chore: consolidate on jspecify nullability annotations

Signed-off-by: Chad Wilson <29788154+chadlwilson@users.noreply.github.com>

Author: chadlwilson

core/src/main/java/org/owasp/dependencycheck/Engine.java

@@ -19,8 +19,8 @@
 
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import org.apache.commons.jcs3.JCS;
-import org.jetbrains.annotations.NotNull;
-import org.jetbrains.annotations.Nullable;
+import org.jspecify.annotations.NonNull;
+import org.jspecify.annotations.Nullable;
 import org.owasp.dependencycheck.analyzer.AnalysisPhase;
 import org.owasp.dependencycheck.analyzer.Analyzer;
 import org.owasp.dependencycheck.analyzer.AnalyzerService;
@@ -145,7 +145,7 @@ public class Engine implements FileFilter, AutoCloseable {
      *
      * @param settings reference to the configured settings
      */
-    public Engine(@NotNull final Settings settings) {
+    public Engine(@NonNull final Settings settings) {
         this(Mode.STANDALONE, settings);
     }
 
@@ -155,7 +155,7 @@ public Engine(@NotNull final Settings settings) {
      * @param mode the mode of operation
      * @param settings reference to the configured settings
      */
-    public Engine(@NotNull final Mode mode, @NotNull final Settings settings) {
+    public Engine(@NonNull final Mode mode, @NonNull final Settings settings) {
         this(Thread.currentThread().getContextClassLoader(), mode, settings);
     }
 
@@ -165,7 +165,7 @@ public Engine(@NotNull final Mode mode, @NotNull final Settings settings) {
      * @param serviceClassLoader a reference the class loader being used
      * @param settings reference to the configured settings
      */
-    public Engine(@NotNull final ClassLoader serviceClassLoader, @NotNull final Settings settings) {
+    public Engine(@NonNull final ClassLoader serviceClassLoader, @NonNull final Settings settings) {
         this(serviceClassLoader, Mode.STANDALONE, settings);
     }
 
@@ -176,7 +176,7 @@ public Engine(@NotNull final ClassLoader serviceClassLoader, @NotNull final Sett
      * @param mode the mode of the engine
      * @param settings reference to the configured settings
      */
-    public Engine(@NotNull final ClassLoader serviceClassLoader, @NotNull final Mode mode, @NotNull final Settings settings) {
+    public Engine(@NonNull final ClassLoader serviceClassLoader, @NonNull final Mode mode, @NonNull final Settings settings) {
         this.settings = settings;
         this.serviceClassLoader = serviceClassLoader;
         this.mode = mode;
@@ -277,7 +277,7 @@ public synchronized void sortDependencies() {
      *
      * @param dependency the dependency to remove.
      */
-    public synchronized void removeDependency(@NotNull final Dependency dependency) {
+    public synchronized void removeDependency(@NonNull final Dependency dependency) {
         dependencies.remove(dependency);
         dependenciesExternalView = null;
     }
@@ -300,7 +300,7 @@ public synchronized Dependency[] getDependencies() {
      *
      * @param dependencies the dependencies
      */
-    public synchronized void setDependencies(@NotNull final List<Dependency> dependencies) {
+    public synchronized void setDependencies(@NonNull final List<Dependency> dependencies) {
         this.dependencies.clear();
         this.dependencies.addAll(dependencies);
         dependenciesExternalView = null;
@@ -315,7 +315,7 @@ public synchronized void setDependencies(@NotNull final List<Dependency> depende
      * @return the list of dependencies scanned
      * @since v0.3.2.5
      */
-    public List<Dependency> scan(@NotNull final String[] paths) {
+    public List<Dependency> scan(@NonNull final String[] paths) {
         return scan(paths, null);
     }
 
