Lots of updates, incorporated nvd cve data.

Former-commit-id: d54b2964cf11776521ee7114f536c8c3d9e14028
2026-01-14 15:53:36 +01:00 · 2012-10-23 14:57:50 -04:00
parent 65700a5a08
commit 2f9b1f6314
156 changed files with 12925 additions and 194795 deletions
--- a/src/main/java/org/codesecure/dependencycheck/App.java
+++ b/src/main/java/org/codesecure/dependencycheck/App.java
@@ -2,18 +2,18 @@ package org.codesecure.dependencycheck;
 /*
 * This file is part of DependencyCheck.
 *
- * DependencyCheck is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
+ * DependencyCheck is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation, either version 3 of the License, or (at your option) any
+ * later version.
 *
- * DependencyCheck is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
+ * DependencyCheck is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
 *
- * You should have received a copy of the GNU General Public License
- * along with DependencyCheck. If not, see http://www.gnu.org/licenses/.
+ * You should have received a copy of the GNU General Public License along with
+ * DependencyCheck. If not, see http://www.gnu.org/licenses/.
 *
 * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
 */
@@ -28,7 +28,6 @@ import java.util.logging.LogManager;
 import java.util.logging.Logger;
 import javax.xml.parsers.ParserConfigurationException;
 import org.apache.commons.cli.ParseException;
-import org.codesecure.dependencycheck.data.cpe.Index;
 import org.codesecure.dependencycheck.data.cpe.xml.Importer;
 import org.codesecure.dependencycheck.reporting.ReportGenerator;
 import org.codesecure.dependencycheck.dependency.Dependency;
@@ -38,18 +37,17 @@ import org.xml.sax.SAXException;
 /*
 * This file is part of App.
 *
- * App is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
+ * App is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later
+ * version.
 *
- * App is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
+ * App is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ * A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 *
- * You should have received a copy of the GNU General Public License
- * along with App. If not, see http://www.gnu.org/licenses/.
+ * You should have received a copy of the GNU General Public License along with
+ * App. If not, see http://www.gnu.org/licenses/.
 *
 * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
 */
@@ -118,16 +116,7 @@ public class App {
        } else if (cli.isLoadCPE()) {
            loadCPE(cli.getCpeFile());
        } else if (cli.isRunScan()) {
-            if (cli.isAutoUpdate()) {
-                Index cpeI = new Index();
-                try {
-                    cpeI.update();
-                } catch (Exception ex) {
-                    Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
-                }
-            }
-
-            runScan(cli.getReportDirectory(), cli.getApplicationName(), cli.getScanFiles());
+            runScan(cli.getReportDirectory(), cli.getApplicationName(), cli.getScanFiles(), cli.isAutoUpdate());
        } else {
            cli.printHelp();
        }
@@ -136,6 +125,7 @@ public class App {

    /**
     * Loads the specified CPE.XML file into Lucene Index.
+     *
     * @param cpePath
     */
    private void loadCPE(String cpePath) {
@@ -151,13 +141,16 @@ public class App {
    }

    /**
-     * Scans the specified directories and writes the dependency reports to the reportDirectory.
-     * @param reportDirectory the path to the directory where the reports will be written.
+     * Scans the specified directories and writes the dependency reports to the
+     * reportDirectory.
+     *
+     * @param reportDirectory the path to the directory where the reports will
+     * be written.
     * @param applicationName the application name for the report.
     * @param files the files/directories to scan.
     */
-    private void runScan(String reportDirectory, String applicationName, String[] files) {
-        Engine scanner = new Engine();
+    private void runScan(String reportDirectory, String applicationName, String[] files, boolean autoUpdate) {
+        Engine scanner = new Engine(autoUpdate);
        for (String file : files) {
            scanner.scan(file);
        }