From 49465888b2565f242e1631bb7deee6471f665391 Mon Sep 17 00:00:00 2001 From: Steve Springett Date: Sun, 27 Oct 2013 12:42:27 -0500 Subject: [PATCH] Adding support for proxy authentication to core, cli, ant and maven. Former-commit-id: 1461b13a3fd8c0ca309e56afb67148fc8de31e63 --- .../taskdefs/DependencyCheckTask.java | 53 +++++++++++++++++++ .../java/org/owasp/dependencycheck/App.java | 13 +++-- .../owasp/dependencycheck/cli/CliParser.java | 48 ++++++++++++++++- .../dependencycheck/utils/Downloader.java | 23 +++++--- .../owasp/dependencycheck/utils/Settings.java | 8 +++ .../maven/DependencyCheckMojo.java | 18 +++++++ 6 files changed, 152 insertions(+), 11 deletions(-) diff --git a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java index 6cef89068..4983cfcbf 100644 --- a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java +++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java @@ -323,6 +323,53 @@ public class DependencyCheckTask extends Task { public void setProxyPort(String proxyPort) { this.proxyPort = proxyPort; } + + /** + * The Proxy username. + */ + private String proxyUsername; + + /** + * Get the value of proxyUsername. + * + * @return the value of proxyUsername + */ + public String getProxyUsername() { + return proxyUsername; + } + + /** + * Set the value of proxyUsername. + * + * @param proxyUsername new value of proxyUsername + */ + public void setProxyUsername(String proxyUsername) { + this.proxyUsername = proxyUsername; + } + + /** + * The Proxy password. + */ + private String proxyPassword; + + /** + * Get the value of proxyPassword. + * + * @return the value of proxyPassword + */ + public String getProxyPassword() { + return proxyPassword; + } + + /** + * Set the value of proxyPassword. + * + * @param proxyPassword new value of proxyPassword + */ + public void setProxyPassword(String proxyPassword) { + this.proxyPassword = proxyPassword; + } + /** * The Connection Timeout. */ @@ -459,6 +506,12 @@ public class DependencyCheckTask extends Task { if (proxyPort != null && !proxyPort.isEmpty()) { Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort); } + if (proxyUsername != null && !proxyUsername.isEmpty()) { + Settings.setString(Settings.KEYS.PROXY_USERNAME, proxyUsername); + } + if (proxyPassword != null && !proxyPassword.isEmpty()) { + Settings.setString(Settings.KEYS.PROXY_PASSWORD, proxyPassword); + } if (connectionTimeout != null && !connectionTimeout.isEmpty()) { Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout); } diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java index 7bd4139d9..9deca7db7 100644 --- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java +++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java @@ -98,7 +98,8 @@ public class App { cli.printVersionInfo(); } else if (cli.isRunScan()) { updateSettings(cli.isAutoUpdate(), cli.getConnectionTimeout(), cli.getProxyUrl(), - cli.getProxyPort(), cli.getDataDirectory(), cli.getPropertiesFile()); + cli.getProxyPort(), cli.getProxyUsername(), cli.getProxyPassword(), + cli.getDataDirectory(), cli.getPropertiesFile()); runScan(cli.getReportDirectory(), cli.getReportFormat(), cli.getApplicationName(), cli.getScanFiles()); } else { cli.printHelp(); @@ -149,8 +150,8 @@ public class App { * @param dataDirectory the directory to store/retrieve persistent data from * @param propertiesFile the properties file to utilize */ - private void updateSettings(boolean autoUpdate, String connectionTimeout, String proxyUrl, - String proxyPort, String dataDirectory, File propertiesFile) { + private void updateSettings(boolean autoUpdate, String connectionTimeout, String proxyUrl, String proxyPort, + String proxyUser, String proxyPass, String dataDirectory, File propertiesFile) { if (propertiesFile != null) { try { @@ -184,6 +185,12 @@ public class App { if (proxyPort != null && !proxyPort.isEmpty()) { Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort); } + if (proxyUser != null && !proxyUser.isEmpty()) { + Settings.setString(Settings.KEYS.PROXY_USERNAME, proxyUser); + } + if (proxyPass != null && !proxyPass.isEmpty()) { + Settings.setString(Settings.KEYS.PROXY_PASSWORD, proxyPass); + } if (connectionTimeout != null && !connectionTimeout.isEmpty()) { Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout); } diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java index 8b2715d93..3fccf1826 100644 --- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java +++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java @@ -175,6 +175,14 @@ public final class CliParser { .withDescription("The proxy port to use when downloading resources.") .create(ArgumentName.PROXY_PORT_SHORT); + final Option proxyUsername = OptionBuilder.withArgName("user").hasArg().withLongOpt(ArgumentName.PROXY_USERNAME) + .withDescription("The proxy username to use when downloading resources.") + .create(ArgumentName.PROXY_USERNAME_SHORT); + + final Option proxyPassword = OptionBuilder.withArgName("pass").hasArg().withLongOpt(ArgumentName.PROXY_PASSWORD) + .withDescription("The proxy password to use when downloading resources.") + .create(ArgumentName.PROXY_PASSWORD_SHORT); + final Option path = OptionBuilder.withArgName("path").hasArg().withLongOpt(ArgumentName.SCAN) .withDescription("The path to scan - this