@@ -330,7 +330,7 @@ public List<Dependency> scan(@NotNull final String[] paths) {
      * @return the list of dependencies scanned
      * @since v1.4.4
      */
-    public List<Dependency> scan(@NotNull final String[] paths, @Nullable final String projectReference) {
+    public List<Dependency> scan(@NonNull final String[] paths, @Nullable final String projectReference) {
         final List<Dependency> deps = new ArrayList<>();
         for (String path : paths) {
             final List<Dependency> d = scan(path, projectReference);
@@ -349,7 +349,7 @@ public List<Dependency> scan(@NotNull final String[] paths, @Nullable final Stri
      * @param path the path to a file or directory to be analyzed
      * @return the list of dependencies scanned
      */
-    public List<Dependency> scan(@NotNull final String path) {
+    public List<Dependency> scan(@NonNull final String path) {
         return scan(path, null);
     }
 
@@ -364,7 +364,7 @@ public List<Dependency> scan(@NotNull final String path) {
      * @return the list of dependencies scanned
      * @since v1.4.4
      */
-    public List<Dependency> scan(@NotNull final String path, String projectReference) {
+    public List<Dependency> scan(@NonNull final String path, String projectReference) {
         final File file = new File(path);
         return scan(file, projectReference);
     }
@@ -461,7 +461,7 @@ public List<Dependency> scan(File file) {
      * @since v1.4.4
      */
     @Nullable
-    public List<Dependency> scan(@NotNull final File file, String projectReference) {
+    public List<Dependency> scan(@NonNull final File file, String projectReference) {
         if (file.exists()) {
             if (file.isDirectory()) {
                 return scanDirectory(file, projectReference);
@@ -498,7 +498,7 @@ protected List<Dependency> scanDirectory(File dir) {
      * @return the list of Dependency objects scanned
      * @since v1.4.4
      */
-    protected List<Dependency> scanDirectory(@NotNull final File dir, @Nullable final String projectReference) {
+    protected List<Dependency> scanDirectory(@NonNull final File dir, @Nullable final String projectReference) {
         final File[] files = dir.listFiles();
         final List<Dependency> deps = new ArrayList<>();
         if (files != null) {
@@ -526,7 +526,7 @@ protected List<Dependency> scanDirectory(@NotNull final File dir, @Nullable fina
      * @param file The file to scan
      * @return the scanned dependency
      */
-    protected Dependency scanFile(@NotNull final File file) {
+    protected Dependency scanFile(@NonNull final File file) {
         return scanFile(file, null);
     }
 
