|
|
|
|
@@ -32,31 +32,31 @@
|
|
|
|
|
<a class="jxr_linenumber" name="L24" href="#L24">24</a> <strong class="jxr_keyword">import</strong> java.io.FileOutputStream;
|
|
|
|
|
<a class="jxr_linenumber" name="L25" href="#L25">25</a> <strong class="jxr_keyword">import</strong> java.io.IOException;
|
|
|
|
|
<a class="jxr_linenumber" name="L26" href="#L26">26</a> <strong class="jxr_keyword">import</strong> java.io.InputStream;
|
|
|
|
|
<a class="jxr_linenumber" name="L27" href="#L27">27</a> <strong class="jxr_keyword">import</strong> java.io.ObjectInputStream;
|
|
|
|
|
<a class="jxr_linenumber" name="L28" href="#L28">28</a> <strong class="jxr_keyword">import</strong> java.io.ObjectOutputStream;
|
|
|
|
|
<a class="jxr_linenumber" name="L29" href="#L29">29</a> <strong class="jxr_keyword">import</strong> java.util.List;
|
|
|
|
|
<a class="jxr_linenumber" name="L30" href="#L30">30</a> <strong class="jxr_keyword">import</strong> java.util.Locale;
|
|
|
|
|
<a class="jxr_linenumber" name="L31" href="#L31">31</a> <strong class="jxr_keyword">import</strong> org.apache.maven.artifact.Artifact;
|
|
|
|
|
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <strong class="jxr_keyword">import</strong> org.apache.maven.doxia.sink.Sink;
|
|
|
|
|
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <strong class="jxr_keyword">import</strong> org.apache.maven.plugin.AbstractMojo;
|
|
|
|
|
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <strong class="jxr_keyword">import</strong> org.apache.maven.plugin.MojoExecutionException;
|
|
|
|
|
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <strong class="jxr_keyword">import</strong> org.apache.maven.plugin.MojoFailureException;
|
|
|
|
|
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <strong class="jxr_keyword">import</strong> org.apache.maven.plugins.annotations.Component;
|
|
|
|
|
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <strong class="jxr_keyword">import</strong> org.apache.maven.plugins.annotations.Parameter;
|
|
|
|
|
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <strong class="jxr_keyword">import</strong> org.apache.maven.project.MavenProject;
|
|
|
|
|
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <strong class="jxr_keyword">import</strong> org.apache.maven.reporting.MavenReport;
|
|
|
|
|
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <strong class="jxr_keyword">import</strong> org.apache.maven.reporting.MavenReportException;
|
|
|
|
|
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <strong class="jxr_keyword">import</strong> org.apache.maven.settings.Proxy;
|
|
|
|
|
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <strong class="jxr_keyword">import</strong> org.apache.maven.settings.Server;
|
|
|
|
|
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.nexus.MavenArtifact;
|
|
|
|
|
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.nvdcve.CveDB;
|
|
|
|
|
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.nvdcve.DatabaseException;
|
|
|
|
|
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
|
|
|
|
|
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Confidence;
|
|
|
|
|
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Dependency;
|
|
|
|
|
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Identifier;
|
|
|
|
|
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Vulnerability;
|
|
|
|
|
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.reporting.ReportGenerator;
|
|
|
|
|
<a class="jxr_linenumber" name="L27" href="#L27">27</a> <strong class="jxr_keyword">import</strong> java.io.ObjectOutputStream;
|
|
|
|
|
<a class="jxr_linenumber" name="L28" href="#L28">28</a> <strong class="jxr_keyword">import</strong> java.util.List;
|
|
|
|
|
<a class="jxr_linenumber" name="L29" href="#L29">29</a> <strong class="jxr_keyword">import</strong> java.util.Locale;
|
|
|
|
|
<a class="jxr_linenumber" name="L30" href="#L30">30</a> <strong class="jxr_keyword">import</strong> org.apache.maven.artifact.Artifact;
|
|
|
|
|
<a class="jxr_linenumber" name="L31" href="#L31">31</a> <strong class="jxr_keyword">import</strong> org.apache.maven.doxia.sink.Sink;
|
|
|
|
|
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <strong class="jxr_keyword">import</strong> org.apache.maven.plugin.AbstractMojo;
|
|
|
|
|
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <strong class="jxr_keyword">import</strong> org.apache.maven.plugin.MojoExecutionException;
|
|
|
|
|
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <strong class="jxr_keyword">import</strong> org.apache.maven.plugin.MojoFailureException;
|
|
|
|
|
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <strong class="jxr_keyword">import</strong> org.apache.maven.plugins.annotations.Component;
|
|
|
|
|
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <strong class="jxr_keyword">import</strong> org.apache.maven.plugins.annotations.Parameter;
|
|
|
|
|
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <strong class="jxr_keyword">import</strong> org.apache.maven.project.MavenProject;
|
|
|
|
|
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <strong class="jxr_keyword">import</strong> org.apache.maven.reporting.MavenReport;
|
|
|
|
|
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <strong class="jxr_keyword">import</strong> org.apache.maven.reporting.MavenReportException;
|
|
|
|
|
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <strong class="jxr_keyword">import</strong> org.apache.maven.settings.Proxy;
|
|
|
|
|
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <strong class="jxr_keyword">import</strong> org.apache.maven.settings.Server;
|
|
|
|
|
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.nexus.MavenArtifact;
|
|
|
|
|
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.nvdcve.CveDB;
|
|
|
|
|
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.nvdcve.DatabaseException;
|
|
|
|
|
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
|
|
|
|
|
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Confidence;
|
|
|
|
|
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Dependency;
|
|
|
|
|
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Identifier;
|
|
|
|
|
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Vulnerability;
|
|
|
|
|
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.reporting.ReportGenerator;
|
|
|
|
|
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.ExpectedOjectInputStream;
|
|
|
|
|
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Settings;
|
|
|
|
|
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <strong class="jxr_keyword">import</strong> org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher;
|
|
|
|
|
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <strong class="jxr_keyword">import</strong> org.sonatype.plexus.components.sec.dispatcher.SecDispatcher;
|
|
|
|
|
@@ -675,397 +675,415 @@
|
|
|
|
|
<a class="jxr_linenumber" name="L667" href="#L667">667</a> <strong class="jxr_keyword">final</strong> String password = proxy.getPassword();
|
|
|
|
|
<a class="jxr_linenumber" name="L668" href="#L668">668</a> Settings.setStringIfNotNull(Settings.KEYS.PROXY_USERNAME, userName);
|
|
|
|
|
<a class="jxr_linenumber" name="L669" href="#L669">669</a> Settings.setStringIfNotNull(Settings.KEYS.PROXY_PASSWORD, password);
|
|
|
|
|
<a class="jxr_linenumber" name="L670" href="#L670">670</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L671" href="#L671">671</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L672" href="#L672">672</a> Settings.setStringIfNotEmpty(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout);
|
|
|
|
|
<a class="jxr_linenumber" name="L673" href="#L673">673</a> Settings.setStringIfNotEmpty(Settings.KEYS.SUPPRESSION_FILE, suppressionFile);
|
|
|
|
|
<a class="jxr_linenumber" name="L674" href="#L674">674</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L675" href="#L675">675</a> <em class="jxr_comment">//File Type Analyzer Settings</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L676" href="#L676">676</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_JAR_ENABLED, jarAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L677" href="#L677">677</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_NUSPEC_ENABLED, nuspecAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L678" href="#L678">678</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, centralAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L679" href="#L679">679</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_NEXUS_ENABLED, nexusAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L680" href="#L680">680</a> Settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_NEXUS_URL, nexusUrl);
|
|
|
|
|
<a class="jxr_linenumber" name="L681" href="#L681">681</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_NEXUS_USES_PROXY, nexusUsesProxy);
|
|
|
|
|
<a class="jxr_linenumber" name="L682" href="#L682">682</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED, assemblyAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L683" href="#L683">683</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, archiveAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L684" href="#L684">684</a> Settings.setStringIfNotEmpty(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, zipExtensions);
|
|
|
|
|
<a class="jxr_linenumber" name="L685" href="#L685">685</a> Settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, pathToMono);
|
|
|
|
|
<a class="jxr_linenumber" name="L686" href="#L686">686</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L687" href="#L687">687</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_PYTHON_DISTRIBUTION_ENABLED, pyDistributionAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L688" href="#L688">688</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_PYTHON_PACKAGE_ENABLED, pyPackageAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L689" href="#L689">689</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_RUBY_GEMSPEC_ENABLED, rubygemsAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L690" href="#L690">690</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_OPENSSL_ENABLED, opensslAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L691" href="#L691">691</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_CMAKE_ENABLED, cmakeAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L692" href="#L692">692</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_AUTOCONF_ENABLED, autoconfAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L693" href="#L693">693</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_COMPOSER_LOCK_ENABLED, composerAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L694" href="#L694">694</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_NODE_PACKAGE_ENABLED, nodeAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L695" href="#L695">695</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L696" href="#L696">696</a> <em class="jxr_comment">//Database configuration</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L697" href="#L697">697</a> Settings.setStringIfNotEmpty(Settings.KEYS.DB_DRIVER_NAME, databaseDriverName);
|
|
|
|
|
<a class="jxr_linenumber" name="L698" href="#L698">698</a> Settings.setStringIfNotEmpty(Settings.KEYS.DB_DRIVER_PATH, databaseDriverPath);
|
|
|
|
|
<a class="jxr_linenumber" name="L699" href="#L699">699</a> Settings.setStringIfNotEmpty(Settings.KEYS.DB_CONNECTION_STRING, connectionString);
|
|
|
|
|
<a class="jxr_linenumber" name="L700" href="#L700">700</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L701" href="#L701">701</a> <strong class="jxr_keyword">if</strong> (databaseUser == <strong class="jxr_keyword">null</strong> && databasePassword == <strong class="jxr_keyword">null</strong> && serverId != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L702" href="#L702">702</a> <strong class="jxr_keyword">final</strong> Server server = settingsXml.getServer(serverId);
|
|
|
|
|
<a class="jxr_linenumber" name="L703" href="#L703">703</a> <strong class="jxr_keyword">if</strong> (server != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L704" href="#L704">704</a> databaseUser = server.getUsername();
|
|
|
|
|
<a class="jxr_linenumber" name="L705" href="#L705">705</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L706" href="#L706">706</a> <em class="jxr_comment">//The following fix was copied from:</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L707" href="#L707">707</a> <em class="jxr_comment">// https://github.com/bsorrentino/maven-confluence-plugin/blob/master/maven-confluence-reporting-plugin/src/main/java/org/bsc/maven/confluence/plugin/AbstractBaseConfluenceMojo.java</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L708" href="#L708">708</a> <em class="jxr_comment">//</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L709" href="#L709">709</a> <em class="jxr_comment">// FIX to resolve</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L710" href="#L710">710</a> <em class="jxr_comment">// org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException:</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L711" href="#L711">711</a> <em class="jxr_comment">// java.io.FileNotFoundException: ~/.settings-security.xml (No such file or directory)</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L712" href="#L712">712</a> <em class="jxr_comment">//</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L713" href="#L713">713</a> <strong class="jxr_keyword">if</strong> (securityDispatcher instanceof DefaultSecDispatcher) {