option can be specified multiple times.") .create(ArgumentName.SCAN_SHORT); @@ -215,6 +223,8 @@ public final class CliParser { opts.addOption(verboseLog); opts.addOption(proxyPort); opts.addOption(proxyUrl); + opts.addOption(proxyUsername); + opts.addOption(proxyPassword); opts.addOption(connectionTimeout); return opts; @@ -330,6 +340,24 @@ public final class CliParser { return line.getOptionValue(ArgumentName.PROXY_PORT); } + /** + * Returns the proxy username. + * + * @return the proxy username + */ + public String getProxyUsername() { + return line.getOptionValue(ArgumentName.PROXY_USERNAME); + } + + /** + * Returns the proxy password. + * + * @return the proxy password + */ + public String getProxyPassword() { + return line.getOptionValue(ArgumentName.PROXY_PASSWORD); + } + /** * Get the value of dataDirectory. * @@ -470,11 +498,27 @@ public final class CliParser { */ public static final String PROXY_URL = "proxyurl"; /** - * The short CLI argument name indicating the proxy url. + * The short CLI argument name indicating the proxy username. + */ + public static final String PROXY_USERNAME_SHORT = "pu"; + /** + * The CLI argument name indicating the proxy username. + */ + public static final String PROXY_USERNAME = "proxyuser"; + /** + * The short CLI argument name indicating the proxy password. + */ + public static final String PROXY_PASSWORD_SHORT = "pp"; + /** + * The CLI argument name indicating the proxy password. + */ + public static final String PROXY_PASSWORD = "proxypass"; + /** + * The short CLI argument name indicating the connection timeout. */ public static final String CONNECTION_TIMEOUT_SHORT = "c"; /** - * The CLI argument name indicating the proxy url. + * The CLI argument name indicating the connection timeout. */ public static final String CONNECTION_TIMEOUT = "connectiontimeout"; /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Downloader.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Downloader.java index fb3f0568f..ad1fc461a 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Downloader.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Downloader.java @@ -23,12 +23,7 @@ import java.io.File; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; -import java.net.HttpURLConnection; -import java.net.InetSocketAddress; -import java.net.Proxy; -import java.net.SocketAddress; -import java.net.URISyntaxException; -import java.net.URL; +import java.net.*; import java.util.logging.Level; import java.util.logging.Logger; import java.util.zip.GZIPInputStream; @@ -187,6 +182,22 @@ public final class Downloader { if (proxyUrl != null) { final int proxyPort = Settings.getInt(Settings.KEYS.PROXY_PORT); final SocketAddress addr = new InetSocketAddress(proxyUrl, proxyPort); + + final String username = Settings.getString(Settings.KEYS.PROXY_USERNAME); + final String password = Settings.getString(Settings.KEYS.PROXY_PASSWORD); + if (username != null && password != null) { + final Authenticator auth = new Authenticator() { + @Override + public PasswordAuthentication getPasswordAuthentication() { + if (getRequestorType().equals(RequestorType.PROXY)) { + return new PasswordAuthentication(username, password.toCharArray()); + } + return super.getPasswordAuthentication(); + } + }; + Authenticator.setDefault(auth); + } + proxy = new Proxy(Proxy.Type.HTTP, addr); conn = (HttpURLConnection) url.openConnection(proxy); } else { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java index b14b665ac..ed4d6ee83 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -125,6 +125,14 @@ public final class Settings { * value. */ public static final String PROXY_PORT = "proxy.port"; + /** + * The properties key for the proxy username. + */ + public static final String PROXY_USERNAME = "proxy.username"; + /** + * The properties key for the proxy password. + */ + public static final String PROXY_PASSWORD = "proxy.password"; /** * The properties key for the connection timeout. */ diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java index 9afc8ccf8..e4ca394d7 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java @@ -160,6 +160,18 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR @SuppressWarnings("CanBeFinal") @Parameter(property = "proxyPort", defaultValue = "", required = false) private String proxyPort = null; + /** + * The Proxy username. + */ + @SuppressWarnings("CanBeFinal") + @Parameter(property = "proxyUsername", defaultValue = "", required = false) + private String proxyUsername = null; + /** + * The Proxy password. + */ + @SuppressWarnings("CanBeFinal") + @Parameter(property = "proxyPassword", defaultValue = "", required = false) + private String proxyPassword = null; /** * The Connection Timeout. */ @@ -625,6 +637,12 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR if (proxyPort != null && !proxyPort.isEmpty()) { Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort); } + if (proxyUsername != null && !proxyUsername.isEmpty()) { + Settings.setString(Settings.KEYS.PROXY_USERNAME, proxyUsername); + } + if (proxyPassword != null && !proxyPassword.isEmpty()) { + Settings.setString(Settings.KEYS.PROXY_PASSWORD, proxyPassword); + } if (connectionTimeout != null && !connectionTimeout.isEmpty()) { Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout); }