From e203bc63e9ba05969df5f33bbce9d6e5abeb10d3 Mon Sep 17 00:00:00 2001 From: Andrew Carr Date: Fri, 25 Aug 2017 13:54:40 -0500 Subject: [PATCH 1/5] #842 Honor skip configuration in reports --- .../owasp/dependencycheck/maven/BaseDependencyCheckMojo.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java index dbebb3ab6..a55f77618 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java @@ -593,6 +593,11 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma * @throws MavenReportException if a maven report exception occurs */ public void generate(Sink sink, Locale locale) throws MavenReportException { + if (skip) { + getLog().info("Skipping report generation " + getName(Locale.US)); + return; + } + generatingSite = true; try { validateAggregate(); From d8f79fa51d52b77a68af3c43cd60c9ac5b7cc91d Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Mon, 4 Sep 2017 07:41:23 -0400 Subject: [PATCH 2/5] added jprofiler logo to site --- .../images/logos/Button-Built-on-CB-1.png | Bin 7493 -> 0 bytes src/site/resources/images/logos/jprofiler.png | Bin 0 -> 4259 bytes src/site/site.xml | 12 ++++++------ 3 files changed, 6 insertions(+), 6 deletions(-) delete mode 100644 src/site/resources/images/logos/Button-Built-on-CB-1.png create mode 100644 src/site/resources/images/logos/jprofiler.png diff --git a/src/site/resources/images/logos/Button-Built-on-CB-1.png b/src/site/resources/images/logos/Button-Built-on-CB-1.png deleted file mode 100644 index b9d0c94d10f62f426a3579265e9f7fb6265920e8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7493 zcmV-L9lGL)P)Y@0@$ez31FBbLY;TGc3n(jI)x)S%OfG3l-LF^X52OmdYc4+pd#>+k(~9 z)Of62^X7tf1Bi3w(&zehNYts zdQeOtGJjw*{lbL{g1UtSyUm{S!exr~(MKP4jE|px4Ugx|n-{3ld1@9dTAWYoF^9$l zW6ld35-~inc>Y_b5h#^FSfv!)7HsR5%{K}Q3lb2I7iNp7IqIDzOgK22qv5hVc>l8I z%=S7mN`*o3A?CawC|h&nKp^M|BQFDqXc{wioX@l=liS9`zLrU05;+mX+X#A8g--k1 zrAx*Kd-TvE0d-*L5%DnzCN@FPKo*gB8>K`>5oS~fR(?KU0Pnm&z(hU}g_i?UaBv9u zVYv}MKoO{J{63 z{oAsV9^31*NDmErA9G$19yl^NO^_oyVaZ$QN_^dbfrA&gd3Z`*19>EgLdN+s5>Us1 zj7HP>va%chwUp4nQsAoJS|T;}7{+K@#D(!T3C<qQk^;~L{L(OPL(OaZ!TQu)crzU4LT*P zyi?2kT;fjcfKl+MjJTIRt?i4AD9-+vScXo zA(mzRLN;xB))J{P$HU9@{@zK+HI2b-P8>LWliM=NQ)Hp3pMJh3m0_%|NKit{oHcR& z0FxZTv9YmXRaI4W**TX>cWnPX$C9=w$B~gyr*`k&*^lxNbttuSN1TBxo`oYbmf^f1 z^TaYHScd6x`SO*T`$moM!Q-Ul17#h8+WSG#Ygxi4-Pf+)P}n!LkLT*ut7Y%#kj_@} z^Y`avBCe=IaNJdj!MHX)uHQtCZ;y4G&YjoKOFw7Bsfw1`R7f>*Z&nq zI)k`%27_)`M3{EWYOUt7!c+qR7?_utL;}75S z6IN00fT0JjHsEq0b_N9`mK5`i+;H|Bzm5r=(ZU3ltV}!=*xrLzF)z9EODk~pVS4uoB}*^BjKC3wS!I*<1Glmqx4vhKdghq^R+C)dNH|$Az1Kd*`acPHTdNj z4CQa0NyigGgE|2W?