Patches from Steve Springett for XML report format

Former-commit-id: 56a6aaf8aa38904009d09c9192b3697de37be55a

src/main/java/org/codesecure/dependencycheck/App.java

@@ -112,7 +112,7 @@ public class App {
         if (cli.isGetVersion()) {
             cli.printVersionInfo();
         } else if (cli.isRunScan()) {
-            runScan(cli.getReportDirectory(), cli.getApplicationName(), cli.getScanFiles(), cli.isAutoUpdate());
+            runScan(cli.getReportDirectory(), cli.getReportFormat(), cli.getApplicationName(), cli.getScanFiles(), cli.isAutoUpdate());
         } else {
             cli.printHelp();
         }
@@ -125,10 +125,11 @@ public class App {
      *
      * @param reportDirectory the path to the directory where the reports will
      * be written.
+     * @param outputFormat the output format of the report.
      * @param applicationName the application name for the report.
      * @param files the files/directories to scan.
      */
-    private void runScan(String reportDirectory, String applicationName, String[] files, boolean autoUpdate) {
+    private void runScan(String reportDirectory, String outputFormat, String applicationName, String[] files, boolean autoUpdate) {
         Engine scanner = new Engine(autoUpdate);
         for (String file : files) {
             scanner.scan(file);
@@ -138,7 +139,7 @@ public class App {
 
         ReportGenerator report = new ReportGenerator(applicationName, dependencies, scanner.getAnalyzers());
         try {
-            report.generateReports(reportDirectory);
+            report.generateReports(reportDirectory, outputFormat);
         } catch (IOException ex) {
             Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
         } catch (Exception ex) {

src/main/java/org/codesecure/dependencycheck/reporting/ReportGenerator.java

@@ -104,13 +104,17 @@ public class ReportGenerator {
      * Generates the Dependency Reports for the identified dependencies.
      *
      * @param outputDir the path where the reports should be written.
+     * @param outputFormat the format the report should be written in.
      * @throws IOException is thrown when the template file does not exist.
      * @throws Exception is thrown if there is an error writting out the
      * reports.
      */
-    public void generateReports(String outputDir) throws IOException, Exception {
+    public void generateReports(String outputDir, String outputFormat) throws IOException, Exception {
-        generateReport("HtmlReport", outputDir + File.separator + "DependencyCheck-Report.html");
+        if (outputFormat.equalsIgnoreCase("XML")) {
-        //generateReport("XmlReport", outputDir + File.separator + "DependencyCheck-Report.xml");
+            generateReport("XmlReport", outputDir + File.separator + "DependencyCheck-Report.xml");
+        } else {
+            generateReport("HtmlReport", outputDir + File.separator + "DependencyCheck-Report.html");
+		}
     }
 
     /**

src/main/java/org/codesecure/dependencycheck/utils/CliParser.java

@@ -105,6 +105,11 @@ public final class CliParser {
                 throw new ParseException("Scan cannot be run without specifying an application "
                         + "name via the 'app' argument.");
             }
+            if (line.hasOption(ArgumentName.OUTPUT_FORMAT)) {
+                String format = line.getOptionValue(ArgumentName.OUTPUT_FORMAT);
+                if (!(format.equalsIgnoreCase("XML") || format.equalsIgnoreCase("HTML")))
+                    throw new ParseException("Supported output formats are XML and HTML");
+            }
         }
     }
 
@@ -114,7 +119,7 @@ public final class CliParser {
      * thrown.
      *
      * @param paths the paths to validate if they exists
-     * @throws FileNoteFoundException is thrown if one of the paths being
+     * @throws FileNotFoundException is thrown if one of the paths being
      * validated does not exist.
      */
     private void validatePathExists(String[] paths) throws FileNotFoundException {
@@ -128,8 +133,8 @@ public final class CliParser {
      * path does not point to an existing file a FileNotFoundException is
      * thrown.
      *
-     * @param paths the paths to validate if they exists
+     * @param path the paths to validate if they exists
-     * @throws FileNoteFoundException is thrown if the path being validated does
+     * @throws FileNotFoundException is thrown if the path being validated does
      * not exist.
      */
     private void validatePathExists(String path) throws FileNotFoundException {
@@ -176,6 +181,10 @@ public final class CliParser {
                 .withDescription("the folder to write reports to.")
                 .create(ArgumentName.OUT_SHORT);
 