|
|
|
|
|
<a class="jxr_linenumber" name="L714" href="#L714">714</a> ((DefaultSecDispatcher) securityDispatcher).setConfigurationFile(<span class="jxr_string">"~/.m2/settings-security.xml"</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L715" href="#L715">715</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L716" href="#L716">716</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L717" href="#L717">717</a> databasePassword = securityDispatcher.decrypt(server.getPassword());
|
|
|
|
|
<a class="jxr_linenumber" name="L718" href="#L718">718</a> } <strong class="jxr_keyword">catch</strong> (SecDispatcherException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L719" href="#L719">719</a> <strong class="jxr_keyword">if</strong> (ex.getCause() instanceof FileNotFoundException
|
|
|
|
|
<a class="jxr_linenumber" name="L720" href="#L720">720</a> || (ex.getCause() != <strong class="jxr_keyword">null</strong> && ex.getCause().getCause() instanceof FileNotFoundException)) {
|
|
|
|
|
<a class="jxr_linenumber" name="L721" href="#L721">721</a> <em class="jxr_comment">//maybe its not encrypted?</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L722" href="#L722">722</a> <strong class="jxr_keyword">final</strong> String tmp = server.getPassword();
|
|
|
|
|
<a class="jxr_linenumber" name="L723" href="#L723">723</a> <strong class="jxr_keyword">if</strong> (tmp.startsWith(<span class="jxr_string">"{"</span>) && tmp.endsWith(<span class="jxr_string">"}"</span>)) {
|
|
|
|
|
<a class="jxr_linenumber" name="L724" href="#L724">724</a> getLog().error(String.format(
|
|
|
|
|
<a class="jxr_linenumber" name="L725" href="#L725">725</a> <span class="jxr_string">"Unable to decrypt the server password for server id '%s' in settings.xml%n\tCause: %s"</span>,
|
|
|
|
|
<a class="jxr_linenumber" name="L726" href="#L726">726</a> serverId, ex.getMessage()));
|
|
|
|
|
<a class="jxr_linenumber" name="L727" href="#L727">727</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L728" href="#L728">728</a> databasePassword = tmp;
|
|
|
|
|
<a class="jxr_linenumber" name="L729" href="#L729">729</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L730" href="#L730">730</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L731" href="#L731">731</a> getLog().error(String.format(
|
|
|
|
|
<a class="jxr_linenumber" name="L732" href="#L732">732</a> <span class="jxr_string">"Unable to decrypt the server password for server id '%s' in settings.xml%n\tCause: %s"</span>,
|
|
|
|
|
<a class="jxr_linenumber" name="L733" href="#L733">733</a> serverId, ex.getMessage()));
|
|
|
|
|
<a class="jxr_linenumber" name="L734" href="#L734">734</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L735" href="#L735">735</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L736" href="#L736">736</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L737" href="#L737">737</a> getLog().error(String.format(<span class="jxr_string">"Server '%s' not found in the settings.xml file"</span>, serverId));
|
|
|
|
|
<a class="jxr_linenumber" name="L738" href="#L738">738</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L739" href="#L739">739</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L740" href="#L740">740</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L741" href="#L741">741</a> Settings.setStringIfNotEmpty(Settings.KEYS.DB_USER, databaseUser);
|
|
|
|
|
<a class="jxr_linenumber" name="L742" href="#L742">742</a> Settings.setStringIfNotEmpty(Settings.KEYS.DB_PASSWORD, databasePassword);
|
|
|
|
|
<a class="jxr_linenumber" name="L743" href="#L743">743</a> Settings.setStringIfNotEmpty(Settings.KEYS.DATA_DIRECTORY, dataDirectory);
|
|
|
|
|
<a class="jxr_linenumber" name="L744" href="#L744">744</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L745" href="#L745">745</a> Settings.setStringIfNotEmpty(Settings.KEYS.CVE_MODIFIED_12_URL, cveUrl12Modified);
|
|
|
|
|
<a class="jxr_linenumber" name="L746" href="#L746">746</a> Settings.setStringIfNotEmpty(Settings.KEYS.CVE_MODIFIED_20_URL, cveUrl20Modified);
|
|
|
|
|
<a class="jxr_linenumber" name="L747" href="#L747">747</a> Settings.setStringIfNotEmpty(Settings.KEYS.CVE_SCHEMA_1_2, cveUrl12Base);
|
|
|
|
|
<a class="jxr_linenumber" name="L748" href="#L748">748</a> Settings.setStringIfNotEmpty(Settings.KEYS.CVE_SCHEMA_2_0, cveUrl20Base);
|
|
|
|
|
<a class="jxr_linenumber" name="L749" href="#L749">749</a> Settings.setIntIfNotNull(Settings.KEYS.CVE_CHECK_VALID_FOR_HOURS, cveValidForHours);
|
|
|
|
|
<a class="jxr_linenumber" name="L750" href="#L750">750</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L751" href="#L751">751</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L752" href="#L752">752</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L753" href="#L753">753</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L754" href="#L754">754</a> <em class="jxr_javadoccomment"> * Returns the maven proxy.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L755" href="#L755">755</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L756" href="#L756">756</a> <em class="jxr_javadoccomment"> * @return the maven proxy</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L757" href="#L757">757</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L758" href="#L758">758</a> <strong class="jxr_keyword">private</strong> Proxy getMavenProxy() {
|
|
|
|
|
<a class="jxr_linenumber" name="L759" href="#L759">759</a> <strong class="jxr_keyword">if</strong> (mavenSettings != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L760" href="#L760">760</a> <strong class="jxr_keyword">final</strong> List<Proxy> proxies = mavenSettings.getProxies();
|
|
|
|
|
<a class="jxr_linenumber" name="L761" href="#L761">761</a> <strong class="jxr_keyword">if</strong> (proxies != <strong class="jxr_keyword">null</strong> && !proxies.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L762" href="#L762">762</a> <strong class="jxr_keyword">if</strong> (mavenSettingsProxyId != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L763" href="#L763">763</a> <strong class="jxr_keyword">for</strong> (Proxy proxy : proxies) {
|
|
|
|
|
<a class="jxr_linenumber" name="L764" href="#L764">764</a> <strong class="jxr_keyword">if</strong> (mavenSettingsProxyId.equalsIgnoreCase(proxy.getId())) {
|
|
|
|
|
<a class="jxr_linenumber" name="L765" href="#L765">765</a> <strong class="jxr_keyword">return</strong> proxy;
|
|
|
|
|
<a class="jxr_linenumber" name="L766" href="#L766">766</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L767" href="#L767">767</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L768" href="#L768">768</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (proxies.size() == 1) {
|
|
|
|
|
<a class="jxr_linenumber" name="L769" href="#L769">769</a> <strong class="jxr_keyword">return</strong> proxies.get(0);
|
|
|
|
|
<a class="jxr_linenumber" name="L770" href="#L770">770</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L771" href="#L771">771</a> getLog().warn(<span class="jxr_string">"Multiple proxy definitions exist in the Maven settings. In the dependency-check "</span>
|
|
|
|
|
<a class="jxr_linenumber" name="L772" href="#L772">772</a> + <span class="jxr_string">"configuration set the mavenSettingsProxyId so that the correct proxy will be used."</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L773" href="#L773">773</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> IllegalStateException(<span class="jxr_string">"Ambiguous proxy definition"</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L774" href="#L774">774</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L775" href="#L775">775</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L776" href="#L776">776</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L777" href="#L777">777</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L778" href="#L778">778</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L779" href="#L779">779</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L780" href="#L780">780</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L781" href="#L781">781</a> <em class="jxr_javadoccomment"> * Tests is the artifact should be included in the scan (i.e. is the dependency in a scope that is being scanned).</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L782" href="#L782">782</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L783" href="#L783">783</a> <em class="jxr_javadoccomment"> * @param a the Artifact to test</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L784" href="#L784">784</a> <em class="jxr_javadoccomment"> * @return <code>true</code> if the artifact is in an excluded scope; otherwise <code>false</code></em>
|
|
|
|
|
<a class="jxr_linenumber" name="L785" href="#L785">785</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L786" href="#L786">786</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">boolean</strong> excludeFromScan(Artifact a) {
|
|
|
|
|
<a class="jxr_linenumber" name="L787" href="#L787">787</a> <strong class="jxr_keyword">if</strong> (skipTestScope && Artifact.SCOPE_TEST.equals(a.getScope())) {
|
|
|
|
|
<a class="jxr_linenumber" name="L788" href="#L788">788</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L789" href="#L789">789</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L790" href="#L790">790</a> <strong class="jxr_keyword">if</strong> (skipProvidedScope && Artifact.SCOPE_PROVIDED.equals(a.getScope())) {
|
|
|
|
|
<a class="jxr_linenumber" name="L791" href="#L791">791</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L792" href="#L792">792</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L793" href="#L793">793</a> <strong class="jxr_keyword">if</strong> (skipRuntimeScope && !Artifact.SCOPE_RUNTIME.equals(a.getScope())) {
|
|
|
|
|
<a class="jxr_linenumber" name="L794" href="#L794">794</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L795" href="#L795">795</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L796" href="#L796">796</a> <strong class="jxr_keyword">return</strong> false;
|
|
|
|
|
<a class="jxr_linenumber" name="L797" href="#L797">797</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L798" href="#L798">798</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L799" href="#L799">799</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L800" href="#L800">800</a> <em class="jxr_javadoccomment"> * Returns a reference to the current project. This method is used instead of auto-binding the project via component</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L801" href="#L801">801</a> <em class="jxr_javadoccomment"> * annotation in concrete implementations of this. If the child has a <code>@Component MavenProject project;</code> defined</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L802" href="#L802">802</a> <em class="jxr_javadoccomment"> * then the abstract class (i.e. this class) will not have access to the current project (just the way Maven works with the</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L803" href="#L803">803</a> <em class="jxr_javadoccomment"> * binding).</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L804" href="#L804">804</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L805" href="#L805">805</a> <em class="jxr_javadoccomment"> * @return returns a reference to the current project</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L806" href="#L806">806</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L807" href="#L807">807</a> <strong class="jxr_keyword">protected</strong> MavenProject getProject() {
|
|
|
|
|
<a class="jxr_linenumber" name="L808" href="#L808">808</a> <strong class="jxr_keyword">return</strong> project;
|
|
|
|
|
<a class="jxr_linenumber" name="L809" href="#L809">809</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L810" href="#L810">810</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L811" href="#L811">811</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L812" href="#L812">812</a> <em class="jxr_javadoccomment"> * Returns the list of Maven Projects in this build.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L813" href="#L813">813</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L814" href="#L814">814</a> <em class="jxr_javadoccomment"> * @return the list of Maven Projects in this build</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L815" href="#L815">815</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L816" href="#L816">816</a> <strong class="jxr_keyword">protected</strong> List<MavenProject> getReactorProjects() {
|
|
|
|
|
<a class="jxr_linenumber" name="L817" href="#L817">817</a> <strong class="jxr_keyword">return</strong> reactorProjects;
|
|
|
|
|
<a class="jxr_linenumber" name="L818" href="#L818">818</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L819" href="#L819">819</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L820" href="#L820">820</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L821" href="#L821">821</a> <em class="jxr_javadoccomment"> * Returns the report format.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L822" href="#L822">822</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L823" href="#L823">823</a> <em class="jxr_javadoccomment"> * @return the report format</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L824" href="#L824">824</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L825" href="#L825">825</a> <strong class="jxr_keyword">protected</strong> String getFormat() {