_-Ma2aVH}l$6}iXtng#qNv|Jp}1041ZO)v+`$&$4?1`maRJU? z8P1G&k}85VEjOfn>BYHZ*dt8t2OScfphPEyX)nHfB{eEC4~P|~h;qHoH!0aJTE)Ty z1b_aqyX~b*83QRublTpy{PQj_jAR$_D3MeSCk0=Clcj#CdPl*aGw%y|i!3CpxKqoP zK6Iz{gKu|>>rjgua=fWpP@%<*x)x*`zALJccvalK1<{m2s+j`^hrQG}=GDq{Ki>+e zdPl$_^cB9o`;(j|&k=oS4A0V%lE9ricl-sbK1ZzKTfHVd{LGBxlaEbJvBtm=b;HZb z1H6+{oVGmXh(0Lc2~X9#XJutZ%h6c%Brs4Z5Z)t4>?ko|YGJ89+Ru*8w0g8R1*B=@Gf zv$Af?K7L%$os)*)aP^HWk_lyjV(}VU4$lrFV&mo&)z;SG>R=Bu4xb|&jCOtc^cmjk z)~!VvQWrV?{x+}1#FgrFURtOd0C-H|FI)BSD+L1&K^ikJr)I21L+{lk`x;bd=tlLnfVUc@i1j zaM}}5<1u@Xc#2WzgR4wTJ?bqEsS?a$BS>Hjx0l)Z4HjH9dSQamX!A%ewcdW<oM!Rs~JBA0MqBT!GK2>}2R63WCkbu1K+Q7s0`U+;xz9bXua592CA|G><>*49i zzVgxw+Dn;P=H`mq3w)F$(mpu?TSk(-Zoq>i5l`IlWG%gUM!{yh`lno$_euW1Uk?|3 zRF2=rOA_=9IV&#B!R)uvk;d7#pCRhd3RyFe?>(Fw`SehRENaH3U1j&h}_PHIhAAb25#3x^uF^m5NinNU6r0jISEV$qH90 zPBoBHjX4=#HIS1Pu2h_AAf*~}GQQOXJld9i{Rj5cXf*gXGu;(Ts~nO$`weJ^bixMH z($doRtS$Laa+?Nv;E^eb`uE>k0|dWQB1h-be%o%dU5;*p6ZlW`_xF#1<)3@4$+D`5 z@ee(`KV$Z+O~9bDH6{+IYZZ^ir#<#WVqjqVoe+B_N=}DX4Ftyd3kW;P5jzl$JAqn7 zf;Y{`V{5t2${Hwo%46}&%xA=pQ02HZKb!=t5VD;+ckTdqaF!;73Cpw|9;}fd7gMKA z>$z#;#tb3O?OKMX2i@R$lqJwSW|cG1y&b9mggZCm#% zS8^*p`|Pue6z>+~-9ToRlw4T@XAS&E4RU=8H@`T2Um9=L3HPb?S=M0cyU zH5!d*7(U0gT)TD+ACcqxW#~bK7X&)%^q>EHOrEfUadFRFM(?|O`CyK96c6ccrzC42 z*nEfgNDcPH*=qbNU4ngIj|d~zt^A70y8r&2Rf&$uKdk!keAN&O)yr^^XGluJ%3)wJye5TsAI>B@;G|*C>s$z#C^pI#`Ndj{RW6y z;|p+C*lo(0I1~1T(s||O7jPp--RGN)tg6*^d214US#k*eT8ZGuARg% zll=o+o(m22sHm;w-a2u-lI~2E;tvsc_>GlP^(_qs`xM5*Bw?>qzeEZZBCs0bL3n;| zkYFPs5AWsg=K=;|ERBOiU>tn;*<;7(G48$F2Jm~sj374HsFsQMLd%NQc5F)# zcz!3pcY5CCKEU0>?ehTx-Gxemy>q6~-rk5KmE1bGxVQ<8vo!S>ZiaM)xCZWMXmeCX zUJfvk<0Zwv#lvI`1eYKj@mNo`@;*PHKMUatG!OOc!Fz&PJDSl!9pw0EWD zPP4KVm*(=RK zA+*eJbE_T3slkL>iXniAkdsKMp1S&_Ik;yrrJp&AhCuH_9K6>t;SY}w9X`szo^1qk z_m3OHtY7~#3B}3HeeU4RTusB1}Mm+^?l2qzs$l zxy6SLbK5d9Fq$QS(M|M1?r2m<94MZHC@vft1M&Ck^*kTAevvZbS^V%ul>dP>=#8ln zUNa=qW^+AcH}SS?*eowP`7L6jvB0kA4B1=DZfg1Y_6y7 zPjYyJq6+V?5D${Dy-LgV93=i_r`cv)I$9-28-hN7(-i)iA<<6Pvtn5^0L~t3;8jQZ zC<1XX{Ax)(QvE*|#&gDuXI$|u2Y}QDhlIGEJ(FH{I{mB`;foi4R0eN5FgZCnNKbeY zO0x_IM}%|~uA|4m#{?1Qs6L2nz^ef`z2y+MnJ{hopS%Z|hzH>)x)ncs&4d3{S67qQ zM8H%0wOUOb80E6Lp1g*F@V@u-L*?lqs$FqV`#??V(Idrp48|#ewKh*!3C~}!U}0`$ zWkor>igF$EpEqs2fwU7QJ_rk28safXL*c*+jjx}-;N5EwXV){dZ(sCEOgv6;aWNVc z6W?At%7lT`pX^FP^wh^bIXB~(sZvCahBbFAUvF=3?ScjKdwP56wDI#7p4Y=E+0lJa z!XH)=X22EYgcOaef#5a>qiyb%B62jWxees#_BNG2c=7#mJY=syVA0aYUyXG?a{t&2 zIbsLGl`O0}uo;eL4YSgFtVxmeAWHPqTk+ct4j+1w9y=ok52ELFXNbFHGQc>KAu>t0 zwFcNU5E73VGcLwMryK3!?v58iho|(Thsku^;eu|V0N8f51FnTX*lI$f3}lOmTJJaw z$WF5zCsO6CL<6dUlxXV~;Hn0?1xi;UQZO@MkrQ)g@kkEkYL=s9-L8=Cn zXh3!wi4rCln?zq;w&LzVLvsB_jof{>XLqs_SP75Y9oHNV*D|p5?cQv)eHI$HcJ*qH zg9i^h43TB8m6w;z!