@@ -541,7 +541,7 @@ protected Dependency scanFile(@NotNull final File file) {
      * @return the scanned dependency
      * @since v1.4.4
      */
-    protected synchronized Dependency scanFile(@NotNull final File file, @Nullable final String projectReference) {
+    protected synchronized Dependency scanFile(@NonNull final File file, @Nullable final String projectReference) {
         Dependency dependency = null;
         if (file.isFile()) {
             if (accept(file)) {
@@ -681,7 +681,7 @@ public void analyzeDependencies() throws ExceptionCollection {
      * @param exceptions a collection to store non-fatal exceptions
      * @throws ExceptionCollection thrown if fatal exceptions occur
      */
-    private void initializeAndUpdateDatabase(@NotNull final List<Throwable> exceptions) throws ExceptionCollection {
+    private void initializeAndUpdateDatabase(@NonNull final List<Throwable> exceptions) throws ExceptionCollection {
         if (!mode.isDatabaseRequired()) {
             return;
         }
@@ -741,7 +741,7 @@ private void throwFatalDatabaseException(DatabaseException ex, final List<Throwa
      * @param analyzer the analyzer to execute
      * @throws ExceptionCollection thrown if exceptions occurred during analysis
      */
-    protected void executeAnalysisTasks(@NotNull final Analyzer analyzer, List<Throwable> exceptions) throws ExceptionCollection {
+    protected void executeAnalysisTasks(@NonNull final Analyzer analyzer, List<Throwable> exceptions) throws ExceptionCollection {
         LOGGER.debug("Starting {}", analyzer.getName());
         final List<AnalysisTask> analysisTasks = getAnalysisTasks(analyzer, exceptions);
         final ExecutorService executorService = getExecutorService(analyzer);
@@ -805,7 +805,7 @@ protected ExecutorService getExecutorService(Analyzer analyzer) {
      * @throws InitializationException thrown when there is a problem
      * initializing the analyzer
      */
-    protected void initializeAnalyzer(@NotNull final Analyzer analyzer) throws InitializationException {
+    protected void initializeAnalyzer(@NonNull final Analyzer analyzer) throws InitializationException {
         try {
             LOGGER.debug("Initializing {}", analyzer.getName());
             analyzer.prepare(this);
@@ -837,7 +837,7 @@ protected void initializeAnalyzer(@NotNull final Analyzer analyzer) throws Initi
      *
      * @param analyzer the analyzer to close
      */
-    protected void closeAnalyzer(@NotNull final Analyzer analyzer) {
+    protected void closeAnalyzer(@NonNull final Analyzer analyzer) {
         LOGGER.debug("Closing Analyzer '{}'", analyzer.getName());
         try {
             analyzer.close();
@@ -1029,7 +1029,7 @@ public CveDB getDatabase() {
      *
      * @return a list of Analyzers
      */
-    @NotNull
+    @NonNull
     public List<Analyzer> getAnalyzers() {
         final List<Analyzer> analyzerList = new ArrayList<>();
         //insteae of forEach - we can just do a collect
@@ -1129,7 +1129,7 @@ public Mode getMode() {
      *
      * @param fta the file type analyzer to add
      */
-    protected void addFileTypeAnalyzer(@NotNull final FileTypeAnalyzer fta) {
+    protected void addFileTypeAnalyzer(@NonNull final FileTypeAnalyzer fta) {
         this.fileTypeAnalyzers.add(fta);
     }
 
@@ -1154,8 +1154,8 @@ private void ensureDataExists() throws NoDataException {
      * @throws ExceptionCollection a collection of exceptions that occurred
      * during analysis
      */
-    private void throwFatalExceptionCollection(String message, @NotNull final Throwable throwable,
-            @NotNull final List<Throwable> exceptions) throws ExceptionCollection {
+    private void throwFatalExceptionCollection(String message, @NonNull final Throwable throwable,
+            @NonNull final List<Throwable> exceptions) throws ExceptionCollection {
         LOGGER.error(message);
         LOGGER.debug("", throwable);
         exceptions.add(throwable);
@@ -1212,7 +1212,7 @@ public void writeReports(String applicationName, File outputDir, String format,
     @Deprecated
     public synchronized void writeReports(String applicationName, @Nullable final String groupId,
             @Nullable final String artifactId, @Nullable final String version,
-            @NotNull final File outputDir, String format) throws ReportException {
+            @NonNull final File outputDir, String format) throws ReportException {
         writeReports(applicationName, groupId, artifactId, version, outputDir, format, null);
     }
 
@@ -1233,7 +1233,7 @@ public synchronized void writeReports(String applicationName, @Nullable final St
      */
     public synchronized void writeReports(String applicationName, @Nullable final String groupId,
             @Nullable final String artifactId, @Nullable final String version,
-            @NotNull final File outputDir, String format, ExceptionCollection exceptions) throws ReportException {
+            @NonNull final File outputDir, String format, ExceptionCollection exceptions) throws ReportException {
         if (mode == Mode.EVIDENCE_COLLECTION) {
             throw new UnsupportedOperationException("Cannot generate report in evidence collection mode.");
         }

core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java

@@ -31,11 +31,10 @@
 import java.util.regex.Pattern;
 import javax.annotation.concurrent.ThreadSafe;
 
-import org.jetbrains.annotations.NotNull;
+import org.jspecify.annotations.NonNull;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.data.update.HostedSuppressionsDataSource;
-import org.owasp.dependencycheck.data.update.exception.UpdateException;
 import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.exception.InitializationException;
 import org.owasp.dependencycheck.exception.WriteLockException;
@@ -219,7 +218,7 @@ private void loadPackagedSuppressionBaseData(final SuppressionParser parser, fin
         }
     }
 
