updates to reduce load times in multi-module projects per issue #168

Former-commit-id: adfaaaddffffa9b078d6b78a1ac031e6d8343f21
2026-01-18 09:37:38 +01:00 · 2014-12-02 06:43:54 -05:00
parent ac98c8e395
commit 0cd43ce35c
4 changed files with 173 additions and 25 deletions
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java
@@ -43,7 +43,6 @@ import org.apache.maven.project.MavenProject;
 import org.apache.maven.reporting.MavenReport;
 import org.apache.maven.reporting.MavenReportException;
 import org.apache.maven.settings.Proxy;
-import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.DependencyBundlingAnalyzer;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.data.nexus.MavenArtifact;
@@ -326,7 +325,7 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
     * @throws DatabaseException thrown if there is an exception connecting to the database
     */
    private Engine executeDependencyCheck(MavenProject project) throws DatabaseException {
-        final Engine localEngine = initializeEngine();
+        final Engine localEngine = initializeEngine(project);

        final Set<Artifact> artifacts = project.getArtifacts();
        for (Artifact a : artifacts) {
@@ -359,9 +358,9 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
     * @return a newly instantiated <code>Engine</code>
     * @throws DatabaseException thrown if there is a database exception
     */
-    private Engine initializeEngine() throws DatabaseException {
+    private Engine initializeEngine(MavenProject project) throws DatabaseException {
        populateSettings();
-        final Engine localEngine = new Engine();
+        final Engine localEngine = new Engine(project);
        return localEngine;
    }

@@ -594,7 +593,7 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
        final List<Dependency> deps = readDataFile();
        if (deps != null) {
            try {
-                engine = initializeEngine();
+                engine = initializeEngine(getProject());
                engine.getDependencies().addAll(deps);
            } catch (DatabaseException ex) {
                final String msg = String.format("An unrecoverable exception with the dependency-check initialization occured while scanning %s",
@@ -618,7 +617,7 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
        List<Dependency> deps = readDataFile(project);
        if (deps != null) {
            try {
-                engine = initializeEngine();
+                engine = initializeEngine(project);
                engine.getDependencies().addAll(deps);
            } catch (DatabaseException ex) {
                final String msg = String.format("An unrecoverable exception with the dependency-check initialization occured while scanning %s",
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java
@@ -0,0 +1,121 @@
+/*
+ * This file is part of dependency-check-maven.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2014 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.maven;
+
+import java.util.logging.Logger;
+import org.apache.maven.project.MavenProject;
+import org.owasp.dependencycheck.analyzer.Analyzer;
+import org.owasp.dependencycheck.analyzer.CPEAnalyzer;
+import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
+
+/**
+ * A modified version of the core engine specifically designed to persist some data between multiple executions of a
+ * multi-module Maven project.
+ *
+ * @author Jeremy Long <jeremy.long@owasp.org>
+ */
+public class Engine extends org.owasp.dependencycheck.Engine {
+
+    /**
+     * The logger.
+     */
+    private static final transient Logger LOGGER = Logger.getLogger(Engine.class.getName());
+    /**
+     * A key used to persist an object in the MavenProject.
+     */
+    private static final String CPE_ANALYZER_KEY = "dependency-check-CPEAnalyzer";
+    /**
+     * The current MavenProject.
+     */
+    private MavenProject currentProject;
+
+    private Engine() throws DatabaseException {
+    }
+
+    public Engine(MavenProject project) throws DatabaseException {
+        this.currentProject = project;
+        MavenProject parent = getRootParent();
+        if ((parent != null) && (parent.getContextValue("dependency-check-data-was-updated") != null)) {
+            System.setProperty("autoupdate", Boolean.FALSE.toString());
+        }
+        initializeEngine();
+        if (getHasBeenUpdated()) {
+            getRootParent().setContextValue("dependency-check-data-was-updated", Boolean.valueOf(true));
+        }
+    }
+
+    protected Analyzer initializeAnalyzer(Analyzer analyzer) {
+        if ((analyzer instanceof CPEAnalyzer)) {
+            CPEAnalyzer cpe = getPreviouslyLoadedAnalyzer();
+            if (cpe != null) {
+                return cpe;
+            }
+            cpe = (CPEAnalyzer) super.initializeAnalyzer(analyzer);
+            storeCPEAnalyzer(cpe);
+        }
+        return super.initializeAnalyzer(analyzer);
+    }
+
+    protected void closeAnalyzer(Analyzer analyzer) {
+        if ((analyzer instanceof CPEAnalyzer)) {
+            if (getPreviouslyLoadedAnalyzer() == null) {
+                super.closeAnalyzer(analyzer);
+            }
+        } else {
+            super.closeAnalyzer(analyzer);
+        }
+    }
+
+    public void cleanup() {
+        super.cleanup();
+    }
+
+    public void cleanupFinal() {
+        CPEAnalyzer cpe = getPreviouslyLoadedAnalyzer();
+        if (cpe != null) {
+            cpe.close();
+        }
+    }
+
+    private CPEAnalyzer getPreviouslyLoadedAnalyzer() {
+        CPEAnalyzer cpe = null;
+        MavenProject project = getRootParent();
+        if (project != null) {
+            cpe = (CPEAnalyzer) project.getContextValue(CPE_ANALYZER_KEY);
+        }
+        return cpe;
+    }
+
+    private void storeCPEAnalyzer(CPEAnalyzer cpe) {
+        MavenProject p = getRootParent();
+        if (p != null) {
+            p.setContextValue(CPE_ANALYZER_KEY, cpe);
+        }
+    }
+
+    private MavenProject getRootParent() {
+        if (this.currentProject == null) {
+            return null;
+        }
+        MavenProject p = this.currentProject;
+        while (p.getParent() != null) {
+            p = p.getParent();
+        }
+        return p;
+    }
+}
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/ReportingUtil.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/ReportingUtil.java
@@ -28,7 +28,6 @@ import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import org.apache.maven.doxia.sink.Sink;
-import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;