Upgrade a few dependencies in pom.xml. Add some missing header/license

info to the tools/ classes, and 2 other files.

Author: davewichers

pom.xml

@@ -831,7 +831,7 @@ But it might be needed for Java 10, because I get this error, that I don't get w
 		<dependency>
 			<groupId>org.apache.httpcomponents</groupId>
 			<artifactId>httpcore</artifactId>
-			<version>4.4.13</version>
+			<version>4.4.14</version>
 		</dependency>
 
 		<dependency>
@@ -912,7 +912,7 @@ But it might be needed for Java 10, because I get this error, that I don't get w
 		<dependency>
 			<groupId>org.json</groupId>
 			<artifactId>json</artifactId>
-			<version>20200518</version>
+			<version>20201115</version>
 		</dependency>
 
                 <dependency>
@@ -924,7 +924,7 @@ But it might be needed for Java 10, because I get this error, that I don't get w
 		<dependency>
 			<groupId>org.owasp.esapi</groupId>
 			<artifactId>esapi</artifactId>
-			<version>2.2.1.0</version>
+			<version>2.2.2.0</version>
 		</dependency>
 
 		<dependency>
@@ -1087,7 +1087,7 @@ But it might be needed for Java 10, because I get this error, that I don't get w
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-pmd-plugin</artifactId>
-				<version>3.13.0</version>
+				<version>3.14.0</version>
 				<configuration>
 					<linkXref>true</linkXref>
 					<targetJdk>1.7</targetJdk>
@@ -1097,13 +1097,13 @@ But it might be needed for Java 10, because I get this error, that I don't get w
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-project-info-reports-plugin</artifactId>
-				<version>3.1.0</version>
+				<version>3.1.1</version>
 			</plugin>
 
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-resources-plugin</artifactId>
-				<version>3.1.0</version>
+				<version>3.2.0</version>
 			</plugin>
 
 			<plugin>
@@ -1130,13 +1130,7 @@ But it might be needed for Java 10, because I get this error, that I don't get w
 			<plugin>
 				<groupId>org.codehaus.cargo</groupId>
 				<artifactId>cargo-maven2-plugin</artifactId>
-				<version>1.7.13</version>
-			</plugin>
-
-			<plugin>
-				<groupId>org.codehaus.mojo</groupId>
-				<artifactId>sonar-maven-plugin</artifactId>
-				<version>3.7.1.1746</version>
+				<version>1.8.2</version>
 			</plugin>
 
 			<!-- SpotBugs Static Analysis - the successor to FindBugs -->
@@ -1149,6 +1143,15 @@ But it might be needed for Java 10, because I get this error, that I don't get w
 					<threshold>Low</threshold>
 					<failOnError>true</failOnError>
 				</configuration>
+				<dependencies>
+				<!-- Overwrite dependency on SpotBugs if you want to specify the version of SpotBugs.
+					SpotBugs itself is frequently several versions ahead of the spotbugs-maven-plugin -->
+					<dependency>
+						<groupId>com.github.spotbugs</groupId>
+						<artifactId>spotbugs</artifactId>
+						<version>${version.spotbugs}</version>
+					</dependency>
+				</dependencies>
 			</plugin>
 
 			<plugin>
@@ -1220,6 +1223,7 @@ But it might be needed for Java 10, because I get this error, that I don't get w
 		<version.jersey>1.19.4</version.jersey>
 		<version.slf4j>1.7.30</version.slf4j>
 		<version.spotbugs.maven>4.1.4</version.spotbugs.maven>
+		<version.spotbugs>4.2.0</version.spotbugs>
 		<version.springframework>4.3.29.RELEASE</version.springframework>
 		<!-- tomcat 8.5 is last version to support Java 7. Tomcat 9+ requires Java 8. -->
 		<tomcat.major.version>8</tomcat.major.version>

src/main/java/org/owasp/benchmark/helpers/LDAPServer.java

@@ -1,3 +1,21 @@
+/**
+* OWASP Benchmark Project
+*
+* This file is part of the Open Web Application Security Project (OWASP)
+* Benchmark Project For details, please see
+* <a href="https://owasp.org/www-project-benchmark/">https://owasp.org/www-project-benchmark/</a>.
+*
+* The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms
+* of the GNU General Public License as published by the Free Software Foundation, version 2.
+*
+* The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details
+*
+* @author Juan GaMa
+* @created 2015
+*/
+
 package org.owasp.benchmark.helpers;
 
 import java.io.File;
@@ -15,7 +33,6 @@
 import org.apache.directory.server.ldap.LdapServer;
 import org.apache.directory.server.protocol.shared.transport.TcpTransport;
 import org.apache.directory.server.xdbm.Index;
-import org.apache.directory.shared.ldap.entry.Entry;
 import org.apache.directory.shared.ldap.entry.ServerEntry;
 import org.apache.directory.shared.ldap.name.DN;
 import org.apache.directory.shared.ldap.schema.SchemaManager;
@@ -45,9 +62,10 @@ public LDAPServer() {
 		}
 