|
|
|
|
|
<a class="jxr_linenumber" name="L826" href="#L826">826</a> <strong class="jxr_keyword">return</strong> format;
|
|
|
|
|
<a class="jxr_linenumber" name="L827" href="#L827">827</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L828" href="#L828">828</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L829" href="#L829">829</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L830" href="#L830">830</a> <em class="jxr_javadoccomment"> * Generates the reports for a given dependency-check engine.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L831" href="#L831">831</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L832" href="#L832">832</a> <em class="jxr_javadoccomment"> * @param engine a dependency-check engine</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L833" href="#L833">833</a> <em class="jxr_javadoccomment"> * @param p the maven project</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L834" href="#L834">834</a> <em class="jxr_javadoccomment"> * @param outputDir the directory path to write the report(s).</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L835" href="#L835">835</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L836" href="#L836">836</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> writeReports(<a href="../../../../org/owasp/dependencycheck/maven/Engine.html">Engine</a> engine, MavenProject p, File outputDir) {
|
|
|
|
|
<a class="jxr_linenumber" name="L837" href="#L837">837</a> DatabaseProperties prop = <strong class="jxr_keyword">null</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L838" href="#L838">838</a> CveDB cve = <strong class="jxr_keyword">null</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L839" href="#L839">839</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L840" href="#L840">840</a> cve = <strong class="jxr_keyword">new</strong> CveDB();
|
|
|
|
|
<a class="jxr_linenumber" name="L841" href="#L841">841</a> cve.open();
|
|
|
|
|
<a class="jxr_linenumber" name="L842" href="#L842">842</a> prop = cve.getDatabaseProperties();
|
|
|
|
|
<a class="jxr_linenumber" name="L843" href="#L843">843</a> } <strong class="jxr_keyword">catch</strong> (DatabaseException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L844" href="#L844">844</a> <strong class="jxr_keyword">if</strong> (getLog().isDebugEnabled()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L845" href="#L845">845</a> getLog().debug(<span class="jxr_string">"Unable to retrieve DB Properties"</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L846" href="#L846">846</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L847" href="#L847">847</a> } <strong class="jxr_keyword">finally</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L848" href="#L848">848</a> <strong class="jxr_keyword">if</strong> (cve != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L849" href="#L849">849</a> cve.close();
|
|
|
|
|
<a class="jxr_linenumber" name="L850" href="#L850">850</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L851" href="#L851">851</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L852" href="#L852">852</a> <strong class="jxr_keyword">final</strong> ReportGenerator r = <strong class="jxr_keyword">new</strong> ReportGenerator(p.getName(), engine.getDependencies(), engine.getAnalyzers(), prop);
|
|
|
|
|
<a class="jxr_linenumber" name="L853" href="#L853">853</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L854" href="#L854">854</a> r.generateReports(outputDir.getAbsolutePath(), format);
|
|
|
|
|
<a class="jxr_linenumber" name="L855" href="#L855">855</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L856" href="#L856">856</a> getLog().error(
|
|
|
|
|
<a class="jxr_linenumber" name="L857" href="#L857">857</a> <span class="jxr_string">"Unexpected exception occurred during analysis; please see the verbose error log for more details."</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L858" href="#L858">858</a> <strong class="jxr_keyword">if</strong> (getLog().isDebugEnabled()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L859" href="#L859">859</a> getLog().debug(<span class="jxr_string">""</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L860" href="#L860">860</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L861" href="#L861">861</a> } <strong class="jxr_keyword">catch</strong> (Throwable ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L862" href="#L862">862</a> getLog().error(
|
|
|
|
|
<a class="jxr_linenumber" name="L863" href="#L863">863</a> <span class="jxr_string">"Unexpected exception occurred during analysis; please see the verbose error log for more details."</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L864" href="#L864">864</a> <strong class="jxr_keyword">if</strong> (getLog().isDebugEnabled()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L865" href="#L865">865</a> getLog().debug(<span class="jxr_string">""</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L866" href="#L866">866</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L867" href="#L867">867</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L868" href="#L868">868</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L869" href="#L869">869</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L870" href="#L870">870</a> <em class="jxr_comment">//<editor-fold defaultstate="collapsed" desc="Methods to fail build or show summary"></em>
|
|
|
|
|
<a class="jxr_linenumber" name="L871" href="#L871">871</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L872" href="#L872">872</a> <em class="jxr_javadoccomment"> * Checks to see if a vulnerability has been identified with a CVSS score that is above the threshold set in the</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L873" href="#L873">873</a> <em class="jxr_javadoccomment"> * configuration.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L874" href="#L874">874</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L875" href="#L875">875</a> <em class="jxr_javadoccomment"> * @param dependencies the list of dependency objects</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L876" href="#L876">876</a> <em class="jxr_javadoccomment"> * @throws MojoFailureException thrown if a CVSS score is found that is higher then the threshold set</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L877" href="#L877">877</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L878" href="#L878">878</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> checkForFailure(List<Dependency> dependencies) <strong class="jxr_keyword">throws</strong> MojoFailureException {
|
|
|
|
|
<a class="jxr_linenumber" name="L879" href="#L879">879</a> <strong class="jxr_keyword">if</strong> (failBuildOnCVSS <= 10) {
|
|
|
|
|
<a class="jxr_linenumber" name="L880" href="#L880">880</a> <strong class="jxr_keyword">final</strong> StringBuilder ids = <strong class="jxr_keyword">new</strong> StringBuilder();
|
|
|
|
|
<a class="jxr_linenumber" name="L881" href="#L881">881</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencies) {
|
|
|
|
|
<a class="jxr_linenumber" name="L882" href="#L882">882</a> <strong class="jxr_keyword">boolean</strong> addName = <strong class="jxr_keyword">true</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L883" href="#L883">883</a> <strong class="jxr_keyword">for</strong> (Vulnerability v : d.getVulnerabilities()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L884" href="#L884">884</a> <strong class="jxr_keyword">if</strong> (v.getCvssScore() >= failBuildOnCVSS) {
|
|
|
|
|
<a class="jxr_linenumber" name="L885" href="#L885">885</a> <strong class="jxr_keyword">if</strong> (addName) {
|
|
|
|
|
<a class="jxr_linenumber" name="L886" href="#L886">886</a> addName = false;
|
|
|
|
|
<a class="jxr_linenumber" name="L887" href="#L887">887</a> ids.append(NEW_LINE).append(d.getFileName()).append(<span class="jxr_string">": "</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L888" href="#L888">888</a> ids.append(v.getName());
|
|
|
|
|
<a class="jxr_linenumber" name="L889" href="#L889">889</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L890" href="#L890">890</a> ids.append(<span class="jxr_string">", "</span>).append(v.getName());
|
|
|
|
|
<a class="jxr_linenumber" name="L891" href="#L891">891</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L892" href="#L892">892</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L893" href="#L893">893</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L894" href="#L894">894</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L895" href="#L895">895</a> <strong class="jxr_keyword">if</strong> (ids.length() > 0) {
|
|
|
|
|
<a class="jxr_linenumber" name="L896" href="#L896">896</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"%n%nDependency-Check Failure:%n"</span>
|
|
|
|
|
<a class="jxr_linenumber" name="L897" href="#L897">897</a> + <span class="jxr_string">"One or more dependencies were identified with vulnerabilities that have a CVSS score greater then '%.1f': %s%n"</span>
|
|
|
|
|
<a class="jxr_linenumber" name="L898" href="#L898">898</a> + <span class="jxr_string">"See the dependency-check report for more details.%n%n"</span>, failBuildOnCVSS, ids.toString());
|
|
|
|
|
<a class="jxr_linenumber" name="L899" href="#L899">899</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> MojoFailureException(msg);
|
|
|
|
|
<a class="jxr_linenumber" name="L900" href="#L900">900</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L901" href="#L901">901</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L902" href="#L902">902</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L903" href="#L903">903</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L904" href="#L904">904</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L905" href="#L905">905</a> <em class="jxr_javadoccomment"> * Generates a warning message listing a summary of dependencies and their associated CPE and CVE entries.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L906" href="#L906">906</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L907" href="#L907">907</a> <em class="jxr_javadoccomment"> * @param mp the Maven project for which the summary is shown</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L908" href="#L908">908</a> <em class="jxr_javadoccomment"> * @param dependencies a list of dependency objects</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L909" href="#L909">909</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L910" href="#L910">910</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> showSummary(MavenProject mp, List<Dependency> dependencies) {
|
|
|
|
|
<a class="jxr_linenumber" name="L911" href="#L911">911</a> <strong class="jxr_keyword">if</strong> (showSummary) {
|
|
|
|
|
<a class="jxr_linenumber" name="L912" href="#L912">912</a> <strong class="jxr_keyword">final</strong> StringBuilder summary = <strong class="jxr_keyword">new</strong> StringBuilder();
|
|
|
|
|
<a class="jxr_linenumber" name="L913" href="#L913">913</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencies) {
|
|
|
|
|
<a class="jxr_linenumber" name="L914" href="#L914">914</a> <strong class="jxr_keyword">boolean</strong> firstEntry = <strong class="jxr_keyword">true</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L915" href="#L915">915</a> <strong class="jxr_keyword">final</strong> StringBuilder ids = <strong class="jxr_keyword">new</strong> StringBuilder();
|
|
|
|
|
<a class="jxr_linenumber" name="L916" href="#L916">916</a> <strong class="jxr_keyword">for</strong> (Vulnerability v : d.getVulnerabilities()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L917" href="#L917">917</a> <strong class="jxr_keyword">if</strong> (firstEntry) {
|
|
|
|
|
<a class="jxr_linenumber" name="L918" href="#L918">918</a> firstEntry = false;
|
|
|
|
|
<a class="jxr_linenumber" name="L919" href="#L919">919</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L920" href="#L920">920</a> ids.append(<span class="jxr_string">", "</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L921" href="#L921">921</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L922" href="#L922">922</a> ids.append(v.getName());
|
|
|
|
|
<a class="jxr_linenumber" name="L923" href="#L923">923</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L924" href="#L924">924</a> <strong class="jxr_keyword">if</strong> (ids.length() > 0) {
|
|
|
|
|
<a class="jxr_linenumber" name="L925" href="#L925">925</a> summary.append(d.getFileName()).append(<span class="jxr_string">" ("</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L926" href="#L926">926</a> firstEntry = <strong class="jxr_keyword">true</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L927" href="#L927">927</a> <strong class="jxr_keyword">for</strong> (Identifier id : d.getIdentifiers()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L928" href="#L928">928</a> <strong class="jxr_keyword">if</strong> (firstEntry) {
|
|
|
|
|
<a class="jxr_linenumber" name="L929" href="#L929">929</a> firstEntry = false;
|
|
|
|
|
<a class="jxr_linenumber" name="L930" href="#L930">930</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L931" href="#L931">931</a> summary.append(<span class="jxr_string">", "</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L932" href="#L932">932</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L933" href="#L933">933</a> summary.append(id.getValue());
|
|
|
|
|