|hTQD2fl8w8TAX-1zD4I^A4|g7K|l$#)pRurj@Wo8;sc8?N{c zGe@&D7q&5b{<3w;bDo}_Q}Xlk&fCk>ZYLTX7V%5S+_@J{v~SmBPqw%5&ZGk;3IHdf zZ#_6uv?|NN8pz7b?3bE)WE%v$`rIB-c1`ETPntZr_vFbg2iv#9H#maq5qzi7unb4O z^I@yqum$_+)MFT!k4|HY#*+_;wT~o`;Yp zIMuj=hmKrbwQAM5dNlRFsT%0j>u&sf+*r6r+N+e8T~{KFR*QqFol;?UGCo|1Ft8C` zd2OcQ!y-Cin64v7Q_CX4!+b`L7#^_lt8XtKI{4QOBnBtwC;R}?bI(23331@n!c$mp zd5kb~*ss8T{RfaxUl1P52g=>yvt+e-dDrUSr$=(JeR?fLVMJaFF5GiT21 z4s9!?GQp|veP3*+p>2SF#pwG+2EfV}1 z%jyJ%p&o=d<}$J)^(GUC10NI5!wi!>u1Bx`zm%D63hi?@wwK2r5*AK)o;sb5j@-tI z3}nL7;Xx}&HpiHp9_%7y>%X!|rWJCGn*xWATWi-wM*4fZy3&9wvh0#C=hnP+;#j#L zl%S*9g@e#jwjqLw)9Gj6tFN(b`uFS0;ul-ju3c}0&>0wwfzZd#f5$Lq&TJRBGWg)v zU;*FM@19WPK@0-&~shl%^<65dtg|%)C$PR34YB68>M6?iZmiczXNVZSg078l}|2CXGhrt)Q zb>qj&UMew`AUF`YazJca#@nq?KExa=C_tX14M>M!SmoOMb^Uka3GO66f9A7sV@0^D z(oQm~va_r^lZZl2k_vB)8W1^xLIsG1)$ZtMkpsM)a)5#0o5+&2<`~y1NH8D5>nk!2Jbn&8GD`}`k$$E(G%+TnxX(vw;oF3h~G2Y(wi+UNCGMR*gPdT``XN0(x%;0$u z2SHkyWeH1&^KbZZBL^Y1cr=WH+aahullbfJ%+{@2thR|KQcw`K4cnrC)GkzK%d@MI zR*0J7L?Y!v#9&!5Gk5J`V*3wZae&f<)4f$EPjO3gvMC62{)!<4S}Bt@;FTo5s)~sn zJV15@S zv;o-g@(5Gs{ZaXfCEDdgu!4bOO5{Y=BtuwkWwuOI1t4U||8_whW958^nn$agQB4j=}WlfJHt$ zE**RTWAM{R5b~RBbcF$GghA_ugBCuu#6YlPBRCbY*}8S#q2uubc+Q+TuCV*S6!+S^ zI{5A(E}!$Zg+X1{wp}|GV!&&`fyv4w#EN&vD@4RuBrg)G}*X6^8d%2zCi zc2F@P5HvV@+QUSOWY=z~%b?t}@^ zWVgfNBdMsjT3GDkabXb3euQrQ`tObJER5Gd0qP7Q7&s6)PD)O}_7fZkQ;)i!V^O3xfIB6@bphL8SE3D9 zL=0b@!vXD-&VutOYMTR*QOQ2%WUzD#33k!xbmT0zZ+}YF+O=y) z+-e~%Ts1^H1ePrQv?TrXDWc!(>?{W8*fFC=dZI&AR#uwUuUm&(b@&7W7|Xh_@Ceh! z&A*h-oc<4=9^FHLF1ZT!%egE|_{3{3lp%b7AtECFZ`*fr@GVp?l%1KCQ&&}0$)%q; zSG)c9-ztP{1N2HEKJv=S&M{!WkQapd$4>;{W@P4Q>T%cbu)!X$&x_T;r*3K~4%Pur zyjs=5cON)xAL5`~tn1z_n4Wm>(5j9R!9l5U%fb@E?R(fd>5;E4KL6}P68u^$XlS|K z)h8)gGeC@;fB5Cx2aa~_e5=kH_Ug)RI=J-WZiU;{i6GuOvuM%c>%tBq3>-)V6V|Kc zn;OW^%L}x}fslh;)45HnzFZwS>5(~IpLvSA?BU_Cd!w6OybVhATjj6a1}#yW(99Yr zE-Gr5nVIpEy=?88&QW3GCQSSyC@j41!SEp$D6FOC;ra?6zx_$MEwz8GwO{-8?ipWE zp`U;C>eWPhbpgA?5I#F|KQ{~kv zHK00Ct2DdX>E_gc>O{?{O_f)x)PU+ltqxsmE P00000NkvXXu0mjf6Z3E^ diff --git a/src/site/resources/images/logos/jprofiler.png b/src/site/resources/images/logos/jprofiler.png new file mode 100644 index 0000000000000000000000000000000000000000..66a57cafc1b004ebedb450753592d0d89c82e9ac GIT binary patch literal 4259 zcmaJ_c{o)28@H6QCnT~=BaCe}#w?LALt{5thN#BOU>If^Bb23Z%P!O{6=f-VmR6KK zS*~QuQg*VZX|aaixc7E{zd!EtJI`~@_k7>;e%|-_e;_eK9UTiiK1Aznv27&{1zzmir1cpYVAy7C34%g;tX!{5Iu}MMNe*Vh8 zEMTerWEPFdrZM~gI~Gaqi~zO)kjwP15PX?dR{t3G^Zz?h+>}9rNK6O}42Agm?!