style: make checkstyle happier (#7559)

Author: jeremylong

NOTICE.txt

@@ -1,6 +1,6 @@
 dependency-check
 
-Copyright (c) 2012-2013 Jeremy Long. All Rights Reserved.
+Copyright (c) 2012-2025 OWASP Dependency-Check Contributors. All Rights Reserved.
 
 The licenses for the software listed below can be found in the META-INF/licenses/[dependency name].
 

cli/src/main/java/org/owasp/dependencycheck/CliParser.java

@@ -172,7 +172,7 @@ private void validateArgs() throws FileNotFoundException, ParseException {
                     if (!isValidFormat(validating)
                             && !isValidFilePath(validating, "format")) {
                         final String msg = String.format("An invalid 'format' of '%s' was specified. "
-                                + "Supported output formats are %s, and custom template files.",
+                                        + "Supported output formats are %s, and custom template files.",
                                 validating, SUPPORTED_FORMATS);
                         throw new ParseException(msg);
                     }
@@ -321,14 +321,14 @@ private void addStandardOptions(final Options options) {
         //This is an option group because it can be specified more then once.
 
         options.addOptionGroup(newOptionGroup(newOptionWithArg(ARGUMENT.SCAN_SHORT, ARGUMENT.SCAN, "path",
-                "The path to scan - this option can be specified multiple times. Ant style paths are supported (e.g. 'path/**/*.jar'); "
-                + "if using Ant style paths it is highly recommended to quote the argument value.")))
+                        "The path to scan - this option can be specified multiple times. Ant style paths are supported (e.g. 'path/**/*.jar'); "
+                                + "if using Ant style paths it is highly recommended to quote the argument value.")))
                 .addOptionGroup(newOptionGroup(newOptionWithArg(ARGUMENT.EXCLUDE, "pattern", "Specify an exclusion pattern. This option "
                         + "can be specified multiple times and it accepts Ant style exclusions.")))
                 .addOption(newOptionWithArg(ARGUMENT.PROJECT, "name", "The name of the project being scanned."))
                 .addOption(newOptionWithArg(ARGUMENT.OUT_SHORT, ARGUMENT.OUT, "path",
                         "The folder to write reports to. This defaults to the current directory. It is possible to set this to a specific "
-                        + "file name if the format argument is not set to ALL."))
+                                + "file name if the format argument is not set to ALL."))
                 .addOption(newOptionWithArg(ARGUMENT.OUTPUT_FORMAT_SHORT, ARGUMENT.OUTPUT_FORMAT, "format",
                         "The report format (" + SUPPORTED_FORMATS + "). The default is HTML. Multiple format parameters can be specified."))
                 .addOption(newOption(ARGUMENT.PRETTY_PRINT, "When specified the JSON and XML report formats will be pretty printed."))
@@ -346,7 +346,7 @@ private void addStandardOptions(final Options options) {
                 .addOption(newOptionWithArg(ARGUMENT.NVD_API_KEY, "apiKey", "The API Key to access the NVD API."))
                 .addOption(newOptionWithArg(ARGUMENT.FAIL_ON_CVSS, "score",
                         "Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11; "
-                        + "since the CVSS scores are 0-10, by default the build will never fail."))
+                                + "since the CVSS scores are 0-10, by default the build will never fail."))
                 .addOption(newOptionWithArg(ARGUMENT.FAIL_JUNIT_ON_CVSS, "score",
                         "Specifies the CVSS score that is considered a failure when generating the junit report. The default is 0."));
     }
@@ -397,7 +397,7 @@ private void addAdvancedOptions(final Options options) {
                         "The proxy password to use when downloading resources."))
                 .addOption(newOptionWithArg(ARGUMENT.NON_PROXY_HOSTS, "list",
                         "The proxy exclusion list: hostnames (or patterns) for which proxy should not be used. "
-                        + "Use pipe, comma or colon as list separator."))
+                                + "Use pipe, comma or colon as list separator."))
                 .addOption(newOptionWithArg(ARGUMENT.CONNECTION_TIMEOUT_SHORT, ARGUMENT.CONNECTION_TIMEOUT, "timeout",
                         "The connection timeout (in milliseconds) to use when downloading resources."))
                 .addOption(newOptionWithArg(ARGUMENT.CONNECTION_READ_TIMEOUT, "timeout",
@@ -414,14 +414,14 @@ private void addAdvancedOptions(final Options options) {
                         "The database driver name."))
                 .addOption(newOptionWithArg(ARGUMENT.DB_DRIVER_PATH, "path",
                         "The path to the database driver; note, this does not need to be set unless the JAR is "
-                        + "outside of the classpath."))
+                                + "outside of the classpath."))
                 .addOption(newOptionWithArg(ARGUMENT.SYM_LINK_DEPTH, "depth",
                         "Sets how deep nested symbolic links will be followed; 0 indicates symbolic links will not be followed."))
                 .addOption(newOptionWithArg(ARGUMENT.PATH_TO_BUNDLE_AUDIT, "path",
                         "The path to bundle-audit for Gem bundle analysis."))
                 .addOption(newOptionWithArg(ARGUMENT.PATH_TO_BUNDLE_AUDIT_WORKING_DIRECTORY, "path",
                         "The path to working directory that the bundle-audit command should be executed from when "
-                        + "doing Gem bundle analysis."))
+                                + "doing Gem bundle analysis."))
                 .addOption(newOptionWithArg(ARGUMENT.CENTRAL_URL, "url",
                         "Alternative URL for Maven Central Search. If not set the public Sonatype Maven Central will be used."))
                 .addOption(newOptionWithArg(ARGUMENT.CENTRAL_USERNAME, "username",
@@ -434,7 +434,7 @@ private void addAdvancedOptions(final Options options) {
                         "Alternative URL for the OSS Index. If not set the public Sonatype OSS Index will be used."))