<a class="jxr_linenumber" name="L934" href="#L934">934</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L935" href="#L935">935</a> summary.append(<span class="jxr_string">") : "</span>).append(ids).append(NEW_LINE);
|
|
|
|
|
<a class="jxr_linenumber" name="L936" href="#L936">936</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L937" href="#L937">937</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L938" href="#L938">938</a> <strong class="jxr_keyword">if</strong> (summary.length() > 0) {
|
|
|
|
|
<a class="jxr_linenumber" name="L939" href="#L939">939</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"%n%n"</span> + <span class="jxr_string">"One or more dependencies were identified with known vulnerabilities in %s:%n%n%s"</span>
|
|
|
|
|
<a class="jxr_linenumber" name="L940" href="#L940">940</a> + <span class="jxr_string">"%n%nSee the dependency-check report for more details.%n%n"</span>, mp.getName(), summary.toString());
|
|
|
|
|
<a class="jxr_linenumber" name="L941" href="#L941">941</a> getLog().warn(msg);
|
|
|
|
|
<a class="jxr_linenumber" name="L942" href="#L942">942</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L943" href="#L943">943</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L944" href="#L944">944</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L945" href="#L945">945</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L946" href="#L946">946</a> <em class="jxr_comment">//</editor-fold></em>
|
|
|
|
|
<a class="jxr_linenumber" name="L947" href="#L947">947</a> <em class="jxr_comment">//<editor-fold defaultstate="collapsed" desc="Methods to read/write the serialized data file"></em>
|
|
|
|
|
<a class="jxr_linenumber" name="L948" href="#L948">948</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L949" href="#L949">949</a> <em class="jxr_javadoccomment"> * Returns the key used to store the path to the data file that is saved by <code>writeDataFile()</code>. This key is used in</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L950" href="#L950">950</a> <em class="jxr_javadoccomment"> * the <code>MavenProject.(set|get)ContextValue</code>.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L951" href="#L951">951</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L952" href="#L952">952</a> <em class="jxr_javadoccomment"> * @return the key used to store the path to the data file</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L953" href="#L953">953</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L954" href="#L954">954</a> <strong class="jxr_keyword">protected</strong> String getDataFileContextKey() {
|
|
|
|
|
<a class="jxr_linenumber" name="L955" href="#L955">955</a> <strong class="jxr_keyword">return</strong> <span class="jxr_string">"dependency-check-path-"</span> + dataFileName;
|
|
|
|
|
<a class="jxr_linenumber" name="L956" href="#L956">956</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L957" href="#L957">957</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L958" href="#L958">958</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L959" href="#L959">959</a> <em class="jxr_javadoccomment"> * Returns the key used to store the path to the output directory. When generating the report in the</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L960" href="#L960">960</a> <em class="jxr_javadoccomment"> * <code>executeAggregateReport()</code> the output directory should be obtained by using this key.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L961" href="#L961">961</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L962" href="#L962">962</a> <em class="jxr_javadoccomment"> * @return the key used to store the path to the output directory</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L963" href="#L963">963</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L964" href="#L964">964</a> <strong class="jxr_keyword">protected</strong> String getOutputDirectoryContextKey() {
|
|
|
|
|
<a class="jxr_linenumber" name="L965" href="#L965">965</a> <strong class="jxr_keyword">return</strong> <span class="jxr_string">"dependency-output-dir-"</span> + dataFileName;
|
|
|
|
|
<a class="jxr_linenumber" name="L966" href="#L966">966</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L967" href="#L967">967</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L968" href="#L968">968</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L969" href="#L969">969</a> <em class="jxr_javadoccomment"> * Writes the scan data to disk. This is used to serialize the scan data between the "check" and "aggregate" phase.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L970" href="#L970">970</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L971" href="#L971">971</a> <em class="jxr_javadoccomment"> * @param mp the mMven project for which the data file was created</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L972" href="#L972">972</a> <em class="jxr_javadoccomment"> * @param writeTo the directory to write the data file</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L973" href="#L973">973</a> <em class="jxr_javadoccomment"> * @param dependencies the list of dependencies to serialize</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L974" href="#L974">974</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L975" href="#L975">975</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> writeDataFile(MavenProject mp, File writeTo, List<Dependency> dependencies) {
|
|
|
|
|
<a class="jxr_linenumber" name="L976" href="#L976">976</a> File file;
|
|
|
|
|
<a class="jxr_linenumber" name="L977" href="#L977">977</a> <em class="jxr_comment">//check to see if this was already written out</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L978" href="#L978">978</a> <strong class="jxr_keyword">if</strong> (mp.getContextValue(<strong class="jxr_keyword">this</strong>.getDataFileContextKey()) == <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L979" href="#L979">979</a> <strong class="jxr_keyword">if</strong> (writeTo == <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L980" href="#L980">980</a> file = <strong class="jxr_keyword">new</strong> File(mp.getBuild().getDirectory());
|
|
|
|
|
<a class="jxr_linenumber" name="L981" href="#L981">981</a> file = <strong class="jxr_keyword">new</strong> File(file, dataFileName);
|
|
|
|
|
<a class="jxr_linenumber" name="L982" href="#L982">982</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L983" href="#L983">983</a> file = <strong class="jxr_keyword">new</strong> File(writeTo, dataFileName);
|
|
|
|
|
<a class="jxr_linenumber" name="L984" href="#L984">984</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L985" href="#L985">985</a> <strong class="jxr_keyword">final</strong> File parent = file.getParentFile();
|
|
|
|
|
<a class="jxr_linenumber" name="L986" href="#L986">986</a> <strong class="jxr_keyword">if</strong> (!parent.isDirectory() && parent.mkdirs()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L987" href="#L987">987</a> getLog().error(String.format(<span class="jxr_string">"Directory '%s' does not exist and cannot be created; unable to write data file."</span>,
|
|
|
|
|
<a class="jxr_linenumber" name="L988" href="#L988">988</a> parent.getAbsolutePath()));
|
|
|
|
|
<a class="jxr_linenumber" name="L989" href="#L989">989</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L990" href="#L990">990</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L991" href="#L991">991</a> ObjectOutputStream out = <strong class="jxr_keyword">null</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L992" href="#L992">992</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L993" href="#L993">993</a> <strong class="jxr_keyword">if</strong> (dependencies != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L994" href="#L994">994</a> out = <strong class="jxr_keyword">new</strong> ObjectOutputStream(<strong class="jxr_keyword">new</strong> BufferedOutputStream(<strong class="jxr_keyword">new</strong> FileOutputStream(file)));
|
|
|
|
|
<a class="jxr_linenumber" name="L995" href="#L995">995</a> out.writeObject(dependencies);
|
|
|
|
|
<a class="jxr_linenumber" name="L996" href="#L996">996</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L997" href="#L997">997</a> <strong class="jxr_keyword">if</strong> (getLog().isDebugEnabled()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L998" href="#L998">998</a> getLog().debug(String.format(<span class="jxr_string">"Serialized data file written to '%s' for %s, referenced by key %s"</span>,
|
|
|
|
|
<a class="jxr_linenumber" name="L999" href="#L999">999</a> file.getAbsolutePath(), mp.getName(), <strong class="jxr_keyword">this</strong>.getDataFileContextKey()));
|
|
|
|
|
<a class="jxr_linenumber" name="L1000" href="#L1000">1000</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1001" href="#L1001">1001</a> mp.setContextValue(<strong class="jxr_keyword">this</strong>.getDataFileContextKey(), file.getAbsolutePath());
|
|
|
|
|
<a class="jxr_linenumber" name="L1002" href="#L1002">1002</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1003" href="#L1003">1003</a> getLog().warn(<span class="jxr_string">"Unable to create data file used for report aggregation; "</span>
|
|
|
|
|
<a class="jxr_linenumber" name="L1004" href="#L1004">1004</a> + <span class="jxr_string">"if report aggregation is being used the results may be incomplete."</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L1005" href="#L1005">1005</a> <strong class="jxr_keyword">if</strong> (getLog().isDebugEnabled()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1006" href="#L1006">1006</a> getLog().debug(ex.getMessage(), ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L1007" href="#L1007">1007</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1008" href="#L1008">1008</a> } <strong class="jxr_keyword">finally</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L1009" href="#L1009">1009</a> <strong class="jxr_keyword">if</strong> (out != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1010" href="#L1010">1010</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L1011" href="#L1011">1011</a> out.close();
|
|
|
|
|
<a class="jxr_linenumber" name="L1012" href="#L1012">1012</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1013" href="#L1013">1013</a> <strong class="jxr_keyword">if</strong> (getLog().isDebugEnabled()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1014" href="#L1014">1014</a> getLog().debug(<span class="jxr_string">"ignore"</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L1015" href="#L1015">1015</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1016" href="#L1016">1016</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1017" href="#L1017">1017</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1018" href="#L1018">1018</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1019" href="#L1019">1019</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1020" href="#L1020">1020</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1021" href="#L1021">1021</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L1022" href="#L1022">1022</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1023" href="#L1023">1023</a> <em class="jxr_javadoccomment"> * Reads the serialized scan data from disk. This is used to serialize the scan data between the "check" and "aggregate"</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1024" href="#L1024">1024</a> <em class="jxr_javadoccomment"> * phase.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1025" href="#L1025">1025</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1026" href="#L1026">1026</a> <em class="jxr_javadoccomment"> * @param project the Maven project to read the data file from</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1027" href="#L1027">1027</a> <em class="jxr_javadoccomment"> * @return a <code>Engine</code> object populated with dependencies if the serialized data file exists; otherwise</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1028" href="#L1028">1028</a> <em class="jxr_javadoccomment"> * <code>null</code> is returned</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1029" href="#L1029">1029</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1030" href="#L1030">1030</a> <strong class="jxr_keyword">protected</strong> List<Dependency> readDataFile(MavenProject project) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1031" href="#L1031">1031</a> <strong class="jxr_keyword">final</strong> Object oPath = project.getContextValue(<strong class="jxr_keyword">this</strong>.getDataFileContextKey());
|
|
|
|
|
<a class="jxr_linenumber" name="L1032" href="#L1032">1032</a> <strong class="jxr_keyword">if</strong> (oPath == <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1033" href="#L1033">1033</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L1034" href="#L1034">1034</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1035" href="#L1035">1035</a> List<Dependency> ret = <strong class="jxr_keyword">null</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L1036" href="#L1036">1036</a> <strong class="jxr_keyword">final</strong> String path = (String) oPath;
|
|
|
|
|
<a class="jxr_linenumber" name="L1037" href="#L1037">1037</a> ObjectInputStream ois = <strong class="jxr_keyword">null</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L1038" href="#L1038">1038</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L1039" href="#L1039">1039</a> ois = <strong class="jxr_keyword">new</strong> ObjectInputStream(<strong class="jxr_keyword">new</strong> FileInputStream(path));