-    private static @NotNull URL getPackagedFile(String packagedFileName) throws SuppressionParseException {
+    private static @NonNull URL getPackagedFile(String packagedFileName) throws SuppressionParseException {
         final URL jarLocation = AbstractSuppressionAnalyzer.class.getProtectionDomain().getCodeSource().getLocation();
         String suppressionFileLocation = jarLocation.getFile();
         if (suppressionFileLocation.endsWith(".jar")) {

core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java

@@ -46,8 +46,8 @@
 import org.apache.lucene.search.Query;
 import org.apache.lucene.search.ScoreDoc;
 import org.apache.lucene.search.TopDocs;
-import org.jetbrains.annotations.NotNull;
-import org.jetbrains.annotations.Nullable;
+import org.jspecify.annotations.NonNull;
+import org.jspecify.annotations.Nullable;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.data.cpe.CpeMemoryIndex;
@@ -1277,7 +1277,7 @@ public boolean equals(Object obj) {
          * @return the natural ordering of IdentifierMatch
          */
         @Override
-        public int compareTo(@NotNull IdentifierMatch o) {
+        public int compareTo(@NonNull IdentifierMatch o) {
             return new CompareToBuilder()
                     .append(identifierConfidence, o.identifierConfidence)
                     .append(identifier, o.identifier)

core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java

@@ -17,7 +17,7 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
-import org.jetbrains.annotations.VisibleForTesting;
+import com.google.common.annotations.VisibleForTesting;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.dependency.Dependency;

core/src/main/java/org/owasp/dependencycheck/analyzer/PnpmAuditAnalyzer.java

@@ -20,9 +20,9 @@
 import org.apache.commons.collections4.MultiValuedMap;
 import org.apache.commons.collections4.multimap.HashSetValuedHashMap;
 import org.apache.commons.lang3.StringUtils;
-import org.jetbrains.annotations.NotNull;
 import org.json.JSONException;
 import org.json.JSONObject;
+import org.jspecify.annotations.NonNull;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.analyzer.exception.SearchException;
@@ -281,7 +281,7 @@ private List<Advisory> analyzePackage(final File lockFile,
         }
     }
 
-    @NotNull
+    @NonNull
     private NpmAuditParser getAuditParser() {
         return new NpmAuditParser();
     }

core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusV3Search.java

@@ -24,7 +24,7 @@
 import org.apache.hc.core5.http.HttpEntity;
 import org.apache.hc.core5.http.HttpHeaders;
 import org.apache.hc.core5.http.message.BasicHeader;
-import org.jetbrains.annotations.Nullable;
+import org.jspecify.annotations.Nullable;
 import org.owasp.dependencycheck.utils.DownloadFailedException;
 import org.owasp.dependencycheck.utils.Downloader;
 import org.owasp.dependencycheck.utils.ForbiddenException;

core/src/main/java/org/owasp/dependencycheck/data/update/NvdApiDataSource.java

@@ -55,7 +55,7 @@
 import java.util.function.Function;
 import java.util.zip.GZIPOutputStream;
 
-import org.jetbrains.annotations.NotNull;
+import org.jspecify.annotations.NonNull;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
@@ -666,20 +666,20 @@ public FeedUrl withPattern(Function<Optional<String>, String> patternTransformer
             return new FeedUrl(url, patternTransformer.apply(Optional.ofNullable(pattern)));
         }
 
-        @NotNull String toFormattedUrlString(String formatArg) {
+        @NonNull String toFormattedUrlString(String formatArg) {
             return url + MessageFormat.format(Optional.ofNullable(pattern).orElseThrow(), formatArg);
         }
 
