append(command, file.getAbsolutePath(), "-rules");
}
@@ -50,12 +50,12 @@ public FortifySsc(URL url, String token) {
public List<Project> getProjects() throws SOAPException, IOException, XmlException, NoSuchFieldException,
IllegalAccessException, FortifySscClientException {

ProjectListRequestDocument requestDocument = ProjectListRequestDocument.Factory.newInstance();
final ProjectListRequestDocument requestDocument = ProjectListRequestDocument.Factory.newInstance();
requestDocument.addNewProjectListRequest();
SOAPMessage soapRequest = client.createSoapMessage(requestDocument);
SOAPMessage soapResponse = client.callEndpoint(soapRequest);
ProjectListResponseDocument responseDocument = client.parseMessage(soapResponse, ProjectListResponseDocument.class);
ProjectListResponseDocument.ProjectListResponse projectList = responseDocument.getProjectListResponse();
final SOAPMessage soapRequest = client.createSoapMessage(requestDocument);
final SOAPMessage soapResponse = client.callEndpoint(soapRequest);
final ProjectListResponseDocument responseDocument = client.parseMessage(soapResponse, ProjectListResponseDocument.class);
final ProjectListResponseDocument.ProjectListResponse projectList = responseDocument.getProjectListResponse();
return Arrays.asList(projectList.getProjectArray());
}

@@ -70,14 +70,14 @@ public FortifySsc(URL url, String token) {
iterates through them and matches the specified project id. There should be a SOAP call that makes
SSC do the hard work for us.
*/
List<ProjectVersionLite> projectVersions = new ArrayList<ProjectVersionLite>();
ActiveProjectVersionListRequestDocument requestDocument = ActiveProjectVersionListRequestDocument.Factory.newInstance();
final List<ProjectVersionLite> projectVersions = new ArrayList<ProjectVersionLite>();
final ActiveProjectVersionListRequestDocument requestDocument = ActiveProjectVersionListRequestDocument.Factory.newInstance();
requestDocument.addNewActiveProjectVersionListRequest();
SOAPMessage soapRequest = client.createSoapMessage(requestDocument);
SOAPMessage soapResponse = client.callEndpoint(soapRequest);
ActiveProjectVersionListResponseDocument responseDocument = client.parseMessage(soapResponse, ActiveProjectVersionListResponseDocument.class);
ActiveProjectVersionListResponseDocument.ActiveProjectVersionListResponse activeProjectVersions = responseDocument.getActiveProjectVersionListResponse();
List<ProjectVersionLite> plist = Arrays.asList(activeProjectVersions.getProjectVersionArray());
final SOAPMessage soapRequest = client.createSoapMessage(requestDocument);
final SOAPMessage soapResponse = client.callEndpoint(soapRequest);
final ActiveProjectVersionListResponseDocument responseDocument = client.parseMessage(soapResponse, ActiveProjectVersionListResponseDocument.class);
final ActiveProjectVersionListResponseDocument.ActiveProjectVersionListResponse activeProjectVersions = responseDocument.getActiveProjectVersionListResponse();
final List<ProjectVersionLite> plist = Arrays.asList(activeProjectVersions.getProjectVersionArray());
for (ProjectVersionLite projectVersion: plist) {
if (projectVersion.getProjectId() == projectId) {
projectVersions.add(projectVersion);
@@ -83,14 +83,14 @@ public FortifySscClient(URL endpointUrl, String sscToken) {
* @throws SOAPException
*/
public SOAPMessage createSoapMessage(XmlObject xmlObject) throws SOAPException {
MessageFactory msgFactory = MessageFactory.newInstance();
final MessageFactory msgFactory = MessageFactory.newInstance();

SOAPMessage soapMessage = msgFactory.createMessage();
SOAPPart prt = soapMessage.getSOAPPart();
SOAPEnvelope env = prt.getEnvelope();
final SOAPMessage soapMessage = msgFactory.createMessage();
final SOAPPart prt = soapMessage.getSOAPPart();
final SOAPEnvelope env = prt.getEnvelope();
addWssHeader(env);
SOAPBody soapBody = env.getBody();
org.w3c.dom.Node node = xmlObject.getDomNode();
final SOAPBody soapBody = env.getBody();
final org.w3c.dom.Node node = xmlObject.getDomNode();
soapBody.addDocument((Document) node);
return soapMessage;
}
@@ -102,7 +102,7 @@ public SOAPMessage createSoapMessage(XmlObject xmlObject) throws SOAPException {
* @throws SOAPException
*/
private void addWssHeader(SOAPEnvelope envelope) throws SOAPException {
SOAPHeader header;
final SOAPHeader header;
if (envelope.getHeader() == null)
header = envelope.addHeader();
else
@@ -113,18 +113,18 @@ private void addWssHeader(SOAPEnvelope envelope) throws SOAPException {
header.addAttribute(new QName("axis2ns2:token"), sscToken);
}