|
|
|
|
|
<a class="jxr_linenumber" name="L1040" href="#L1040">1040</a> ret = (List<Dependency>) ois.readObject();
|
|
|
|
|
<a class="jxr_linenumber" name="L1041" href="#L1041">1041</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1042" href="#L1042">1042</a> <em class="jxr_comment">//TODO fix logging</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1043" href="#L1043">1043</a> getLog().error(<span class="jxr_string">""</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L1044" href="#L1044">1044</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1045" href="#L1045">1045</a> getLog().error(<span class="jxr_string">""</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L1046" href="#L1046">1046</a> } <strong class="jxr_keyword">catch</strong> (ClassNotFoundException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1047" href="#L1047">1047</a> getLog().error(<span class="jxr_string">""</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L1048" href="#L1048">1048</a> } <strong class="jxr_keyword">finally</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L1049" href="#L1049">1049</a> <strong class="jxr_keyword">if</strong> (ois != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1050" href="#L1050">1050</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L1051" href="#L1051">1051</a> ois.close();
|
|
|
|
|
<a class="jxr_linenumber" name="L1052" href="#L1052">1052</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1053" href="#L1053">1053</a> getLog().error(<span class="jxr_string">""</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L1054" href="#L1054">1054</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1055" href="#L1055">1055</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1056" href="#L1056">1056</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1057" href="#L1057">1057</a> <strong class="jxr_keyword">return</strong> ret;
|
|
|
|
|
<a class="jxr_linenumber" name="L1058" href="#L1058">1058</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1059" href="#L1059">1059</a> <em class="jxr_comment">//</editor-fold></em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1060" href="#L1060">1060</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L670" href="#L670">670</a> Settings.setStringIfNotNull(Settings.KEYS.PROXY_NON_PROXY_HOSTS, proxy.getNonProxyHosts());
|
|
|
|
|
<a class="jxr_linenumber" name="L671" href="#L671">671</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L672" href="#L672">672</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L673" href="#L673">673</a> Settings.setStringIfNotEmpty(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout);
|
|
|
|
|
<a class="jxr_linenumber" name="L674" href="#L674">674</a> Settings.setStringIfNotEmpty(Settings.KEYS.SUPPRESSION_FILE, suppressionFile);
|
|
|
|
|
<a class="jxr_linenumber" name="L675" href="#L675">675</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L676" href="#L676">676</a> <em class="jxr_comment">//File Type Analyzer Settings</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L677" href="#L677">677</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_JAR_ENABLED, jarAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L678" href="#L678">678</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_NUSPEC_ENABLED, nuspecAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L679" href="#L679">679</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, centralAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L680" href="#L680">680</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_NEXUS_ENABLED, nexusAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L681" href="#L681">681</a> Settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_NEXUS_URL, nexusUrl);
|
|
|
|
|
<a class="jxr_linenumber" name="L682" href="#L682">682</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_NEXUS_USES_PROXY, nexusUsesProxy);
|
|
|
|
|
<a class="jxr_linenumber" name="L683" href="#L683">683</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED, assemblyAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L684" href="#L684">684</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, archiveAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L685" href="#L685">685</a> Settings.setStringIfNotEmpty(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, zipExtensions);
|
|
|
|
|
<a class="jxr_linenumber" name="L686" href="#L686">686</a> Settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, pathToMono);
|
|
|
|
|
<a class="jxr_linenumber" name="L687" href="#L687">687</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L688" href="#L688">688</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_PYTHON_DISTRIBUTION_ENABLED, pyDistributionAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L689" href="#L689">689</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_PYTHON_PACKAGE_ENABLED, pyPackageAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L690" href="#L690">690</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_RUBY_GEMSPEC_ENABLED, rubygemsAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L691" href="#L691">691</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_OPENSSL_ENABLED, opensslAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L692" href="#L692">692</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_CMAKE_ENABLED, cmakeAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L693" href="#L693">693</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_AUTOCONF_ENABLED, autoconfAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L694" href="#L694">694</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_COMPOSER_LOCK_ENABLED, composerAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L695" href="#L695">695</a> Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_NODE_PACKAGE_ENABLED, nodeAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L696" href="#L696">696</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L697" href="#L697">697</a> <em class="jxr_comment">//Database configuration</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L698" href="#L698">698</a> Settings.setStringIfNotEmpty(Settings.KEYS.DB_DRIVER_NAME, databaseDriverName);
|
|
|
|
|
<a class="jxr_linenumber" name="L699" href="#L699">699</a> Settings.setStringIfNotEmpty(Settings.KEYS.DB_DRIVER_PATH, databaseDriverPath);
|
|
|
|
|
<a class="jxr_linenumber" name="L700" href="#L700">700</a> Settings.setStringIfNotEmpty(Settings.KEYS.DB_CONNECTION_STRING, connectionString);
|
|
|
|
|
<a class="jxr_linenumber" name="L701" href="#L701">701</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L702" href="#L702">702</a> <strong class="jxr_keyword">if</strong> (databaseUser == <strong class="jxr_keyword">null</strong> && databasePassword == <strong class="jxr_keyword">null</strong> && serverId != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L703" href="#L703">703</a> <strong class="jxr_keyword">final</strong> Server server = settingsXml.getServer(serverId);
|
|
|
|
|
<a class="jxr_linenumber" name="L704" href="#L704">704</a> <strong class="jxr_keyword">if</strong> (server != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L705" href="#L705">705</a> databaseUser = server.getUsername();
|
|
|
|
|
<a class="jxr_linenumber" name="L706" href="#L706">706</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L707" href="#L707">707</a> <em class="jxr_comment">//The following fix was copied from:</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L708" href="#L708">708</a> <em class="jxr_comment">// https://github.com/bsorrentino/maven-confluence-plugin/blob/master/maven-confluence-reporting-plugin/src/main/java/org/bsc/maven/confluence/plugin/AbstractBaseConfluenceMojo.java</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L709" href="#L709">709</a> <em class="jxr_comment">//</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L710" href="#L710">710</a> <em class="jxr_comment">// FIX to resolve</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L711" href="#L711">711</a> <em class="jxr_comment">// org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException:</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L712" href="#L712">712</a> <em class="jxr_comment">// java.io.FileNotFoundException: ~/.settings-security.xml (No such file or directory)</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L713" href="#L713">713</a> <em class="jxr_comment">//</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L714" href="#L714">714</a> <strong class="jxr_keyword">if</strong> (securityDispatcher instanceof DefaultSecDispatcher) {
|
|
|
|
|
<a class="jxr_linenumber" name="L715" href="#L715">715</a> ((DefaultSecDispatcher) securityDispatcher).setConfigurationFile(<span class="jxr_string">"~/.m2/settings-security.xml"</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L716" href="#L716">716</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L717" href="#L717">717</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L718" href="#L718">718</a> databasePassword = securityDispatcher.decrypt(server.getPassword());
|
|
|
|
|
<a class="jxr_linenumber" name="L719" href="#L719">719</a> } <strong class="jxr_keyword">catch</strong> (SecDispatcherException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L720" href="#L720">720</a> <strong class="jxr_keyword">if</strong> (ex.getCause() instanceof FileNotFoundException
|
|
|
|
|
<a class="jxr_linenumber" name="L721" href="#L721">721</a> || (ex.getCause() != <strong class="jxr_keyword">null</strong> && ex.getCause().getCause() instanceof FileNotFoundException)) {
|
|
|
|
|
<a class="jxr_linenumber" name="L722" href="#L722">722</a> <em class="jxr_comment">//maybe its not encrypted?</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L723" href="#L723">723</a> <strong class="jxr_keyword">final</strong> String tmp = server.getPassword();
|
|
|
|
|
<a class="jxr_linenumber" name="L724" href="#L724">724</a> <strong class="jxr_keyword">if</strong> (tmp.startsWith(<span class="jxr_string">"{"</span>) && tmp.endsWith(<span class="jxr_string">"}"</span>)) {
|
|
|
|
|
<a class="jxr_linenumber" name="L725" href="#L725">725</a> getLog().error(String.format(
|
|
|
|
|
<a class="jxr_linenumber" name="L726" href="#L726">726</a> <span class="jxr_string">"Unable to decrypt the server password for server id '%s' in settings.xml%n\tCause: %s"</span>,
|
|
|
|
|
<a class="jxr_linenumber" name="L727" href="#L727">727</a> serverId, ex.getMessage()));
|
|
|
|
|
<a class="jxr_linenumber" name="L728" href="#L728">728</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L729" href="#L729">729</a> databasePassword = tmp;
|
|
|
|
|
<a class="jxr_linenumber" name="L730" href="#L730">730</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L731" href="#L731">731</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L732" href="#L732">732</a> getLog().error(String.format(
|
|
|
|
|
<a class="jxr_linenumber" name="L733" href="#L733">733</a> <span class="jxr_string">"Unable to decrypt the server password for server id '%s' in settings.xml%n\tCause: %s"</span>,
|
|
|
|
|
<a class="jxr_linenumber" name="L734" href="#L734">734</a> serverId, ex.getMessage()));
|
|
|
|
|
<a class="jxr_linenumber" name="L735" href="#L735">735</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L736" href="#L736">736</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L737" href="#L737">737</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L738" href="#L738">738</a> getLog().error(String.format(<span class="jxr_string">"Server '%s' not found in the settings.xml file"</span>, serverId));
|
|
|
|
|
<a class="jxr_linenumber" name="L739" href="#L739">739</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L740" href="#L740">740</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L741" href="#L741">741</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L742" href="#L742">742</a> Settings.setStringIfNotEmpty(Settings.KEYS.DB_USER, databaseUser);
|
|
|
|
|
<a class="jxr_linenumber" name="L743" href="#L743">743</a> Settings.setStringIfNotEmpty(Settings.KEYS.DB_PASSWORD, databasePassword);
|
|
|
|
|
<a class="jxr_linenumber" name="L744" href="#L744">744</a> Settings.setStringIfNotEmpty(Settings.KEYS.DATA_DIRECTORY, dataDirectory);
|
|
|
|
|
<a class="jxr_linenumber" name="L745" href="#L745">745</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L746" href="#L746">746</a> Settings.setStringIfNotEmpty(Settings.KEYS.CVE_MODIFIED_12_URL, cveUrl12Modified);
|
|
|
|
|
<a class="jxr_linenumber" name="L747" href="#L747">747</a> Settings.setStringIfNotEmpty(Settings.KEYS.CVE_MODIFIED_20_URL, cveUrl20Modified);
|
|
|
|
|
<a class="jxr_linenumber" name="L748" href="#L748">748</a> Settings.setStringIfNotEmpty(Settings.KEYS.CVE_SCHEMA_1_2, cveUrl12Base);
|
|
|
|
|
<a class="jxr_linenumber" name="L749" href="#L749">749</a> Settings.setStringIfNotEmpty(Settings.KEYS.CVE_SCHEMA_2_0, cveUrl20Base);
|
|
|
|
|
<a class="jxr_linenumber" name="L750" href="#L750">750</a> Settings.setIntIfNotNull(Settings.KEYS.CVE_CHECK_VALID_FOR_HOURS, cveValidForHours);
|
|
|
|
|
