merged master to keep branch up to date

dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java

@@ -18,10 +18,12 @@
 package org.owasp.dependencycheck.agent;
 
 import java.io.File;
+import java.io.IOException;
 import java.util.List;
 import javax.annotation.concurrent.NotThreadSafe;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
+import org.owasp.dependencycheck.data.update.exception.UpdateException;
 import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.dependency.Identifier;
 import org.owasp.dependencycheck.dependency.Vulnerability;
@@ -102,6 +104,11 @@ public class DependencyCheckScanAgent {
      * recommended that this be turned to false. Default is true.
      */
     private boolean autoUpdate = true;
+    /**
+     * Sets whether the data directory should be updated without performing a scan.
+     * Default is false.
+     */
+    private boolean updateOnly = false;
     /**
      * flag indicating whether or not to generate a report of findings.
      */
@@ -213,6 +220,12 @@ public class DependencyCheckScanAgent {
      * The configured settings.
      */
     private Settings settings;
+    /**
+     * The path to optional dependency-check properties file. This will be
+     * used to side-load additional user-defined properties.
+     * {@link Settings#mergeProperties(String)}
+     */
+    private String propertiesFilePath;
     //</editor-fold>
     //<editor-fold defaultstate="collapsed" desc="getters/setters">
 
@@ -324,6 +337,24 @@ public class DependencyCheckScanAgent {
         this.autoUpdate = autoUpdate;
     }
 
+    /**
+     * Get the value of updateOnly.
+     *
+     * @return the value of updateOnly
+     */
+    public boolean isUpdateOnly() {
+        return updateOnly;
+    }
+
+    /**
+     * Set the value of updateOnly.
+     *
+     * @param updateOnly new value of updateOnly
+     */
+    public void setUpdateOnly(boolean updateOnly) {
+        this.updateOnly = updateOnly;
+    }
+
     /**
      * Get the value of generateReport.
      *
@@ -816,6 +847,24 @@ public class DependencyCheckScanAgent {
     public void setPathToMono(String pathToMono) {
         this.pathToMono = pathToMono;
     }
+
+    /**
+     * Get the value of propertiesFilePath.
+     *
+     * @return the value of propertiesFilePath
+     */
+    public String getPropertiesFilePath() {
+        return propertiesFilePath;
+    }
+
+    /**
+     * Set the value of propertiesFilePath.
+     *
+     * @param propertiesFilePath new value of propertiesFilePath
+     */
+    public void setPropertiesFilePath(String propertiesFilePath) {
+        this.propertiesFilePath = propertiesFilePath;
+    }
     //</editor-fold>
 
     /**
@@ -833,8 +882,16 @@ public class DependencyCheckScanAgent {
         } catch (DatabaseException ex) {
             throw new ExceptionCollection(ex, true);
         }
-        engine.setDependencies(this.dependencies);
-        engine.analyzeDependencies();
+        if (this.updateOnly) {
+            try {
+                engine.doUpdates();
+            } catch (UpdateException ex) {
+                throw new ExceptionCollection("Unable to perform update", ex);
+            }
+        } else {
+            engine.setDependencies(this.dependencies);
+            engine.analyzeDependencies();
+        }
         return engine;
     }
 
@@ -871,6 +928,15 @@ public class DependencyCheckScanAgent {
             final File dataDir = new File(base, sub);
             settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath());
         }
+        if (propertiesFilePath != null) {
+            try {
+                settings.mergeProperties(propertiesFilePath);
+                LOGGER.info("Successfully loaded user-defined properties");
+            } catch (IOException e) {
+                LOGGER.error("Unable to merge user-defined properties", e);
+                LOGGER.error("Continuing execution");
+            }
+        }
 
         settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
         settings.setStringIfNotEmpty(Settings.KEYS.PROXY_SERVER, proxyServer);
@@ -908,14 +974,16 @@ public class DependencyCheckScanAgent {
         Engine engine = null;
         try {
             engine = executeDependencyCheck();
-            if (this.generateReport) {
-                generateExternalReports(engine, new File(this.reportOutputDirectory));
-            }
-            if (this.showSummary) {
-                showSummary(engine.getDependencies());
-            }
-            if (this.failBuildOnCVSS <= 10) {
-                checkForFailure(engine.getDependencies());
+            if (!this.updateOnly) {
+                if (this.generateReport) {
+                    generateExternalReports(engine, new File(this.reportOutputDirectory));
+                }
+                if (this.showSummary) {
+                    showSummary(engine.getDependencies());
+                }
+                if (this.failBuildOnCVSS <= 10) {
+                    checkForFailure(engine.getDependencies());
+                }
             }
         } catch (ExceptionCollection ex) {
             if (ex.isFatal()) {

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java

@@ -184,9 +184,10 @@ public class DependencyBundlingAnalyzer extends AbstractDependencyComparingAnaly
         if (tmp <= 0) {
             return path;
         }
-        if (tmp > 0) {
+        //below is always true
+        //if (tmp > 0) {
             pos = tmp + 1;
-        }
+        //}
         tmp = path.indexOf(File.separator, pos);
         if (tmp > 0) {
             pos = tmp + 1;

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java

@@ -302,12 +302,14 @@ public class NvdCveUpdater implements CachedWebDataSource {
             }
         }
 
-        if (maxUpdates >= 1) { //ensure the modified file date gets written (we may not have actually updated it)
+        //always true because <=0 exits early above
+        //if (maxUpdates >= 1) { 
+            //ensure the modified file date gets written (we may not have actually updated it)
             dbProperties.save(updateable.get(MODIFIED));
             LOGGER.info("Begin database maintenance.");
             cveDb.cleanupDatabase();
             LOGGER.info("End database maintenance.");
-        }
+        //}
     }
 
     /**

dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java

@@ -251,7 +251,8 @@ public final class ExtractionUtil {
             throw new IOException("Unable to rename '" + file.getPath() + "'");
         }
         final File newFile = new File(originalPath);
-        try (GZIPInputStream cin = new GZIPInputStream(new FileInputStream(gzip));
+        try (FileInputStream fis = new FileInputStream(gzip);
+                GZIPInputStream cin = new GZIPInputStream(fis);
                 FileOutputStream out = new FileOutputStream(newFile)) {
             IOUtils.copy(cin, out);
         } finally {

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java

@@ -643,6 +643,11 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
      * @throws MavenReportException if a maven report exception occurs
      */
     public void generate(Sink sink, Locale locale) throws MavenReportException {
+        if (skip) {
+            getLog().info("Skipping report generation " + getName(Locale.US));
+            return;
+        }
+
         generatingSite = true;
         try {
             validateAggregate();

src/site/site.xml

@@ -49,13 +49,13 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
     <publishDate position="right" />
     <version position="right" />
     <poweredBy>
-        <logo name="Maven" href="http://maven.apache.org/"
-              title="built with maven"
-              alt="built with maven"
-              img="http://jeremylong.github.io/DependencyCheck/images/logos/maven-feather.png"/>
+        <logo name="JProfiler" href="https://www.ej-technologies.com/products/jprofiler/overview.html"
+              title="JProfiler Java Profiler" width="170px"
+              alt="JProfiler Java Profiler"
+              img="http://jeremylong.github.io/DependencyCheck/images/logos/jprofiler.png"/>
         <logo name="IntelliJ" href="http://www.jetbrains.com/idea/"
-              title="developed using" width="170px"
-              alt="developed using"
+              title="developed using IntelliJ" width="170px"
+              alt="developed using IntelliJ"
               img="http://jeremylong.github.io/DependencyCheck/images/logos/logo_intellij_idea.png"/>
     </poweredBy>