More improvements/upgrades to pom.xml. Start at elimination of

PMD findings. Many more still to go.

Author: davewichers

pom.xml

@@ -306,8 +306,11 @@
             <artifactId>powermock-api-mockito2</artifactId>
             <version>2.0.0</version>
             <scope>test</scope>
+            <!-- The following exclusions and import of mockito-core 2.27.0 (or 2.23.0) result in 100% convergence in the test dependencies,
+                 but introduce a test dependency that requires Java 8. As such, we are commenting this out for now. -->
+            <!-- TODO: There are still 7 errors when running the test cases with Java 7, caused by something else that requires Java 8. Figure out what. -->
         	<!-- These exclusions required to avoid convergence issues with import of mockito-core -->
-        	<exclusions>
+        	<!-- exclusions>
                 <exclusion>
                     <groupId>org.mockito</groupId>
                     <artifactId>mockito-core</artifactId>
@@ -322,8 +325,8 @@
                 </exclusion>
             </exclusions>
         </dependency>
-        <!-- The following imported solely so we can exclude its dependency on: org.objenesis:objenesis, which conflicts with 
-             another import by a dependency of powermock-api-mockito2. -->
+        <- The following imported solely so we can exclude its dependency on: org.objenesis:objenesis, which conflicts with 
+             another import by a dependency of powermock-api-mockito2. ->
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
@@ -334,7 +337,7 @@
                     <groupId>org.objenesis</groupId>
                     <artifactId>objenesis</artifactId>
                 </exclusion>
-            </exclusions>
+            </exclusions -->
         </dependency>
         <dependency>
             <groupId>org.powermock</groupId>
@@ -352,6 +355,11 @@
                     <artifactId>maven-dependency-plugin</artifactId>
                     <version>3.1.1</version>
                 </plugin>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-release-plugin</artifactId>
+                    <version>2.5.3</version>
+                </plugin>
             </plugins>
         </pluginManagement>
 
@@ -385,6 +393,24 @@
                 </configuration>
             </plugin>
 
+            <plugin>
+                <groupId>net.sourceforge.maven-taglib</groupId>
+                <artifactId>maven-taglib-plugin</artifactId>
+                <version>2.4</version>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <version>2.6</version>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-changelog-plugin</artifactId>
+                <version>2.3</version>
+            </plugin>
+
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-clean-plugin</artifactId>
@@ -495,7 +521,19 @@
                  </execution>
                </executions>
             </plugin>
-            
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-pmd-plugin</artifactId>
+                <version>3.11.0</version>            
+            </plugin>
+
+            <plugin>
+               <groupId>org.apache.maven.plugins</groupId>
+               <artifactId>maven-project-info-reports-plugin</artifactId>
+               <version>3.0.0</version>
+            </plugin>
+
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-resources-plugin</artifactId>
@@ -545,6 +583,18 @@
                 </configuration>
             </plugin>
 