<a class="jxr_linenumber" name="L751" href="#L751">751</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L752" href="#L752">752</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L753" href="#L753">753</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L754" href="#L754">754</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L755" href="#L755">755</a> <em class="jxr_javadoccomment"> * Returns the maven proxy.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L756" href="#L756">756</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L757" href="#L757">757</a> <em class="jxr_javadoccomment"> * @return the maven proxy</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L758" href="#L758">758</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L759" href="#L759">759</a> <strong class="jxr_keyword">private</strong> Proxy getMavenProxy() {
|
|
|
|
|
<a class="jxr_linenumber" name="L760" href="#L760">760</a> <strong class="jxr_keyword">if</strong> (mavenSettings != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L761" href="#L761">761</a> <strong class="jxr_keyword">final</strong> List<Proxy> proxies = mavenSettings.getProxies();
|
|
|
|
|
<a class="jxr_linenumber" name="L762" href="#L762">762</a> <strong class="jxr_keyword">if</strong> (proxies != <strong class="jxr_keyword">null</strong> && !proxies.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L763" href="#L763">763</a> <strong class="jxr_keyword">if</strong> (mavenSettingsProxyId != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L764" href="#L764">764</a> <strong class="jxr_keyword">for</strong> (Proxy proxy : proxies) {
|
|
|
|
|
<a class="jxr_linenumber" name="L765" href="#L765">765</a> <strong class="jxr_keyword">if</strong> (mavenSettingsProxyId.equalsIgnoreCase(proxy.getId())) {
|
|
|
|
|
<a class="jxr_linenumber" name="L766" href="#L766">766</a> <strong class="jxr_keyword">return</strong> proxy;
|
|
|
|
|
<a class="jxr_linenumber" name="L767" href="#L767">767</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L768" href="#L768">768</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L769" href="#L769">769</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (proxies.size() == 1) {
|
|
|
|
|
<a class="jxr_linenumber" name="L770" href="#L770">770</a> <strong class="jxr_keyword">return</strong> proxies.get(0);
|
|
|
|
|
<a class="jxr_linenumber" name="L771" href="#L771">771</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L772" href="#L772">772</a> getLog().warn(<span class="jxr_string">"Multiple proxy definitions exist in the Maven settings. In the dependency-check "</span>
|
|
|
|
|
<a class="jxr_linenumber" name="L773" href="#L773">773</a> + <span class="jxr_string">"configuration set the mavenSettingsProxyId so that the correct proxy will be used."</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L774" href="#L774">774</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> IllegalStateException(<span class="jxr_string">"Ambiguous proxy definition"</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L775" href="#L775">775</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L776" href="#L776">776</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L777" href="#L777">777</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L778" href="#L778">778</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L779" href="#L779">779</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L780" href="#L780">780</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L781" href="#L781">781</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L782" href="#L782">782</a> <em class="jxr_javadoccomment"> * Tests is the artifact should be included in the scan (i.e. is the dependency in a scope that is being scanned).</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L783" href="#L783">783</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L784" href="#L784">784</a> <em class="jxr_javadoccomment"> * @param a the Artifact to test</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L785" href="#L785">785</a> <em class="jxr_javadoccomment"> * @return <code>true</code> if the artifact is in an excluded scope; otherwise <code>false</code></em>
|
|
|
|
|
<a class="jxr_linenumber" name="L786" href="#L786">786</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L787" href="#L787">787</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">boolean</strong> excludeFromScan(Artifact a) {
|
|
|
|
|
<a class="jxr_linenumber" name="L788" href="#L788">788</a> <strong class="jxr_keyword">if</strong> (skipTestScope && Artifact.SCOPE_TEST.equals(a.getScope())) {
|
|
|
|
|
<a class="jxr_linenumber" name="L789" href="#L789">789</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L790" href="#L790">790</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L791" href="#L791">791</a> <strong class="jxr_keyword">if</strong> (skipProvidedScope && Artifact.SCOPE_PROVIDED.equals(a.getScope())) {
|
|
|
|
|
<a class="jxr_linenumber" name="L792" href="#L792">792</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L793" href="#L793">793</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L794" href="#L794">794</a> <strong class="jxr_keyword">if</strong> (skipRuntimeScope && !Artifact.SCOPE_RUNTIME.equals(a.getScope())) {
|
|
|
|
|
<a class="jxr_linenumber" name="L795" href="#L795">795</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L796" href="#L796">796</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L797" href="#L797">797</a> <strong class="jxr_keyword">return</strong> false;
|
|
|
|
|
<a class="jxr_linenumber" name="L798" href="#L798">798</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L799" href="#L799">799</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L800" href="#L800">800</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L801" href="#L801">801</a> <em class="jxr_javadoccomment"> * Returns a reference to the current project. This method is used instead of auto-binding the project via component</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L802" href="#L802">802</a> <em class="jxr_javadoccomment"> * annotation in concrete implementations of this. If the child has a <code>@Component MavenProject project;</code> defined</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L803" href="#L803">803</a> <em class="jxr_javadoccomment"> * then the abstract class (i.e. this class) will not have access to the current project (just the way Maven works with the</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L804" href="#L804">804</a> <em class="jxr_javadoccomment"> * binding).</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L805" href="#L805">805</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L806" href="#L806">806</a> <em class="jxr_javadoccomment"> * @return returns a reference to the current project</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L807" href="#L807">807</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L808" href="#L808">808</a> <strong class="jxr_keyword">protected</strong> MavenProject getProject() {
|
|
|
|
|
<a class="jxr_linenumber" name="L809" href="#L809">809</a> <strong class="jxr_keyword">return</strong> project;
|
|
|
|
|
<a class="jxr_linenumber" name="L810" href="#L810">810</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L811" href="#L811">811</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L812" href="#L812">812</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L813" href="#L813">813</a> <em class="jxr_javadoccomment"> * Returns the list of Maven Projects in this build.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L814" href="#L814">814</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L815" href="#L815">815</a> <em class="jxr_javadoccomment"> * @return the list of Maven Projects in this build</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L816" href="#L816">816</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L817" href="#L817">817</a> <strong class="jxr_keyword">protected</strong> List<MavenProject> getReactorProjects() {
|
|
|
|
|
<a class="jxr_linenumber" name="L818" href="#L818">818</a> <strong class="jxr_keyword">return</strong> reactorProjects;
|
|
|
|
|
<a class="jxr_linenumber" name="L819" href="#L819">819</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L820" href="#L820">820</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L821" href="#L821">821</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L822" href="#L822">822</a> <em class="jxr_javadoccomment"> * Returns the report format.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L823" href="#L823">823</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L824" href="#L824">824</a> <em class="jxr_javadoccomment"> * @return the report format</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L825" href="#L825">825</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L826" href="#L826">826</a> <strong class="jxr_keyword">protected</strong> String getFormat() {
|
|
|
|
|
<a class="jxr_linenumber" name="L827" href="#L827">827</a> <strong class="jxr_keyword">return</strong> format;
|
|
|
|
|
<a class="jxr_linenumber" name="L828" href="#L828">828</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L829" href="#L829">829</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L830" href="#L830">830</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L831" href="#L831">831</a> <em class="jxr_javadoccomment"> * Generates the reports for a given dependency-check engine.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L832" href="#L832">832</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L833" href="#L833">833</a> <em class="jxr_javadoccomment"> * @param engine a dependency-check engine</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L834" href="#L834">834</a> <em class="jxr_javadoccomment"> * @param p the maven project</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L835" href="#L835">835</a> <em class="jxr_javadoccomment"> * @param outputDir the directory path to write the report(s).</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L836" href="#L836">836</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L837" href="#L837">837</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> writeReports(<a href="../../../../org/owasp/dependencycheck/maven/Engine.html">Engine</a> engine, MavenProject p, File outputDir) {
|
|
|
|
|
<a class="jxr_linenumber" name="L838" href="#L838">838</a> DatabaseProperties prop = <strong class="jxr_keyword">null</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L839" href="#L839">839</a> CveDB cve = <strong class="jxr_keyword">null</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L840" href="#L840">840</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L841" href="#L841">841</a> cve = <strong class="jxr_keyword">new</strong> CveDB();
|
|
|
|
|
<a class="jxr_linenumber" name="L842" href="#L842">842</a> cve.open();
|
|
|
|
|
<a class="jxr_linenumber" name="L843" href="#L843">843</a> prop = cve.getDatabaseProperties();
|
|
|
|
|
<a class="jxr_linenumber" name="L844" href="#L844">844</a> } <strong class="jxr_keyword">catch</strong> (DatabaseException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L845" href="#L845">845</a> <strong class="jxr_keyword">if</strong> (getLog().isDebugEnabled()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L846" href="#L846">846</a> getLog().debug(<span class="jxr_string">"Unable to retrieve DB Properties"</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L847" href="#L847">847</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L848" href="#L848">848</a> } <strong class="jxr_keyword">finally</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L849" href="#L849">849</a> <strong class="jxr_keyword">if</strong> (cve != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L850" href="#L850">850</a> cve.close();
|
|
|
|
|
<a class="jxr_linenumber" name="L851" href="#L851">851</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L852" href="#L852">852</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L853" href="#L853">853</a> <strong class="jxr_keyword">final</strong> ReportGenerator r = <strong class="jxr_keyword">new</strong> ReportGenerator(p.getName(), engine.getDependencies(), engine.getAnalyzers(), prop);
|
|
|
|
|
<a class="jxr_linenumber" name="L854" href="#L854">854</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L855" href="#L855">855</a> r.generateReports(outputDir.getAbsolutePath(), format);
|
|
|
|
|
<a class="jxr_linenumber" name="L856" href="#L856">856</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L857" href="#L857">857</a> getLog().error(
|
|
|
|
|
<a class="jxr_linenumber" name="L858" href="#L858">858</a> <span class="jxr_string">"Unexpected exception occurred during analysis; please see the verbose error log for more details."</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L859" href="#L859">859</a> <strong class="jxr_keyword">if</strong> (getLog().isDebugEnabled()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L860" href="#L860">860</a> getLog().debug(<span class="jxr_string">""</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L861" href="#L861">861</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L862" href="#L862">862</a> } <strong class="jxr_keyword">catch</strong> (Throwable ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L863" href="#L863">863</a> getLog().error(
|
|
|
|
|