                 .addOption(newOptionWithArg(ARGUMENT.OSSINDEX_USERNAME, "username",
                         "The username to authenticate to Sonatype's OSS Index. If not set the Sonatype OSS Index "
-                        + "Analyzer will use an unauthenticated connection."))
+                                + "Analyzer will use an unauthenticated connection."))
                 .addOption(newOptionWithArg(ARGUMENT.OSSINDEX_PASSWORD, "password", ""
                         + "The password to authenticate to Sonatype's OSS Index. If not set the Sonatype OSS "
                         + "Index Analyzer will use an unauthenticated connection."))
@@ -472,23 +472,23 @@ private void addAdvancedOptions(final Options options) {
                         "The path to the `pnpm` executable."))
                 .addOption(newOptionWithArg(ARGUMENT.RETIREJS_FILTERS, "pattern",
                         "Specify Retire JS content filter used to exclude files from analysis based on their content; "
-                        + "most commonly used to exclude based on your applications own copyright line. This "
-                        + "option can be specified multiple times."))
+                                + "most commonly used to exclude based on your applications own copyright line. This "
+                                + "option can be specified multiple times."))
                 .addOption(newOptionWithArg(ARGUMENT.NEXUS_URL, "url",
                         "The url to the Nexus Server's REST API Endpoint (http://domain/nexus/service/local). If not "
-                        + "set the Nexus Analyzer will be disabled."))
+                                + "set the Nexus Analyzer will be disabled."))
                 .addOption(newOptionWithArg(ARGUMENT.NEXUS_USERNAME, "username",
                         "The username to authenticate to the Nexus Server's REST API Endpoint. If not set the Nexus "
-                        + "Analyzer will use an unauthenticated connection."))
+                                + "Analyzer will use an unauthenticated connection."))
                 .addOption(newOptionWithArg(ARGUMENT.NEXUS_PASSWORD, "password",
                         "The password to authenticate to the Nexus Server's REST API Endpoint. If not set the Nexus "
-                        + "Analyzer will use an unauthenticated connection."))
+                                + "Analyzer will use an unauthenticated connection."))
                 //TODO remove as this should be covered by non-proxy hosts
                 .addOption(newOptionWithArg(ARGUMENT.NEXUS_USES_PROXY, "true/false",
                         "Whether or not the configured proxy should be used when connecting to Nexus."))
                 .addOption(newOptionWithArg(ARGUMENT.ADDITIONAL_ZIP_EXTENSIONS, "extensions",
                         "A comma separated list of additional extensions to be scanned as ZIP files (ZIP, EAR, WAR "
-                        + "are already treated as zip files)"))
+                                + "are already treated as zip files)"))
                 .addOption(newOptionWithArg(ARGUMENT.PROP_SHORT, ARGUMENT.PROP, "file", "A property file to load."))
                 .addOption(newOptionWithArg(ARGUMENT.PATH_TO_CORE, "path", "The path to dotnet core."))
                 .addOption(newOptionWithArg(ARGUMENT.HINTS_FILE, "file", "The file path to the hints XML file."))
@@ -498,9 +498,12 @@ private void addAdvancedOptions(final Options options) {
                 .addOption(newOption(ARGUMENT.DISABLE_ARCHIVE, "Disable the Archive Analyzer."))
                 .addOption(newOption(ARGUMENT.DISABLE_KEV, "Disable the Known Exploited Vulnerability Analyzer."))
                 .addOption(newOptionWithArg(ARGUMENT.KEV_URL, "url", "The url to the CISA Known Exploited Vulnerabilities JSON data feed"))
-                .addOption(newOptionWithArg(ARGUMENT.KEV_USER, "user", "The user for basic authentication towards the CISA Known Exploited Vulnerabilities JSON data feed"))
-                .addOption(newOptionWithArg(ARGUMENT.KEV_PASSWORD, "password", "The password for basic authentication towards the CISA Known Exploited Vulnerabilities JSON data feed"))
-                .addOption(newOptionWithArg(ARGUMENT.KEV_BEARER_TOKEN, "token", "The token for bearer authentication towards the CISA Known Exploited Vulnerabilities JSON data feed"))
+                .addOption(newOptionWithArg(ARGUMENT.KEV_USER, "user", "The user for basic authentication towards the CISA Known Exploited "
+                        + "Vulnerabilities JSON data feed"))
+                .addOption(newOptionWithArg(ARGUMENT.KEV_PASSWORD, "password", "The password for basic authentication towards the CISA Known "
+                        + "Exploited Vulnerabilities JSON data feed"))
+                .addOption(newOptionWithArg(ARGUMENT.KEV_BEARER_TOKEN, "token", "The token for bearer authentication towards the CISA Known "
+                        + "Exploited Vulnerabilities JSON data feed"))
                 .addOption(newOption(ARGUMENT.DISABLE_ASSEMBLY, "Disable the .NET Assembly Analyzer."))
                 .addOption(newOption(ARGUMENT.DISABLE_PY_DIST, "Disable the Python Distribution Analyzer."))
                 .addOption(newOption(ARGUMENT.DISABLE_CMAKE, "Disable the Cmake Analyzer."))
@@ -783,8 +786,8 @@ public void printHelp() {
             addAdvancedOptions(options);
         }
         final String helpMsg = String.format("%n%s"
-                + " can be used to identify if there are any known CVE vulnerabilities in libraries utilized by an application. "
-                + "%s will automatically update required data from the Internet, such as the CVE and CPE data files from nvd.nist.gov.%n%n",
+                        + " can be used to identify if there are any known CVE vulnerabilities in libraries utilized by an application. "
+                        + "%s will automatically update required data from the Internet, such as the CVE and CPE data files from nvd.nist.gov.%n%n",
                 settings.getString(Settings.KEYS.APPLICATION_NAME, "DependencyCheck"),
                 settings.getString(Settings.KEYS.APPLICATION_NAME, "DependencyCheck"));
 