SOAPElement security = header.addChildElement("Security", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
final SOAPElement security = header.addChildElement("Security", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");

SOAPElement usernameToken = security.addChildElement("UsernameToken", "wsse");
final SOAPElement usernameToken = security.addChildElement("UsernameToken", "wsse");
usernameToken.addAttribute(new QName("xmlns:wsu"), "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");

if (sscUsername != null) {
SOAPElement username = usernameToken.addChildElement("Username", "wsse");
final SOAPElement username = usernameToken.addChildElement("Username", "wsse");
username.addTextNode(sscUsername);
}

if (sscPassword != null) {
SOAPElement password = usernameToken.addChildElement("Password", "wsse");
final SOAPElement password = usernameToken.addChildElement("Password", "wsse");
password.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
password.addTextNode(sscPassword);
}
@@ -138,10 +138,9 @@ private void addWssHeader(SOAPEnvelope envelope) throws SOAPException {
* @throws IOException
*/
public SOAPMessage callEndpoint(SOAPMessage soapMessage) throws SOAPException, IOException {
SOAPConnectionFactory fact;
fact = SOAPConnectionFactory.newInstance();
SOAPConnection con = fact.createConnection();
SOAPMessage response = con.call(soapMessage, endpointUrl);
final SOAPConnectionFactory fact = SOAPConnectionFactory.newInstance();
final SOAPConnection con = fact.createConnection();
final SOAPMessage response = con.call(soapMessage, endpointUrl);
con.close();
return response;
}
@@ -156,14 +155,14 @@ public SOAPMessage callEndpoint(SOAPMessage soapMessage) throws SOAPException, I
public <T> T parseMessage(SOAPMessage soapMessage, Class<T> clazz)
throws SOAPException, XmlException, NoSuchFieldException, IllegalAccessException, FortifySscClientException {

XmlObject b = XmlObject.Factory.parse(soapMessage.getSOAPBody().getFirstChild());
Field typeField = clazz.getDeclaredField("type");
org.apache.xmlbeans.SchemaType schemaType = (org.apache.xmlbeans.SchemaType)typeField.get(null);
SOAPFault fault = soapMessage.getSOAPBody().getFault();
final XmlObject b = XmlObject.Factory.parse(soapMessage.getSOAPBody().getFirstChild());
final Field typeField = clazz.getDeclaredField("type");
final org.apache.xmlbeans.SchemaType schemaType = (org.apache.xmlbeans.SchemaType)typeField.get(null);
final SOAPFault fault = soapMessage.getSOAPBody().getFault();
if (fault != null) {
throw new FortifySscClientException(fault.getFaultString());
}
XmlObject c = org.apache.xmlbeans.XmlBeans.getContextTypeLoader().parse(b.getDomNode(), schemaType, null);
final XmlObject c = org.apache.xmlbeans.XmlBeans.getContextTypeLoader().parse(b.getDomNode(), schemaType, null);
return clazz.cast(c);
}

@@ -53,13 +53,13 @@ public RulepackResolver(ConsoleLogger logger) {
*/
public File resolve(String location) {
try {
URL url = new URL(location);
File download = download(url);
final URL url = new URL(location);
final File download = download(url);
if (download != null) {
return extractArchive(download);
}
} catch (MalformedURLException e) {
File file = new File(location);
final File file = new File(location);
if (file.exists()) {
return file;
}
@@ -75,24 +75,24 @@ public File resolve(String location) {
* @return a File object where the downloaded file is saved
*/
private File download(URL url) {
String urlString = url.toExternalForm();
File temp = new File(tempDir + File.separator +
final String urlString = url.toExternalForm();
final File temp = new File(tempDir + File.separator +
FortifyCloudScanPlugin.PLUGIN_NAME + File.separator + UUID.randomUUID());

CloseableHttpClient httpclient = HttpClients.createDefault();
HttpGet httpGet = new HttpGet(urlString);
final CloseableHttpClient httpclient = HttpClients.createDefault();
final HttpGet httpGet = new HttpGet(urlString);