@({ zwm+Ld{V$Dw)%Ld!W>O&psy`!uMdsGSL-`k&o4fz-Xh)ID24lmbaf?EtV;STCU#cG) zk2L^tpMWVe3I?i!g2G@(T__R`)kDExC=-~jsUFHy2daZZ8X=IsZ2T)0se?9x!A;Ou z6D$mdL!eOzBdjjc$k@mfVTwQ+{len?{MjTwGWC~V+K%79u*Uxvi!otQNo)qop2491 z>Hu3W2AkpU#b5$VO#ZAm0AxiX)BJXX>N`dHD`qT}MLSQWn6enYfIqX0q5TUB6p2hC zxkL4|(QvYkwyrLTtW84dkhS&59taeIL`5Jx+<|}NDgTqbzq*tw;YPyzMF<0R*F&Nx zy6)OkJsp@fH>)UZ6j=|cjndJDLJ=?&j6{I}AzX@(oyPf}M*1bm}1M1778Xa$xzwJG6q~ z*;|$GJhcYg%kQ+T&oMF+*)fPKbo78c93MW<&au!s6>V!#d2oz9(-_;pEbnV>{qfw~ zEKp*eRo+h7y(pSOO<@L<38u#Wad4n7`tX3j zj;x&)Q*S9?>JPksCj?P9Ul7oer8Xp}cu;O*RI6OE1<1mm#Nhr&4Kv$&mzDOFp*9!I zrSpqS1;atlN$1j}J@{)mo{V(f4?gj$v+LLOrD^GdO?vTw~$bQWE3;{C4CFNZaxn~aZoKEI}Tiej98vhK-E zN@iz9P1Dtu*YHHWmRpYp1d|?BT(D{!FQI)p;?roHj(6zQBDFZ)u#flcjRpKsq?9i) z`?5{ECRcj+y+@FILj5X2X~JK`uPyWi#26UX;uv?ZN~;4DGCQ;OZjQJDZ0Xb0dcX9r zS7}f32;=en8>_HpvAgGaAPd6v_+;;fo4l*~V3Af{^SENr+qS5o0&mr;PNu%8N;gCm z@A`3UKUiM>p4k(KrRM4#NP4v;Q1a#JqprfZHAS)P;Ln6uCE_6$iKa1|3ApWW2gose zd%ZR4aK--N?cW49-hx)=v`W9_D5a$c`$O96S2NQ&B9L3Qo+IcJ;ON-PuA?c9Iusno2sX#gmAxBJEae_y?_+aWyq< zusYNlq4~lmJ6@&)IX)P0?8Qe#SEt|OBolaFUeu2kkQo)+m+3Vbp(WU`ZY$Mx^Y~?9 zEB5F2b_e7K$7;W1xym&};O(^JkV4q4k;u7_ zbBif%SFbo}y5)HZ9eK6IKeAr>ur;-G>Fd{p(rxU!rmiOIPgO^w5y}HCX_1z|3n8YO zNU$VRs4xK3Z&g?|FwcitVv^@dMT!jjg`P_pNLW6S16o??VA*ZCH%87(_j5WnbuY(8 zNdB;vQ#Q*n(xJAyS49c*@}YMYS9}!Qk#IpLnDB&L_9C=M;oFG!z8u-k zH`kvGWofd?g2*QFq|+H)dxT9tO#C#Q+B+I}>Mic6O@M-ks+f&m`TUs;^s9V)G$QpA zx##$)sz&oq_mWEbJEQi9qqf)?Hv7| z(>ZFz&956Ztj?Dgm6+#+{_ys4du$jTfRrm^NAPL}w)R_Oo`xl3QwiZV{Yd^G_7#aL zZ>b=PplO^mZ^@zZk*g0Tif7E~{C*rmyjl=n>k2uu_pYBH_QC#)=Exews6umi)*xE_ z2kzNK-&Kas zRCQa4SU)#y*4k?oV-B*6u;SWTPG+x6RAwWUA)yT|v@pb-H{2SqesuSBs zU0x17mYa^I+MMrF99+)|&D1(AStlMWwJWsTg@njS)atuoUXN|fBV?_E>HuQzHDP?t zv0pdcMvI;2#O8;3KVM%&VameB#IG;or@d4N9WbY^uzU6uIH_B(#sfFRrrlD0I~Q4W zZc%Au=&tSeK!Ll%OLB({pH3ikk1RGcZqFXP7&Mj)F01?w`xz+{e{g~jFgVh3Le;rdw+>vgW;@`JT%+tD8T zB`?W`H#|3q{{6CQj%jqYx9iueDkIfmHw*}!QV%SE-LB;=FLG-4gPj_M7A|(bgDu8< zP4p^i*!~e^h>ibDlz3)Qn%an~;55PyT3w5=XVvaWRZ*r2N%2)wCV)PgDKyBJ z%(HHkE(z~GT@gSrPP2EJ%d36`BC$KWKKd#@jv*#+H0SkCUhSG%*}b?$6#F8i=O9}2 zc-%leQLg~wO(*?4;=|{<9Gp!!)R&WSms&d)+?03w{oC8mbV2Lbc!`*@%}BfIqe5Wo za)DUwL{`iFqhA&>K9!!2F^`j)MU``M8V@L>*>||zft;>6*PIM@3mXZ#z=(Sx{+<{z zB%|x@(6h#ABM3hfP3F{R&O8)Ib;fExGUMF*8gZXG1%>^Y9H;?xv{1%kqwIJYl@211>zolm^*J(w$LhN z$MhBUUF?BCgksb0xrQc14g9{lq!4H2>z51YtB3RR#oaWb5g33{maI_U0s)Wn#h$|N z4<*+fYZBdCZ*^=S(DTbz3AF{?wCp`DxPeQ`(y1C>3vWMZ!4*EeDbv3z*ioK!MR}i3 z8o8vG+?hwW1k(ybbTXHFE>z+kKT%s>$yh#*e`yx66oYTezf*I}JiF;x!V39;eM@*1 zT+*fS!u&Q^P zgyw-HOAcvluWX6@3TYNB!~TAP34+j_@;5h2%@)$e4d#@E#}RyzjVUBGR`BcLLMQPG z^-XP=sFbf8aeY23m9NnQOTVdfXI!&a-q`({`0~@Q(PsBDGK9Aj3ZA>UbE-jGh=krlUHjnvy5@v#Apvzc30~(H zhuZbJh~9IP#VsA}%cRz`0X|+5a2!