added support for wildcard extensions in scan path for issue #95

Former-commit-id: d02eaf80664e4525d9b00ba5978bec5cced0970a

dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java

@@ -129,12 +129,14 @@ public final class CliParser {
      * @throws FileNotFoundException is thrown if the path being validated does not exist.
      */
     private void validatePathExists(String path, String argumentName) throws FileNotFoundException {
-        final File f = new File(path);
+        if (!path.contains("*.")) {
-        if (!f.exists()) {
+            final File f = new File(path);
-            isValid = false;
+            if (!f.exists()) {
-            final String msg = String.format("Invalid '%s' argument: '%s'", argumentName, path);
+                isValid = false;
-            throw new FileNotFoundException(msg);
+                final String msg = String.format("Invalid '%s' argument: '%s'", argumentName, path);
-        }
+                throw new FileNotFoundException(msg);
+            }
+        } // else { // TODO add a validation for *.zip extensions rather then relying on the engine to validate it.
     }
 
     /**

dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java

@@ -166,38 +166,49 @@ public class Engine {
      * @param path the path to a file or directory to be analyzed.
      */
     public void scan(String path) {
-        final File file = new File(path);
+        if (path.matches("^.*[\\/]\\*\\.[^\\/:*|?<>\"]+$")) {
-        scan(file);
+            String[] parts = path.split("\\*\\.");
-    }
+            String[] ext = new String[]{parts[parts.length - 1]};
-
+            File dir = new File(path.substring(0, path.length() - ext[0].length() - 2));
-    /**
+            if (dir.isDirectory()) {
-     * Scans an array of files or directories. If a directory is specified, it will be scanned recursively. Any
+                List<File> files = (List<File>) org.apache.commons.io.FileUtils.listFiles(dir, ext, true);
-     * dependencies identified are added to the dependency collection.
+                scan(files);
-     *
+            } else {
-     * @since v0.3.2.5
+                final String msg = String.format("Invalid file path provided to scan '%s'", path);
-     *
+                Logger.getLogger(Engine.class.getName()).log(Level.SEVERE, msg);
-     * @param files an array of paths to files or directories to be analyzed.
+            }
-     */
+        } else {
-    public void scan(File[] files) {
+            final File file = new File(path);
-        for (File file : files) {
-            scan(file);
-        }
-    }
-
-    /**
-     * Scans a list of files or directories. If a directory is specified, it will be scanned recursively. Any
-     * dependencies identified are added to the dependency collection.
-     *
-     * @since v0.3.2.5
-     *
-     * @param files a set of paths to files or directories to be analyzed.
-     */
-    public void scan(Set<File> files) {
-        for (File file : files) {
             scan(file);
         }
     }
 
+//    /**
+//     * Scans an array of files or directories. If a directory is specified, it will be scanned recursively. Any
+//     * dependencies identified are added to the dependency collection.
+//     *
+//     * @since v0.3.2.5
+//     *
+//     * @param files an array of paths to files or directories to be analyzed.
+//     */
+//    public void scan(File[] files) {
+//        for (File file : files) {
+//            scan(file);
+//        }
+//    }
+//    /**
+//     * Scans a list of files or directories. If a directory is specified, it will be scanned recursively. Any
+//     * dependencies identified are added to the dependency collection.
+//     *
+//     * @since v0.3.2.5
+//     *
+//     * @param files a set of paths to files or directories to be analyzed.
+//     */
+//    public void scan(Set<File> files) {
+//        for (File file : files) {
+//            scan(file);
+//        }
+//    }
     /**
      * Scans a list of files or directories. If a directory is specified, it will be scanned recursively. Any
      * dependencies identified are added to the dependency collection.

dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineIntegrationTest.java

@@ -25,7 +25,9 @@ import org.junit.BeforeClass;
 import org.junit.Test;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
+import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.reporting.ReportGenerator;
+import org.owasp.dependencycheck.utils.Settings;
 
 /**
  *
@@ -57,6 +59,26 @@ public class EngineIntegrationTest {
      */
     @Test
     public void testScan() throws Exception {
+        String testClasses = "target/test-classes/*.zip";
+        boolean autoUpdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE);
+        Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
+        Engine instance = new Engine();
+        Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
+        instance.scan(testClasses);
+        assertTrue(instance.getDependencies().size() > 0);
+        for (Dependency d : instance.getDependencies()) {
+            assertTrue("non-zip file collected " + d.getFileName(), d.getFileName().toLowerCase().endsWith(".zip"));
+        }
+        instance.cleanup();
+    }
+
+    /**
+     * Test running the entire engine.
+     *
+     * @throws Exception is thrown when an exception occurs.
+     */
+    @Test
+    public void testEngine() throws Exception {
         String testClasses = "target/test-classes";
         Engine instance = new Engine();
         instance.scan(testClasses);