 		// Read an entry
-		Entry result = null;
+		//Entry result = null;
 		try {
-			result = service.getAdminSession().lookup(new DN("dc=apache,dc=org"));
+			//result =
+				service.getAdminSession().lookup(new DN("dc=apache,dc=org"));
 		} catch (Exception e) {
 			System.out.println("Error creating LDAP Server: " + e.getMessage());
 		}
@@ -100,6 +118,7 @@ private void initDirectoryService(File workDir){
 			service = new DefaultDirectoryService();
 		} catch (Exception e1) {
 			System.out.println("Error creating DefaultDirectoryService. " + e1.getMessage());
+			e1.printStackTrace();
 		}
 		service.setWorkingDirectory(workDir);
 
@@ -113,6 +132,7 @@ private void initDirectoryService(File workDir){
 			systemPartition = addPartition("system", ServerDNConstants.SYSTEM_DN);
 		} catch (Exception e1) {
 			System.out.println("Error addPartition system. " + e1.getMessage());
+			e1.printStackTrace();
 		}
 		service.setSystemPartition(systemPartition);
 
@@ -127,18 +147,23 @@ private void initDirectoryService(File workDir){
 			fooPartition = addPartition("foo", "dc=foo,dc=com");
 		} catch (Exception e1) {
 			System.out.println("Error addPartition foo. " + e1.getMessage());
+			e1.printStackTrace();
 		}
+
 		Partition barPartition = null;
 		try {
 			barPartition = addPartition("bar", "dc=bar,dc=com");
 		} catch (Exception e1) {
 			System.out.println("Error addPartition bar. " + e1.getMessage());
+			e1.printStackTrace();
 		}
+
 		Partition apachePartition = null;
 		try {
 			apachePartition = addPartition("apache", "dc=apache,dc=org");
 		} catch (Exception e1) {
 			System.out.println("Error addPartition apache. " + e1.getMessage());
+			e1.printStackTrace();
 		}
 
 		// Index some attributes on the apache partition
@@ -148,7 +173,9 @@ private void initDirectoryService(File workDir){
 			service.startup();
 		} catch (Exception e) {
 			System.out.println("Error at LDAP startup: " + e.getMessage());
+			e.printStackTrace();
 		}
+
 		// Inject the foo root entry if it does not already exist
 		try {
 			service.getAdminSession().lookup(fooPartition.getSuffixDn());
@@ -161,6 +188,7 @@ private void initDirectoryService(File workDir){
 				service.getAdminSession().add(entryFoo);
 			} catch (Exception e) {
 				System.out.println("Error creating new DN.");
+				e.printStackTrace();
 			}
 		}
 
@@ -176,6 +204,7 @@ private void initDirectoryService(File workDir){
 				service.getAdminSession().add(entryBar);
 			} catch (Exception e) {
 				System.out.println("Error creating new DN.");
+				e.printStackTrace();
 			}
 		}
 
@@ -190,12 +219,13 @@ private void initDirectoryService(File workDir){
 					service.getAdminSession().add(entryApache);
 				} catch (Exception e) {
 					System.out.println("Error creating new DN.");
+					e.printStackTrace();
 				}
 			}
 		} catch (Exception e) {
 			System.out.println("Error when checking if partition exists.");
+			e.printStackTrace();
 		}
-
 	}
 
 	/**
@@ -221,6 +251,8 @@ private void initSchemaPartition() {
 			extractor.extractOrCopy( true );
 			//System.out.println("is Extracted: " + extractor.isExtracted());
 		} catch (Exception e) {
+			System.out.println("ERROR: parsing LDAP schema");
+			e.printStackTrace();
 		}
 
 		schemaPartition.setWrappedPartition(ldifPartition);
@@ -233,7 +265,6 @@ private void initSchemaPartition() {
 			// to initialize the Partitions, as we won't be able to parse
 			// and normalize their suffix DN
 			schemaManager.loadAllEnabled();
-
 			schemaPartition.setSchemaManager(schemaManager);
 
 			List<Throwable> errors = schemaManager.getErrors();
@@ -242,6 +273,8 @@ private void initSchemaPartition() {
 				throw new Exception("Schema load failed : " + errors);
 			}
 		} catch (Exception e) {
+			System.out.println("ERROR: loading LDAP schema");
+			e.printStackTrace();
 		}
 	}
 
@@ -296,7 +329,6 @@ public void startServer() throws Exception {
 		int serverPort = 10389;
 		server.setTransports(new TcpTransport(serverPort));
 		server.setDirectoryService(service);
-
 		server.start();
 	}
 