<a class="jxr_linenumber" name="L864" href="#L864">864</a> <span class="jxr_string">"Unexpected exception occurred during analysis; please see the verbose error log for more details."</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L865" href="#L865">865</a> <strong class="jxr_keyword">if</strong> (getLog().isDebugEnabled()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L866" href="#L866">866</a> getLog().debug(<span class="jxr_string">""</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L867" href="#L867">867</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L868" href="#L868">868</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L869" href="#L869">869</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L870" href="#L870">870</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L871" href="#L871">871</a> <em class="jxr_comment">//<editor-fold defaultstate="collapsed" desc="Methods to fail build or show summary"></em>
|
|
|
|
|
<a class="jxr_linenumber" name="L872" href="#L872">872</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L873" href="#L873">873</a> <em class="jxr_javadoccomment"> * Checks to see if a vulnerability has been identified with a CVSS score that is above the threshold set in the</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L874" href="#L874">874</a> <em class="jxr_javadoccomment"> * configuration.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L875" href="#L875">875</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L876" href="#L876">876</a> <em class="jxr_javadoccomment"> * @param dependencies the list of dependency objects</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L877" href="#L877">877</a> <em class="jxr_javadoccomment"> * @throws MojoFailureException thrown if a CVSS score is found that is higher then the threshold set</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L878" href="#L878">878</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L879" href="#L879">879</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> checkForFailure(List<Dependency> dependencies) <strong class="jxr_keyword">throws</strong> MojoFailureException {
|
|
|
|
|
<a class="jxr_linenumber" name="L880" href="#L880">880</a> <strong class="jxr_keyword">if</strong> (failBuildOnCVSS <= 10) {
|
|
|
|
|
<a class="jxr_linenumber" name="L881" href="#L881">881</a> <strong class="jxr_keyword">final</strong> StringBuilder ids = <strong class="jxr_keyword">new</strong> StringBuilder();
|
|
|
|
|
<a class="jxr_linenumber" name="L882" href="#L882">882</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencies) {
|
|
|
|
|
<a class="jxr_linenumber" name="L883" href="#L883">883</a> <strong class="jxr_keyword">boolean</strong> addName = <strong class="jxr_keyword">true</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L884" href="#L884">884</a> <strong class="jxr_keyword">for</strong> (Vulnerability v : d.getVulnerabilities()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L885" href="#L885">885</a> <strong class="jxr_keyword">if</strong> (v.getCvssScore() >= failBuildOnCVSS) {
|
|
|
|
|
<a class="jxr_linenumber" name="L886" href="#L886">886</a> <strong class="jxr_keyword">if</strong> (addName) {
|
|
|
|
|
<a class="jxr_linenumber" name="L887" href="#L887">887</a> addName = false;
|
|
|
|
|
<a class="jxr_linenumber" name="L888" href="#L888">888</a> ids.append(NEW_LINE).append(d.getFileName()).append(<span class="jxr_string">": "</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L889" href="#L889">889</a> ids.append(v.getName());
|
|
|
|
|
<a class="jxr_linenumber" name="L890" href="#L890">890</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L891" href="#L891">891</a> ids.append(<span class="jxr_string">", "</span>).append(v.getName());
|
|
|
|
|
<a class="jxr_linenumber" name="L892" href="#L892">892</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L893" href="#L893">893</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L894" href="#L894">894</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L895" href="#L895">895</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L896" href="#L896">896</a> <strong class="jxr_keyword">if</strong> (ids.length() > 0) {
|
|
|
|
|
<a class="jxr_linenumber" name="L897" href="#L897">897</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"%n%nDependency-Check Failure:%n"</span>
|
|
|
|
|
<a class="jxr_linenumber" name="L898" href="#L898">898</a> + <span class="jxr_string">"One or more dependencies were identified with vulnerabilities that have a CVSS score greater then '%.1f': %s%n"</span>
|
|
|
|
|
<a class="jxr_linenumber" name="L899" href="#L899">899</a> + <span class="jxr_string">"See the dependency-check report for more details.%n%n"</span>, failBuildOnCVSS, ids.toString());
|
|
|
|
|
<a class="jxr_linenumber" name="L900" href="#L900">900</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> MojoFailureException(msg);
|
|
|
|
|
<a class="jxr_linenumber" name="L901" href="#L901">901</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L902" href="#L902">902</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L903" href="#L903">903</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L904" href="#L904">904</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L905" href="#L905">905</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L906" href="#L906">906</a> <em class="jxr_javadoccomment"> * Generates a warning message listing a summary of dependencies and their associated CPE and CVE entries.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L907" href="#L907">907</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L908" href="#L908">908</a> <em class="jxr_javadoccomment"> * @param mp the Maven project for which the summary is shown</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L909" href="#L909">909</a> <em class="jxr_javadoccomment"> * @param dependencies a list of dependency objects</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L910" href="#L910">910</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L911" href="#L911">911</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> showSummary(MavenProject mp, List<Dependency> dependencies) {
|
|
|
|
|
<a class="jxr_linenumber" name="L912" href="#L912">912</a> <strong class="jxr_keyword">if</strong> (showSummary) {
|
|
|
|
|
<a class="jxr_linenumber" name="L913" href="#L913">913</a> <strong class="jxr_keyword">final</strong> StringBuilder summary = <strong class="jxr_keyword">new</strong> StringBuilder();
|
|
|
|
|
<a class="jxr_linenumber" name="L914" href="#L914">914</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencies) {
|
|
|
|
|
<a class="jxr_linenumber" name="L915" href="#L915">915</a> <strong class="jxr_keyword">boolean</strong> firstEntry = <strong class="jxr_keyword">true</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L916" href="#L916">916</a> <strong class="jxr_keyword">final</strong> StringBuilder ids = <strong class="jxr_keyword">new</strong> StringBuilder();
|
|
|
|
|
<a class="jxr_linenumber" name="L917" href="#L917">917</a> <strong class="jxr_keyword">for</strong> (Vulnerability v : d.getVulnerabilities()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L918" href="#L918">918</a> <strong class="jxr_keyword">if</strong> (firstEntry) {
|
|
|
|
|
<a class="jxr_linenumber" name="L919" href="#L919">919</a> firstEntry = false;
|
|
|
|
|
<a class="jxr_linenumber" name="L920" href="#L920">920</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L921" href="#L921">921</a> ids.append(<span class="jxr_string">", "</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L922" href="#L922">922</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L923" href="#L923">923</a> ids.append(v.getName());
|
|
|
|
|
<a class="jxr_linenumber" name="L924" href="#L924">924</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L925" href="#L925">925</a> <strong class="jxr_keyword">if</strong> (ids.length() > 0) {
|
|
|
|
|
<a class="jxr_linenumber" name="L926" href="#L926">926</a> summary.append(d.getFileName()).append(<span class="jxr_string">" ("</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L927" href="#L927">927</a> firstEntry = <strong class="jxr_keyword">true</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L928" href="#L928">928</a> <strong class="jxr_keyword">for</strong> (Identifier id : d.getIdentifiers()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L929" href="#L929">929</a> <strong class="jxr_keyword">if</strong> (firstEntry) {
|
|
|
|
|
<a class="jxr_linenumber" name="L930" href="#L930">930</a> firstEntry = false;
|
|
|
|
|
<a class="jxr_linenumber" name="L931" href="#L931">931</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L932" href="#L932">932</a> summary.append(<span class="jxr_string">", "</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L933" href="#L933">933</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L934" href="#L934">934</a> summary.append(id.getValue());
|
|
|
|
|
<a class="jxr_linenumber" name="L935" href="#L935">935</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L936" href="#L936">936</a> summary.append(<span class="jxr_string">") : "</span>).append(ids).append(NEW_LINE);
|
|
|
|
|
<a class="jxr_linenumber" name="L937" href="#L937">937</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L938" href="#L938">938</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L939" href="#L939">939</a> <strong class="jxr_keyword">if</strong> (summary.length() > 0) {
|
|
|
|
|
<a class="jxr_linenumber" name="L940" href="#L940">940</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"%n%n"</span> + <span class="jxr_string">"One or more dependencies were identified with known vulnerabilities in %s:%n%n%s"</span>
|
|
|
|
|
<a class="jxr_linenumber" name="L941" href="#L941">941</a> + <span class="jxr_string">"%n%nSee the dependency-check report for more details.%n%n"</span>, mp.getName(), summary.toString());
|
|
|
|
|
<a class="jxr_linenumber" name="L942" href="#L942">942</a> getLog().warn(msg);
|
|
|
|
|
<a class="jxr_linenumber" name="L943" href="#L943">943</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L944" href="#L944">944</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L945" href="#L945">945</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L946" href="#L946">946</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L947" href="#L947">947</a> <em class="jxr_comment">//</editor-fold></em>
|
|
|
|
|
<a class="jxr_linenumber" name="L948" href="#L948">948</a> <em class="jxr_comment">//<editor-fold defaultstate="collapsed" desc="Methods to read/write the serialized data file"></em>
|
|
|
|
|
<a class="jxr_linenumber" name="L949" href="#L949">949</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L950" href="#L950">950</a> <em class="jxr_javadoccomment"> * Returns the key used to store the path to the data file that is saved by <code>writeDataFile()</code>. This key is used in</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L951" href="#L951">951</a> <em class="jxr_javadoccomment"> * the <code>MavenProject.(set|get)ContextValue</code>.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L952" href="#L952">952</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L953" href="#L953">953</a> <em class="jxr_javadoccomment"> * @return the key used to store the path to the data file</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L954" href="#L954">954</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L955" href="#L955">955</a> <strong class="jxr_keyword">protected</strong> String getDataFileContextKey() {
|
|
|
|
|
<a class="jxr_linenumber" name="L956" href="#L956">956</a> <strong class="jxr_keyword">return</strong> <span class="jxr_string">"dependency-check-path-"</span> + dataFileName;
|
|
|
|
|
<a class="jxr_linenumber" name="L957" href="#L957">957</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L958" href="#L958">958</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L959" href="#L959">959</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L960" href="#L960">960</a> <em class="jxr_javadoccomment"> * Returns the key used to store the path to the output directory. When generating the report in the</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L961" href="#L961">961</a> <em class="jxr_javadoccomment"> * <code>executeAggregateReport()</code> the output directory should be obtained by using this key.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L962" href="#L962">962</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L963" href="#L963">963</a> <em class="jxr_javadoccomment"> * @return the key used to store the path to the output directory</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L964" href="#L964">964</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L965" href="#L965">965</a> <strong class="jxr_keyword">protected</strong> String getOutputDirectoryContextKey() {
|
|
|
|
|
<a class="jxr_linenumber" name="L966" href="#L966">966</a> <strong class="jxr_keyword">return</strong> <span class="jxr_string">"dependency-output-dir-"</span> + dataFileName;
|
|
|
|
|
<a class="jxr_linenumber" name="L967" href="#L967">967</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L968" href="#L968">968</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L969" href="#L969">969</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L970" href="#L970">970</a> <em class="jxr_javadoccomment"> * Writes the scan data to disk. This is used to serialize the scan data between the "check" and "aggregate" phase.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L971" href="#L971">971</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L972" href="#L972">972</a> <em class="jxr_javadoccomment"> * @param mp the mMven project for which the data file was created</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L973" href="#L973">973</a> <em class="jxr_javadoccomment"> * @param writeTo the directory to write the data file</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L974" href="#L974">974</a> <em class="jxr_javadoccomment"> * @param dependencies the list of dependencies to serialize</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L975" href="#L975">975</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L976" href="#L976">976</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> writeDataFile(MavenProject mp, File writeTo, List<Dependency> dependencies) {