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>jdepend-maven-plugin</artifactId>
+                <version>2.0</version>
+            </plugin>
+
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>versions-maven-plugin</artifactId>
+                <version>2.7</version>
+            </plugin>
+
             <plugin>
                 <groupId>org.eluder.coveralls</groupId>
                 <artifactId>coveralls-maven-plugin</artifactId>
@@ -579,12 +629,10 @@
             <plugin>
                 <groupId>net.sourceforge.maven-taglib</groupId>
                 <artifactId>maven-taglib-plugin</artifactId>
-                <version>2.4</version>
             </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-changelog-plugin</artifactId>
-                <version>2.3</version>
                 <configuration>
                     <issueIDRegexPattern>[Ii]ssue[# ]*(\d)+</issueIDRegexPattern>
                     <issueLinkUrl>https://github.com/ESAPI/esapi-java-legacy/issues/%ISSUE%</issueLinkUrl>
@@ -607,12 +655,26 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-pmd-plugin</artifactId>
-                <version>3.6</version>
                 <configuration>
                     <targetJdk>1.7</targetJdk>
                     <sourceEncoding>utf-8</sourceEncoding>
+                    <!-- excludeFromFailureFile>exclude-pmd.properties</excludeFromFailureFile -->
                 </configuration>
             </plugin>
+            <plugin>
+               <groupId>org.apache.maven.plugins</groupId>
+               <artifactId>maven-project-info-reports-plugin</artifactId>
+               <reportSets>
+                 <reportSet>
+                   <reports>
+                     <report>dependency-convergence</report>
+                   </reports>
+                 </reportSet>
+               </reportSets>
+               <configuration>
+                 <dependencyLocationsEnabled>false</dependencyLocationsEnabled>
+               </configuration>
+            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-site-plugin</artifactId>
@@ -638,13 +700,11 @@
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>jdepend-maven-plugin</artifactId>
-                <version>2.0</version>
             </plugin>
             <!-- Check for updates to dependencies and report on them. -->
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
-                <version>2.7</version>
                 <reportSets>
                     <reportSet>
                         <reports>
@@ -655,22 +715,7 @@
                     </reportSet>
                 </reportSets>
             </plugin>
-            
-            <plugin>
-               <groupId>org.apache.maven.plugins</groupId>
-               <artifactId>maven-project-info-reports-plugin</artifactId>
-               <version>3.0.0</version>
-               <reportSets>
-                 <reportSet>
-                   <reports>
-                     <report>dependency-convergence</report>
-                   </reports>
-                 </reportSet>
-               </reportSets>
-               <configuration>
-                 <dependencyLocationsEnabled>false</dependencyLocationsEnabled>
-               </configuration>
-            </plugin>
+
         </plugins>
     </reporting>
 
@@ -761,6 +806,7 @@
 
                     <!-- Attached JavaDocs are required by Sonatype Nexus Repository -->
                     <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-javadoc-plugin</artifactId>
                         <configuration>
                           <doclint>none</doclint>
@@ -779,7 +825,6 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-assembly-plugin</artifactId>
-                        <version>2.6</version>
                         <configuration>
                             <descriptors>
                                 <descriptor>src/main/assembly/dist.xml</descriptor>

src/main/java/org/owasp/esapi/AccessControlRule.java

@@ -2,7 +2,7 @@
 
 
 public interface AccessControlRule<P, R> {
-	public void setPolicyParameters(P policyParameter);
-	public P getPolicyParameters();
-	public boolean isAuthorized(R runtimeParameter) throws Exception;
+	void setPolicyParameters(P policyParameter);
+	P getPolicyParameters();
+	boolean isAuthorized(R runtimeParameter) throws Exception;
 }

src/main/java/org/owasp/esapi/AccessController.java

@@ -5,7 +5,7 @@
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
- * Copyright (c) 2007 - The OWASP Foundation
+ * Copyright (c) 2007-2019 - The OWASP Foundation
  * 
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
@@ -17,8 +17,6 @@
 
 import org.owasp.esapi.errors.AccessControlException;
 
-
-
 /**
  * The AccessController interface defines a set of methods that can be used in a wide variety of applications to
  * enforce access control. In most applications, access control must be performed in multiple different locations across
@@ -95,7 +93,7 @@ public interface AccessController {
 	 *        by <code>key</code> exists and returned <code>true</code>. 
 	 *        Otherwise returns <code>false</code> 
 	 */
-	public boolean isAuthorized(Object key, Object runtimeParameter);
+	boolean isAuthorized(Object key, Object runtimeParameter);
 
 	/**
 	 * <code>assertAuthorized</code> executes the <code>AccessControlRule</code> 
@@ -121,7 +119,7 @@ public interface AccessController {
 	 * @param runtimeParameter runtimeParameter can contain anything that 
 	 *        the AccessControlRule needs from the runtime system.
 	 */
-	public void assertAuthorized(Object key, Object runtimeParameter)
+	void assertAuthorized(Object key, Object runtimeParameter)
 		throws AccessControlException;
 
 

src/main/java/org/owasp/esapi/Encoder.java

@@ -5,7 +5,7 @@
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
- * Copyright (c) 2007 - The OWASP Foundation
+ * Copyright (c) 2007-2019 - The OWASP Foundation
  * 
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
@@ -456,6 +456,6 @@ public interface Encoder {
 	 * 
 	 * @return The canonicalized URI
 	 */
-	public String getCanonicalizedURI(URI dirtyUri);
+	String getCanonicalizedURI(URI dirtyUri);
 