@@ -312,12 +344,12 @@ public void stopServer() throws Exception {
 	/**
 	 * Main class.
 	 *
-	 * @param args
-	 *            Not used.
+	 * @param args Not used.
 	 * @throws Exception 
 	 */
 	public static void main(String[] args) throws Exception {
-		LDAPServer ldap = new LDAPServer();
+		//LDAPServer ldap =
+			new LDAPServer();
 		//ldap.stopServer();
 	}
 

src/main/java/org/owasp/benchmark/score/parsers/TestResults.java

@@ -3,7 +3,7 @@
 *
 * This file is part of the Open Web Application Security Project (OWASP)
 * Benchmark Project For details, please see
-* <a href="https://www.owasp.org/index.php/Benchmark">https://www.owasp.org/index.php/Benchmark</a>.
+* <a href="https://owasp.org/www-project-benchmark/">https://owasp.org/www-project-benchmark/</a>.
 *
 * The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms
 * of the GNU General Public License as published by the Free Software Foundation, version 2.
@@ -12,7 +12,7 @@
 * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details
 *
-* @author Dave Wichers <a href="https://www.aspectsecurity.com">Aspect Security</a>
+* @author Dave Wichers
 * @created 2015
 */
 
@@ -46,6 +46,7 @@ public static enum ToolType {
 	private static int nextCommercialSAST_ToolNumber = 1;
 	private static int nextCommercialDAST_ToolNumber = 1;
 	private static int nextCommercialIAST_ToolNumber = 1;
+	private static int nextCommercialHybrid_ToolNumber = 1;
 
 	// The version of the Benchmark these test results are for
 	private String benchmarkVersion = "notSet";
@@ -121,6 +122,10 @@ public String getToolNameAndVersion() {
         return this.toolName;
     }
 
+    /**
+     * Get the version of the tool these results are from.
+     * @return Version of the tool if determined. Null otherwise.
+     */
     public String getToolVersion() {
         return toolVersion;
     }
@@ -151,13 +156,19 @@ public void setAnonymous() {
 			case DAST : {
 				if (nextCommercialDAST_ToolNumber < 10) {
 					this.setTool("DAST-0" + nextCommercialDAST_ToolNumber++);
-				} else this.setTool("DAST-" + nextCommercialDAST_ToolNumber++);				
+				} else this.setTool("DAST-" + nextCommercialDAST_ToolNumber++);
 				break;
 			}
 			case IAST : {
 				if (nextCommercialIAST_ToolNumber < 10) {
 					this.setTool("IAST-0" + nextCommercialIAST_ToolNumber++);
-				} else this.setTool("IAST-" + nextCommercialIAST_ToolNumber++);				
+				} else this.setTool("IAST-" + nextCommercialIAST_ToolNumber++);
+				break;
+			}
+			case Hybrid : {
+				if (nextCommercialHybrid_ToolNumber < 10) {
+					this.setTool("HYBR-0" + nextCommercialHybrid_ToolNumber++);
+				} else this.setTool("HYBR-" + nextCommercialHybrid_ToolNumber++);
 			}
 		}
 	}

src/main/java/org/owasp/benchmark/tools/AbstractTestCaseRequest.java

@@ -1,3 +1,21 @@
+/**
+* OWASP Benchmark Project
+*
+* This file is part of the Open Web Application Security Project (OWASP)
+* Benchmark Project For details, please see
+* <a href="https://owasp.org/www-project-benchmark/">https://owasp.org/www-project-benchmark/</a>.
+*
+* The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms
+* of the GNU General Public License as published by the Free Software Foundation, version 2.
+*
+* The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details
+*
+* @author Juan Gama
+* @created 2017
+*/
+
 package org.owasp.benchmark.tools;
 
 import java.util.List;

src/main/java/org/owasp/benchmark/tools/BenchmarkCrawler.java

@@ -1,3 +1,21 @@
+/**
+* OWASP Benchmark Project
+*
+* This file is part of the Open Web Application Security Project (OWASP)
+* Benchmark Project For details, please see
+* <a href="https://owasp.org/www-project-benchmark/">https://owasp.org/www-project-benchmark/</a>.
+*
+* The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms
+* of the GNU General Public License as published by the Free Software Foundation, version 2.
+*
+* The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details
+*
+* @author Juan Gama
+* @created 2017
+*/
+
 package org.owasp.benchmark.tools;
 
 import java.io.File;
@@ -156,4 +174,5 @@ public HttpRequestBase getRequestBase() {
 	public void setRequestBase(HttpRequestBase requestBase) {
 		this.requestBase = requestBase;
 	}
-}
+}
+

src/main/java/org/owasp/benchmark/tools/NoisyCricket.java

@@ -1,3 +1,21 @@
+/**
+* OWASP Benchmark Project
+*
+* This file is part of the Open Web Application Security Project (OWASP)
+* Benchmark Project For details, please see
+* <a href="https://owasp.org/www-project-benchmark/">https://owasp.org/www-project-benchmark/</a>.
+*
+* The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms
+* of the GNU General Public License as published by the Free Software Foundation, version 2.
+*
+* The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details
+*
+* @author Juan Gama
+* @created 2017
+*/
+
 package org.owasp.benchmark.tools;
 
 import java.io.File;