core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java

@@ -26,7 +26,6 @@
 import java.nio.file.Path;
 import java.nio.file.StandardCopyOption;
 import java.util.ArrayList;
-import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
 import java.util.regex.Pattern;
@@ -197,7 +196,7 @@ private void loadSuppressionBaseData(final Engine engine) throws SuppressionPars
      */
     private void loadPackagedSuppressionBaseData(final SuppressionParser parser, final Engine engine) throws SuppressionParseException {
         List<SuppressionRule> ruleList = null;
-        URL jarLocation = AbstractSuppressionAnalyzer.class.getProtectionDomain().getCodeSource().getLocation();
+        final URL jarLocation = AbstractSuppressionAnalyzer.class.getProtectionDomain().getCodeSource().getLocation();
         String suppressionFileLocation = jarLocation.getFile();
         if (suppressionFileLocation.endsWith(".jar")) {
             suppressionFileLocation = "jar:file:" + suppressionFileLocation + "!/" + BASE_SUPPRESSION_FILE;

core/src/main/java/org/owasp/dependencycheck/analyzer/PoetryAnalyzer.java

@@ -147,7 +147,7 @@ protected void analyzeDependency(Dependency dependency, Engine engine) throws An
         //do not report on the build file itself
         engine.removeDependency(dependency);
 
-        Optional<Toml> potentiallyParsedToml = parseDependencyFile(dependency);
+        final Optional<Toml> potentiallyParsedToml = parseDependencyFile(dependency);
         if (potentiallyParsedToml.isEmpty()) {
             LOGGER.warn("toml file skipped: {} could not be parsed", dependency.getActualFilePath());
             return;
@@ -207,16 +207,16 @@ protected void analyzeDependency(Dependency dependency, Engine engine) throws An
 
     private Optional<Toml> parseDependencyFile(Dependency dependency) {
         try {
-            Toml toml = new Toml().read(dependency.getActualFile());
+            final Toml toml = new Toml().read(dependency.getActualFile());
             return Optional.of(toml);
         } catch (RuntimeException e) {
-            Optional<String> unparsableFileErrorMessage = Optional.ofNullable(e.getCause())
+            final Optional<String> unparsableFileErrorMessage = Optional.ofNullable(e.getCause())
                     .filter(c -> c instanceof IllegalStateException)
                     .map(Throwable::getMessage)
                     .filter(PoetryAnalyzer::isInvalidKeyErrorMessage);
 
             if (unparsableFileErrorMessage.isPresent()) {
-                String message = String.format("Invalid toml file, cannot parse '%s'", dependency.getActualFile());
+                final String message = String.format("Invalid toml file, cannot parse '%s'", dependency.getActualFile());
                 LOGGER.debug(message, e);
                 return Optional.empty();
             }