github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-26 11:01:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #636 from hgschmie/fail_on_any_vuln

Browse Source 
adds a new flag 'failBuildOnAnyVulnerability'
This commit is contained in:
Jeremy Long
2017-01-08 08:19:24 -05:00
committed by GitHub
parent d9f0ffa742 20b1ff38f9
commit 233a068c8b
1 changed files with 27 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
View File

@@ -158,6 +158,12 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
@SuppressWarnings("CanBeFinal") @SuppressWarnings("CanBeFinal")
@Parameter(property = "failBuildOnCVSS", defaultValue = "11", required = true) @Parameter(property = "failBuildOnCVSS", defaultValue = "11", required = true)
private float failBuildOnCVSS = 11; private float failBuildOnCVSS = 11;
/**
* Fail the build if any dependency has a vulnerability listed.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property="failBuildOnAnyVulnerability", defaultValue="false", required=true)
private boolean failBuildOnAnyVulnerability = false;
/** /**
* Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not * Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not
* recommended that this be turned to false. Default is true. * recommended that this be turned to false. Default is true.
@@ -1060,12 +1066,11 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* higher then the threshold set * higher then the threshold set
*/ */
protected void checkForFailure(List<Dependency> dependencies) throws MojoFailureException { protected void checkForFailure(List<Dependency> dependencies) throws MojoFailureException {
if (failBuildOnCVSS <= 10) {
final StringBuilder ids = new StringBuilder(); final StringBuilder ids = new StringBuilder();
for (Dependency d : dependencies) { for (Dependency d : dependencies) {
boolean addName = true; boolean addName = true;
for (Vulnerability v : d.getVulnerabilities()) { for (Vulnerability v : d.getVulnerabilities()) {
if (v.getCvssScore() >= failBuildOnCVSS) { if (failBuildOnAnyVulnerability || v.getCvssScore() >= failBuildOnCVSS) {
if (addName) { if (addName) {
addName = false; addName = false;
ids.append(NEW_LINE).append(d.getFileName()).append(": "); ids.append(NEW_LINE).append(d.getFileName()).append(": ");
@@ -1077,11 +1082,16 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
} }
} }
if (ids.length() > 0) { if (ids.length() > 0) {
final String msg = String.format("%n%nDependency-Check Failure:%n" final String msg;
+ "One or more dependencies were identified with vulnerabilities that have a CVSS score greater then '%.1f': %s%n" if (failBuildOnAnyVulnerability) {
msg = String.format("%n%nOne or more dependencies were identified with vulnerabilities: %n%s%n%n"
+ "See the dependency-check report for more details.%n%n", ids.toString());
} else {
msg = String.format("%n%nOne or more dependencies were identified with vulnerabilities that have a CVSS score greater then '%.1f': %n%s%n%n"
+ "See the dependency-check report for more details.%n%n", failBuildOnCVSS, ids.toString()); + "See the dependency-check report for more details.%n%n", failBuildOnCVSS, ids.toString());
throw new MojoFailureException(msg);
} }
throw new MojoFailureException(msg);
} }
} }