}pTwXtS5addu8Tju)Rw_hJ@K4njvF zjSF3r;VyI_!5Quk>>|fOMMDxbzkhTrqUS-9>d2g1`p>ErD$K|#14fJY#2(b=QHzEy zgT;fEJAbM}5;S%kJ#oII2?G|#)ze`?xl-F?(IHATL;SPDZCAo2$|BeIXXB`zhRdVQXA*3KZ6ZnF^cB>KT+C9~0CC-nfB*mh literal 0 HcmV?d00001 diff --git a/src/site/site.xml b/src/site/site.xml index 4da3f6d45..e549137b6 100644 --- a/src/site/site.xml +++ b/src/site/site.xml @@ -49,13 +49,13 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved. - + From c4726088763153ea05735837de6cf9e8ad4a171b Mon Sep 17 00:00:00 2001 From: stevespringett Date: Tue, 5 Sep 2017 22:52:00 -0500 Subject: [PATCH 3/5] Added updateOnly and the loading of user-supplied properties files to scan agent --- .../agent/DependencyCheckScanAgent.java | 90 ++++++++++++++++--- 1 file changed, 80 insertions(+), 10 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java index 22f5e0f62..c7f5b1021 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java @@ -18,9 +18,11 @@ package org.owasp.dependencycheck.agent; import java.io.File; +import java.io.IOException; import java.util.List; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.data.nvdcve.DatabaseException; +import org.owasp.dependencycheck.data.update.exception.UpdateException; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Identifier; import org.owasp.dependencycheck.dependency.Vulnerability; @@ -100,6 +102,11 @@ public class DependencyCheckScanAgent { * recommended that this be turned to false. Default is true. */ private boolean autoUpdate = true; + /** + * Sets whether the data directory should be updated without performing a scan. + * Default is false. + */ + private boolean updateOnly = false; /** * flag indicating whether or not to generate a report of findings. */ @@ -207,6 +214,12 @@ public class DependencyCheckScanAgent { * The path to Mono for .NET assembly analysis on non-windows systems. */ private String pathToMono; + /** + * The path to optional dependency-check properties file. This will be + * used to side-load additional user-defined properties. + * {@link Settings#mergeProperties(String)} + */ + private String propertiesFilePath; // // @@ -318,6 +331,24 @@ public class DependencyCheckScanAgent { this.autoUpdate = autoUpdate; } + /** + * Get the value of updateOnly. + * + * @return the value of updateOnly + */ + public boolean isUpdateOnly() { + return updateOnly; + } + + /** + * Set the value of updateOnly. + * + * @param updateOnly new value of updateOnly + */ + public void setUpdateOnly(boolean updateOnly) { + this.updateOnly = updateOnly; + } + /** * Get the value of generateReport. * @@ -810,6 +841,24 @@ public class DependencyCheckScanAgent { public void setPathToMono(String pathToMono) { this.pathToMono = pathToMono; } + + /** + * Get the value of propertiesFilePath. + * + * @return the value of propertiesFilePath + */ + public String getPropertiesFilePath() { + return propertiesFilePath; + } + + /** + * Set the value of propertiesFilePath. + * + * @param propertiesFilePath new value of propertiesFilePath + */ + public void setPropertiesFilePath(String propertiesFilePath) { + this.propertiesFilePath = propertiesFilePath; + } // /** @@ -827,8 +876,16 @@ public class DependencyCheckScanAgent { } catch (DatabaseException ex) { throw new ExceptionCollection(ex, true); } - engine.setDependencies(this.dependencies); - engine.analyzeDependencies(); + if (this.updateOnly) { + try { + engine.doUpdates(); + } catch (UpdateException ex) { + throw new ExceptionCollection("Unable to perform update", ex); + } + } else { + engine.setDependencies(this.dependencies); + engine.analyzeDependencies(); + } return engine; } @@ -866,6 +923,17 @@ public class DependencyCheckScanAgent { Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath()); } + if (propertiesFilePath != null) { + try { + Settings.mergeProperties(propertiesFilePath); + LOGGER.info("Successfully loaded user-defined properties"); + } catch (IOException e) { + LOGGER.error("Unable to merge user-defined properties", e); + LOGGER.error("Continuing execution"); + } + } + + LOGGER.info("Populating settings"); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate); Settings.setStringIfNotEmpty(Settings.KEYS.PROXY_SERVER, proxyServer); Settings.setStringIfNotEmpty(Settings.KEYS.PROXY_PORT, proxyPort); @@ -902,14 +970,16 @@ public class DependencyCheckScanAgent { Engine engine = null; try { engine = executeDependencyCheck(); - if (this.generateReport) { - generateExternalReports(engine, new File(this.reportOutputDirectory)); - } - if (this.showSummary) { - showSummary(engine.getDependencies()); - } - if (this.failBuildOnCVSS <= 10) { - checkForFailure(engine.getDependencies()); + if (!this.updateOnly) { + if (this.generateReport) { + generateExternalReports(engine, new File(this.reportOutputDirectory)); + } + if (this.showSummary) { + showSummary(engine.getDependencies()); + } + if (this.failBuildOnCVSS <= 10) { + checkForFailure(engine.getDependencies()); + } } } catch (ExceptionCollection ex) { if (ex.isFatal()) { From c31a56228b0a771dacf64e6df4120e73d37e48ff Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Thu, 7 Sep 2017 05:44:03 -0400 Subject: [PATCH 4/5] swithc to