CloseableHttpResponse response;
File downloadedFile;
final CloseableHttpResponse response;
final File downloadedFile;
try {
logger.log("Downloading rulepack from " + urlString);
response = httpclient.execute(httpGet);
if (response.getStatusLine().getStatusCode() == 200) {
if (temp.mkdirs()) {
logger.log("Created temporary rulepack download directory");
}
String suggestedFilename = getSuggestedFilename(response);
String filename = (suggestedFilename != null) ? suggestedFilename : FilenameUtils.getName(urlString);
final String suggestedFilename = getSuggestedFilename(response);
final String filename = (suggestedFilename != null) ? suggestedFilename : FilenameUtils.getName(urlString);
downloadedFile = new File(temp + File.separator + filename);
} else {
logger.log("ERROR: Remote file cannot be downloaded");
@@ -104,10 +104,9 @@ private File download(URL url) {
logger.log(e.getMessage());
return null;
}
HttpEntity entity = response.getEntity();
try {
final HttpEntity entity = response.getEntity();
try(FileOutputStream outstream = new FileOutputStream(downloadedFile)) {
if (entity != null) {
FileOutputStream outstream = new FileOutputStream(downloadedFile);
entity.writeTo(outstream);
logger.log("Rulepack saved to " + downloadedFile.getAbsolutePath());
}
@@ -127,15 +126,15 @@ private File download(URL url) {
* @return the suggested filename parses from the HTTP header. Returns null if parsing is not successful or header is not present.
*/
private String getSuggestedFilename(HttpResponse response) {
Header header = response.getFirstHeader("Content-Disposition");
final Header header = response.getFirstHeader("Content-Disposition");
if (header == null) {
return null;
}
HeaderElement[] headerElements = header.getElements();
final HeaderElement[] headerElements = header.getElements();
if (headerElements.length > 0) {
HeaderElement headerElement = headerElements[0];
final HeaderElement headerElement = headerElements[0];
if ("attachment".equalsIgnoreCase(headerElement.getName())) {
NameValuePair pair = headerElement.getParameterByName("filename");
final NameValuePair pair = headerElement.getParameterByName("filename");
if (pair != null) {
return pair.getValue();
}
@@ -150,7 +149,7 @@ private String getSuggestedFilename(HttpResponse response) {
* @return true if file is a ZIP archive, false if not
*/
private boolean isArchive(File file) {
String filename = FilenameUtils.getName(file.getAbsolutePath());
final String filename = FilenameUtils.getName(file.getAbsolutePath());
return FilenameUtils.isExtension(filename, "zip");
}

@@ -166,7 +165,7 @@ private File extractArchive(File file) {
}
try {
logger.log("Extracting rulepack archive");
File extractedDir = new File(file.getParentFile().getAbsolutePath());
final File extractedDir = new File(file.getParentFile().getAbsolutePath());
ArchiveUtil.unzip(extractedDir, file);
return extractedDir;
} catch (FileNotFoundException e) {
@@ -184,7 +183,7 @@ private File extractArchive(File file) {
}

public void setTempDir(String directory) {
File file = new File(directory);
final File file = new File(directory);
if (!file.exists()) {
file.mkdirs();
}
@@ -15,8 +15,6 @@
*/
package org.jenkinsci.plugins.fortifycloudscan.util;

import org.apache.commons.io.IOUtils;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
@@ -30,17 +28,15 @@
private ArchiveUtil() {}


public static void unzip(File directory, File zipFile) throws FileNotFoundException, IOException {
public static void unzip(File directory, File zipFile) throws IOException {
if(!directory.exists()) {
directory.mkdirs();
}
byte[] buffer = new byte[2048];

FileInputStream fInput = null;
ZipInputStream zipInput = null;
try {
fInput = new FileInputStream(zipFile);
zipInput = new ZipInputStream(fInput);
try (final FileInputStream fInput = new FileInputStream(zipFile);
final ZipInputStream zipInput = new ZipInputStream(fInput)) {

ZipEntry entry = zipInput.getNextEntry();
while (entry != null) {
String entryName = entry.getName();
@@ -54,27 +50,19 @@ public static void unzip(File directory, File zipFile) throws FileNotFoundExcept
if (!file.getParentFile().isDirectory() && !file.getParentFile().exists()) {
file.getParentFile().mkdirs();
}
FileOutputStream fOutput = new FileOutputStream(file);
int count;
while ((count = zipInput.read(buffer)) > 0) {
fOutput.write(buffer, 0, count);
try (FileOutputStream fOutput = new FileOutputStream(file)) {
int count;
while ((count = zipInput.read(buffer)) > 0) {
fOutput.write(buffer, 0, count);
}
}
fOutput.close();
}
zipInput.closeEntry();
entry = zipInput.getNextEntry();
}
zipInput.closeEntry();
zipInput.close();
fInput.close();
} catch (FileNotFoundException e) {
throw new FileNotFoundException(e.getMessage());
} catch (IOException e) {
throw new IOException(e);
} finally {
try { zipInput.closeEntry(); } catch (IOException e) {}
IOUtils.closeQuietly(zipInput);
IOUtils.closeQuietly(fInput);
}
}

@@ -17,7 +17,6 @@

import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.SystemUtils;

import java.util.List;

public class CommandUtil {
@@ -58,15 +57,15 @@ public static void append(List<String> command, Object confItem, String arg, boo
}

public static String toString(String[] stringArray) {
StringBuilder sb = new StringBuilder();
final StringBuilder sb = new StringBuilder();
for (String string : stringArray) {
sb.append(string).append(" ");
}
return sb.toString().trim();
}

public static String generateShellCommand(String[] command) {
String shellCommand;
final String shellCommand;
if (SystemUtils.IS_OS_WINDOWS) {
shellCommand = "cmd /c " + CommandUtil.toString(command);
} else {

0 comments on commit 15a5270

Please sign in to comment.