-        @NotNull String toFormattedUrlString(int formatArg) {
+        @NonNull String toFormattedUrlString(int formatArg) {
             return toFormattedUrlString(String.valueOf(formatArg));
         }
 
-        @NotNull URL toFormattedUrl(@NotNull String formatArg) throws MalformedURLException, URISyntaxException {
+        @NonNull URL toFormattedUrl(@NonNull String formatArg) throws MalformedURLException, URISyntaxException {
             return new URI(toFormattedUrlString(formatArg)).toURL();
         }
 
         @SuppressWarnings("SameParameterValue")
-        @NotNull URL toSuffixedUrl(String suffix) throws MalformedURLException, URISyntaxException {
+        @NonNull URL toSuffixedUrl(String suffix) throws MalformedURLException, URISyntaxException {
             return new URI(url + suffix).toURL();
         }
 
@@ -705,7 +705,7 @@ protected static FeedUrl extractFromUrlOptionalPattern(String url) {
             return new FeedUrl(baseUrl, pattern);
         }
 
-        private static @NotNull Pair<Integer, Integer> toYearRange(Settings settings, ZonedDateTime now) {
+        private static @NonNull Pair<Integer, Integer> toYearRange(Settings settings, ZonedDateTime now) {
             // for establishing the current year use the timezone where the new year starts first
             // as from that moment on CNAs might start assigning CVEs with the new year depending
             // on the CNA's timezone
@@ -714,11 +714,11 @@ protected static FeedUrl extractFromUrlOptionalPattern(String url) {
             return new Pair<>(startYear, endYear);
         }
 
-        private @NotNull ZonedDateTime getLastModifiedFor(int year) throws UpdateException {
+        private @NonNull ZonedDateTime getLastModifiedFor(int year) throws UpdateException {
             return getLastModifiedFor(String.valueOf(year));
         }
 
-        private @NotNull ZonedDateTime getLastModifiedFor(String fileVersion) throws UpdateException {
+        private @NonNull ZonedDateTime getLastModifiedFor(String fileVersion) throws UpdateException {
             try {
                 String content = Downloader.getInstance().fetchContent(toFormattedUrl(fileVersion), UTF_8);
                 Properties props = new Properties();

core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java

@@ -21,7 +21,7 @@
 import org.apache.commons.lang3.builder.CompareToBuilder;
 import org.apache.commons.lang3.builder.EqualsBuilder;
 import org.apache.commons.lang3.builder.HashCodeBuilder;
-import org.jetbrains.annotations.NotNull;
+import org.jspecify.annotations.NonNull;
 
 import java.io.Serializable;
 import javax.annotation.concurrent.ThreadSafe;
@@ -235,7 +235,7 @@ public boolean equals(Object obj) {
      * @return an integer indicating the ordering of the two objects
      */
     @Override
-    public int compareTo(@NotNull Evidence o) {
+    public int compareTo(@NonNull Evidence o) {
         return new CompareToBuilder()
                 .append(this.source == null ? null : this.source.toLowerCase(), o.source == null ? null : o.source.toLowerCase())
                 .append(this.name == null ? null : this.name.toLowerCase(), o.name == null ? null : o.name.toLowerCase())

core/src/main/java/org/owasp/dependencycheck/dependency/Reference.java

@@ -22,7 +22,7 @@
 import org.apache.commons.lang3.builder.CompareToBuilder;
 import org.apache.commons.lang3.builder.EqualsBuilder;
 import org.apache.commons.lang3.builder.HashCodeBuilder;
-import org.jetbrains.annotations.NotNull;
+import org.jspecify.annotations.NonNull;
 
 /**
  * An external reference for a vulnerability. This contains a name, URL, and a
@@ -160,7 +160,7 @@ public int hashCode() {
      * @return an integer indicating the ordering of the two objects
      */
     @Override
-    public int compareTo(@NotNull Reference o) {
+    public int compareTo(@NonNull Reference o) {
         return new CompareToBuilder()
                 .append(source, o.source)
                 .append(name, o.name)