|
|
|
|
|
<a class="jxr_linenumber" name="L977" href="#L977">977</a> File file;
|
|
|
|
|
<a class="jxr_linenumber" name="L978" href="#L978">978</a> <em class="jxr_comment">//check to see if this was already written out</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L979" href="#L979">979</a> <strong class="jxr_keyword">if</strong> (mp.getContextValue(<strong class="jxr_keyword">this</strong>.getDataFileContextKey()) == <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L980" href="#L980">980</a> <strong class="jxr_keyword">if</strong> (writeTo == <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L981" href="#L981">981</a> file = <strong class="jxr_keyword">new</strong> File(mp.getBuild().getDirectory());
|
|
|
|
|
<a class="jxr_linenumber" name="L982" href="#L982">982</a> file = <strong class="jxr_keyword">new</strong> File(file, dataFileName);
|
|
|
|
|
<a class="jxr_linenumber" name="L983" href="#L983">983</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L984" href="#L984">984</a> file = <strong class="jxr_keyword">new</strong> File(writeTo, dataFileName);
|
|
|
|
|
<a class="jxr_linenumber" name="L985" href="#L985">985</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L986" href="#L986">986</a> <strong class="jxr_keyword">final</strong> File parent = file.getParentFile();
|
|
|
|
|
<a class="jxr_linenumber" name="L987" href="#L987">987</a> <strong class="jxr_keyword">if</strong> (!parent.isDirectory() && parent.mkdirs()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L988" href="#L988">988</a> getLog().error(String.format(<span class="jxr_string">"Directory '%s' does not exist and cannot be created; unable to write data file."</span>,
|
|
|
|
|
<a class="jxr_linenumber" name="L989" href="#L989">989</a> parent.getAbsolutePath()));
|
|
|
|
|
<a class="jxr_linenumber" name="L990" href="#L990">990</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L991" href="#L991">991</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L992" href="#L992">992</a> ObjectOutputStream out = <strong class="jxr_keyword">null</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L993" href="#L993">993</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L994" href="#L994">994</a> <strong class="jxr_keyword">if</strong> (dependencies != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L995" href="#L995">995</a> out = <strong class="jxr_keyword">new</strong> ObjectOutputStream(<strong class="jxr_keyword">new</strong> BufferedOutputStream(<strong class="jxr_keyword">new</strong> FileOutputStream(file)));
|
|
|
|
|
<a class="jxr_linenumber" name="L996" href="#L996">996</a> out.writeObject(dependencies);
|
|
|
|
|
<a class="jxr_linenumber" name="L997" href="#L997">997</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L998" href="#L998">998</a> <strong class="jxr_keyword">if</strong> (getLog().isDebugEnabled()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L999" href="#L999">999</a> getLog().debug(String.format(<span class="jxr_string">"Serialized data file written to '%s' for %s, referenced by key %s"</span>,
|
|
|
|
|
<a class="jxr_linenumber" name="L1000" href="#L1000">1000</a> file.getAbsolutePath(), mp.getName(), <strong class="jxr_keyword">this</strong>.getDataFileContextKey()));
|
|
|
|
|
<a class="jxr_linenumber" name="L1001" href="#L1001">1001</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1002" href="#L1002">1002</a> mp.setContextValue(<strong class="jxr_keyword">this</strong>.getDataFileContextKey(), file.getAbsolutePath());
|
|
|
|
|
<a class="jxr_linenumber" name="L1003" href="#L1003">1003</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1004" href="#L1004">1004</a> getLog().warn(<span class="jxr_string">"Unable to create data file used for report aggregation; "</span>
|
|
|
|
|
<a class="jxr_linenumber" name="L1005" href="#L1005">1005</a> + <span class="jxr_string">"if report aggregation is being used the results may be incomplete."</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L1006" href="#L1006">1006</a> <strong class="jxr_keyword">if</strong> (getLog().isDebugEnabled()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1007" href="#L1007">1007</a> getLog().debug(ex.getMessage(), ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L1008" href="#L1008">1008</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1009" href="#L1009">1009</a> } <strong class="jxr_keyword">finally</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L1010" href="#L1010">1010</a> <strong class="jxr_keyword">if</strong> (out != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1011" href="#L1011">1011</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L1012" href="#L1012">1012</a> out.close();
|
|
|
|
|
<a class="jxr_linenumber" name="L1013" href="#L1013">1013</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1014" href="#L1014">1014</a> <strong class="jxr_keyword">if</strong> (getLog().isDebugEnabled()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1015" href="#L1015">1015</a> getLog().debug(<span class="jxr_string">"ignore"</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L1016" href="#L1016">1016</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1017" href="#L1017">1017</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1018" href="#L1018">1018</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1019" href="#L1019">1019</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1020" href="#L1020">1020</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1021" href="#L1021">1021</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1022" href="#L1022">1022</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L1023" href="#L1023">1023</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1024" href="#L1024">1024</a> <em class="jxr_javadoccomment"> * Reads the serialized scan data from disk. This is used to serialize the scan data between the "check" and "aggregate"</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1025" href="#L1025">1025</a> <em class="jxr_javadoccomment"> * phase.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1026" href="#L1026">1026</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1027" href="#L1027">1027</a> <em class="jxr_javadoccomment"> * @param project the Maven project to read the data file from</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1028" href="#L1028">1028</a> <em class="jxr_javadoccomment"> * @return a <code>Engine</code> object populated with dependencies if the serialized data file exists; otherwise</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1029" href="#L1029">1029</a> <em class="jxr_javadoccomment"> * <code>null</code> is returned</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1030" href="#L1030">1030</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1031" href="#L1031">1031</a> <strong class="jxr_keyword">protected</strong> List<Dependency> readDataFile(MavenProject project) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1032" href="#L1032">1032</a> <strong class="jxr_keyword">final</strong> Object oPath = project.getContextValue(<strong class="jxr_keyword">this</strong>.getDataFileContextKey());
|
|
|
|
|
<a class="jxr_linenumber" name="L1033" href="#L1033">1033</a> <strong class="jxr_keyword">if</strong> (oPath == <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1034" href="#L1034">1034</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L1035" href="#L1035">1035</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1036" href="#L1036">1036</a> List<Dependency> ret = <strong class="jxr_keyword">null</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L1037" href="#L1037">1037</a> <strong class="jxr_keyword">final</strong> String path = (String) oPath;
|
|
|
|
|
<a class="jxr_linenumber" name="L1038" href="#L1038">1038</a> <em class="jxr_comment">//ObjectInputStream ois = null;</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1039" href="#L1039">1039</a> ExpectedOjectInputStream ois = <strong class="jxr_keyword">null</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L1040" href="#L1040">1040</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L1041" href="#L1041">1041</a> <em class="jxr_comment">//ois = new ObjectInputStream(new FileInputStream(path));</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1042" href="#L1042">1042</a> ois = <strong class="jxr_keyword">new</strong> ExpectedOjectInputStream(<strong class="jxr_keyword">new</strong> FileInputStream(path),
|
|
|
|
|
<a class="jxr_linenumber" name="L1043" href="#L1043">1043</a> <span class="jxr_string">"java.util.ArrayList"</span>,
|
|
|
|
|
<a class="jxr_linenumber" name="L1044" href="#L1044">1044</a> <span class="jxr_string">"java.util.HashSet"</span>,
|
|
|
|
|
<a class="jxr_linenumber" name="L1045" href="#L1045">1045</a> <span class="jxr_string">"java.util.TreeSet"</span>,
|
|
|
|
|
<a class="jxr_linenumber" name="L1046" href="#L1046">1046</a> <span class="jxr_string">"java.lang.AbstractSet"</span>,
|
|
|
|
|
<a class="jxr_linenumber" name="L1047" href="#L1047">1047</a> <span class="jxr_string">"java.lang.AbstractCollection"</span>,
|
|
|
|
|
<a class="jxr_linenumber" name="L1048" href="#L1048">1048</a> <span class="jxr_string">"java.lang.Enum"</span>,
|
|
|
|
|
<a class="jxr_linenumber" name="L1049" href="#L1049">1049</a> <span class="jxr_string">"org.owasp.dependencycheck.dependency.Confidence"</span>,
|
|
|
|
|
<a class="jxr_linenumber" name="L1050" href="#L1050">1050</a> <span class="jxr_string">"org.owasp.dependencycheck.dependency.Dependency"</span>,
|
|
|
|
|
<a class="jxr_linenumber" name="L1051" href="#L1051">1051</a> <span class="jxr_string">"org.owasp.dependencycheck.dependency.Evidence"</span>,
|
|
|
|
|
<a class="jxr_linenumber" name="L1052" href="#L1052">1052</a> <span class="jxr_string">"org.owasp.dependencycheck.dependency.EvidenceCollection"</span>,
|
|
|
|
|
<a class="jxr_linenumber" name="L1053" href="#L1053">1053</a> <span class="jxr_string">"org.owasp.dependencycheck.dependency.Identifier"</span>,
|
|
|
|
|
<a class="jxr_linenumber" name="L1054" href="#L1054">1054</a> <span class="jxr_string">"org.owasp.dependencycheck.dependency.Reference"</span>,
|
|
|
|
|
<a class="jxr_linenumber" name="L1055" href="#L1055">1055</a> <span class="jxr_string">"org.owasp.dependencycheck.dependency.Vulnerability"</span>,
|
|
|
|
|
<a class="jxr_linenumber" name="L1056" href="#L1056">1056</a> <span class="jxr_string">"org.owasp.dependencycheck.dependency.VulnerabilityComparator"</span>,
|
|
|
|
|
<a class="jxr_linenumber" name="L1057" href="#L1057">1057</a> <span class="jxr_string">"org.owasp.dependencycheck.dependency.VulnerableSoftware"</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L1058" href="#L1058">1058</a> ret = (List<Dependency>) ois.readObject();
|
|
|
|
|
<a class="jxr_linenumber" name="L1059" href="#L1059">1059</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1060" href="#L1060">1060</a> <em class="jxr_comment">//TODO fix logging</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1061" href="#L1061">1061</a> getLog().error(<span class="jxr_string">""</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L1062" href="#L1062">1062</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1063" href="#L1063">1063</a> getLog().error(<span class="jxr_string">""</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L1064" href="#L1064">1064</a> } <strong class="jxr_keyword">catch</strong> (ClassNotFoundException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1065" href="#L1065">1065</a> getLog().error(<span class="jxr_string">""</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L1066" href="#L1066">1066</a> } <strong class="jxr_keyword">finally</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L1067" href="#L1067">1067</a> <strong class="jxr_keyword">if</strong> (ois != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1068" href="#L1068">1068</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L1069" href="#L1069">1069</a> ois.close();
|
|
|
|
|
<a class="jxr_linenumber" name="L1070" href="#L1070">1070</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1071" href="#L1071">1071</a> getLog().error(<span class="jxr_string">""</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L1072" href="#L1072">1072</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1073" href="#L1073">1073</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1074" href="#L1074">1074</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1075" href="#L1075">1075</a> <strong class="jxr_keyword">return</strong> ret;
|
|
|
|
|
<a class="jxr_linenumber" name="L1076" href="#L1076">1076</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1077" href="#L1077">1077</a> <em class="jxr_comment">//</editor-fold></em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1078" href="#L1078">1078</a> }
|
|
|
|
|
</pre>
|
|
|
|
|
<hr/>
|
|
|
|
|
<div id="footer">Copyright © 2013–2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
|
|
|
|
|
Jeremy Long