+        Option outputformat = OptionBuilder.withArgName("format").hasArg().withLongOpt(ArgumentName.OUTPUT_FORMAT)
+                .withDescription("the output format to write to.")
+                .create(ArgumentName.OUTPUT_FORMAT_SHORT);
+
         //TODO add the ability to load a properties file to override the defaults...
 
         OptionGroup og = new OptionGroup();
@@ -184,6 +193,7 @@ public final class CliParser {
         Options opts = new Options();
         opts.addOptionGroup(og);
         opts.addOption(out);
+        opts.addOption(outputformat);
         opts.addOption(appname);
         opts.addOption(version);
         opts.addOption(help);
@@ -233,13 +243,13 @@ public final class CliParser {
                     + "using the -p <file> argument or by passing them in as system properties." + nl
                     + nl + " " + Settings.KEYS.PROXY_URL + "\t\t    the proxy URL to use when downloading resources."
                     + nl + " " + Settings.KEYS.PROXY_PORT + "\t\t    the proxy port to use when downloading resources."
-                    + nl + " " + Settings.KEYS.CONNECTION_TIMEOUT + "\t    the cconnection timeout (in milliseconds) to use"
+                    + nl + " " + Settings.KEYS.CONNECTION_TIMEOUT + "\t    the connection timeout (in milliseconds) to use"
                     + nl + "\t\t\t    when downloading resources.";
         }
 
         formatter.printHelp(Settings.getString("application.name", "DependencyCheck"),
                 nl + Settings.getString("application.name", "DependencyCheck")
-                + " can be used to identify if there are any known CVE vulnerabilities in libraries utillized by an application. "
+                + " can be used to identify if there are any known CVE vulnerabilities in libraries utilized by an application. "
                 + Settings.getString("application.name", "DependencyCheck")
                 + " will automatically update required data from the Internet, such as the CVE and CPE data files from nvd.nist.gov." + nl + nl,
                 options,
@@ -271,10 +281,20 @@ public final class CliParser {
         return line.getOptionValue(ArgumentName.OUT);
     }
 
+    /**
+     * Returns the output format specified on the command line. Defaults to
+     * HTML if no format was specified.
+     *
+     * @return the output format name.
+     */
+    public String getReportFormat() {
+        return line.getOptionValue(ArgumentName.OUTPUT_FORMAT, "HTML");
+    }
+
     /**
      * Returns the application name specified on the command line.
      *
-     * @return the applicatoin name.
+     * @return the application name.
      */
     public String getApplicationName() {
         return line.getOptionValue(ArgumentName.APPNAME);
@@ -336,6 +356,16 @@ public final class CliParser {
          * reports to.
          */
         public static final String OUT_SHORT = "o";
+        /**
+         * The long CLI argument name specifing the output format to write the
+         * reports to.
+         */
+        public static final String OUTPUT_FORMAT = "format";
+        /**
+         * The short CLI argument name specifing the output format to write the
+         * reports to.
+         */
+        public static final String OUTPUT_FORMAT_SHORT = "f";
         /**
          * The long CLI argument name specifing the name of the application to
          * be scanned.

src/test/java/org/codesecure/dependencycheck/EngineIntegrationTest.java

@@ -53,6 +53,6 @@ public class EngineIntegrationTest {
         instance.analyzeDependencies();
         ReportGenerator rg = new ReportGenerator("DependencyCheck",
                 instance.getDependencies(), instance.getAnalyzers());
-        rg.generateReports("./target/");
+        rg.generateReports("./target/", "HTML");
     }
 }