 }

src/main/java/org/owasp/esapi/EncryptedProperties.java

@@ -5,7 +5,7 @@
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
- * Copyright (c) 2007 - The OWASP Foundation
+ * Copyright (c) 2007-2019 - The OWASP Foundation
  * 
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
@@ -81,7 +81,7 @@ public interface EncryptedProperties {
 	 * @return 
 	 * 		a set view of the properties contained in this map.
 	 */
-	public Set<?> keySet();
+	Set<?> keySet();
 
 	/**
 	 * Reads a property list (key and element pairs) from the input stream.
@@ -92,7 +92,7 @@ public interface EncryptedProperties {
 	 * @throws IOException
 	 *      Signals that an I/O exception has occurred.
 	 */
-	public void load(InputStream in) throws IOException;
+	void load(InputStream in) throws IOException;
 
 	/**
 	 * Writes this property list (key and element pairs) in this Properties table to 
@@ -106,7 +106,7 @@ public interface EncryptedProperties {
 	 * @throws IOException
 	 *             Signals that an I/O exception has occurred.
 	 */
-	public void store(OutputStream out, String comments) throws IOException;	
+	void store(OutputStream out, String comments) throws IOException;	
 
 
 }

src/main/java/org/owasp/esapi/Encryptor.java

@@ -5,7 +5,7 @@
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
- * Copyright &copy; 2007,2009 - The OWASP Foundation
+ * Copyright &copy; 2007-2019 - The OWASP Foundation
  * 
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
@@ -245,7 +245,6 @@ CipherText encrypt(SecretKey key, PlainText plaintext)
 	 * 
 	 * @return 
 	 * 		true, if the signature is verified, false otherwise
-	 * 
 	 */
 	boolean verifySignature(String signature, String data);
 
@@ -259,8 +258,8 @@ CipherText encrypt(SecretKey key, PlainText plaintext)
 	 * 
 	 * @return 
      * 		the seal
-     * @throws IntegrityException
 	 * 
+     * @throws IntegrityException
 	 */
 	String seal(String data, long timestamp) throws IntegrityException;
 
@@ -303,8 +302,7 @@ CipherText encrypt(SecretKey key, PlainText plaintext)
 	 * @return 
 	 * 		the absolute timestamp
 	 */
-	public long getRelativeTimeStamp( long offset );
-	
+	long getRelativeTimeStamp( long offset );
 
 	/**
 	 * Gets a timestamp representing the current date and time to be used by

src/main/java/org/owasp/esapi/HTTPUtilities.java

@@ -5,7 +5,7 @@
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
- * Copyright (c) 2007 - The OWASP Foundation
+ * Copyright (c) 2007-2019 - The OWASP Foundation
  *
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
@@ -27,7 +27,6 @@
 import java.util.List;
 import java.util.Map;
 
-
 /**
  * The HTTPUtilities interface is a collection of methods that provide additional security related to HTTP requests,
  * responses, sessions, cookies, headers, and logging.
@@ -37,17 +36,16 @@
  */
 public interface HTTPUtilities
 {
-
-    final static String REMEMBER_TOKEN_COOKIE_NAME = "rtoken";
-    final static int MAX_COOKIE_LEN = 4096;            // From RFC 2109
-	final static int MAX_COOKIE_PAIRS = 20;			// From RFC 2109
-	final static String CSRF_TOKEN_NAME = "ctoken";
-	final static String ESAPI_STATE = "estate";
-
-	final static int PARAMETER = 0;
-	final static int HEADER = 1;
-	final static int COOKIE = 2;
-
+	// All implied static final as this is an interface
+    String REMEMBER_TOKEN_COOKIE_NAME = "rtoken";
+    int MAX_COOKIE_LEN = 4096;            // From RFC 2109
+	int MAX_COOKIE_PAIRS = 20;			// From RFC 2109
+	String CSRF_TOKEN_NAME = "ctoken";
+	String ESAPI_STATE = "estate";
+
+	int PARAMETER = 0;
+	int HEADER = 1;
+	int COOKIE = 2;
 
 	/**
      * Calls addCookie with the *current* request.