openjdk to make travis work --- .travis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 7bca5549a..7ca7bad83 100644 --- a/.travis.yml +++ b/.travis.yml @@ -25,7 +25,7 @@ before_install: matrix: include: - - jdk: oraclejdk7 + - jdk: openjdk7 env: - JDK="JDK7" script: @@ -49,7 +49,7 @@ deploy: skip_cleanup: true on: branch: master - jdk: oraclejdk7 + jdk: openjdk7 - provider: pages skip_cleanup: true local_dir: target/staging @@ -57,5 +57,5 @@ deploy: on: tags: true branch: master - jdk: oraclejdk7 + jdk: openjdk7 \ No newline at end of file From 417fda8c7c3b1e780de671104feb3d7453ac7246 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Thu, 7 Sep 2017 05:46:21 -0400 Subject: [PATCH 5/5] lgtm suggested changes --- .../analyzer/DependencyBundlingAnalyzer.java | 5 +++-- .../owasp/dependencycheck/data/update/NvdCveUpdater.java | 6 ++++-- .../org/owasp/dependencycheck/utils/ExtractionUtil.java | 3 ++- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java index 47fc8b015..21e3cc5e0 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java @@ -237,9 +237,10 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer { if (tmp <= 0) { return path; } - if (tmp > 0) { + //below is always true + //if (tmp > 0) { pos = tmp + 1; - } + //} tmp = path.indexOf(File.separator, pos); if (tmp > 0) { pos = tmp + 1; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java index b5fc703cd..c2b477b76 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java @@ -302,12 +302,14 @@ public class NvdCveUpdater implements CachedWebDataSource { } } - if (maxUpdates >= 1) { //ensure the modified file date gets written (we may not have actually updated it) + //always true because <=0 exits early above + //if (maxUpdates >= 1) { + //ensure the modified file date gets written (we may not have actually updated it) dbProperties.save(updateable.get(MODIFIED)); LOGGER.info("Begin database maintenance."); cveDb.cleanupDatabase(); LOGGER.info("End database maintenance."); - } + //} } /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java index fe4b07666..4eccc0129 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java @@ -249,7 +249,8 @@ public final class ExtractionUtil { throw new IOException("Unable to rename '" + file.getPath() + "'"); } final File newFile = new File(originalPath); - try (GZIPInputStream cin = new GZIPInputStream(new FileInputStream(gzip)); + try (FileInputStream fis = new FileInputStream(gzip); + GZIPInputStream cin = new GZIPInputStream(fis); FileOutputStream out = new FileOutputStream(newFile)) { IOUtils.copy(cin, out); } finally {