updated to resolve issue #87

Former-commit-id: 03c12742bbd99b980c605d78b3d25fb1f89ab3cd

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java

@@ -29,7 +29,6 @@ import java.util.Locale;
 import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-
 import org.apache.maven.artifact.Artifact;
 import org.apache.maven.doxia.sink.Sink;
 import org.apache.maven.doxia.sink.SinkFactory;
@@ -88,11 +87,6 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
      */
     @Component
     private MavenProject project;
-    /**
-     * The name of the site report destination.
-     */
-    @Parameter(property = "report-name", defaultValue = "dependency-check-report")
-    private String reportName;
     /**
      * The path to the verbose log.
      */
@@ -111,10 +105,16 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
             + "false positives and false negatives.")
     private String description;
     /**
-     * Specifies the destination directory for the generated Dependency-Check report.
+     * Specifies the destination directory for the generated Dependency-Check report. This generally maps to
+     * "target/site".
      */
     @Parameter(property = "reportOutputDirectory", defaultValue = "${project.reporting.outputDirectory}", required = true)
     private File reportOutputDirectory;
+    /**
+     * The output directory. This generally maps to "target".
+     */
+    @Parameter(defaultValue = "${project.build.directory}", required = true)
+    private File outputDirectory;
     /**
      * Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11
      * which means since the CVSS scores are 0-10, by default the build will never fail.
@@ -122,11 +122,6 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
     @SuppressWarnings("CanBeFinal")
     @Parameter(property = "failBuildOnCVSS", defaultValue = "11", required = true)
     private float failBuildOnCVSS = 11;
-    /**
-     * The output directory.
-     */
-    @Parameter(defaultValue = "${project.build.directory}", required = true)
-    private File outputDirectory;
     /**
      * Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to
      * false. Default is true.
@@ -149,6 +144,7 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
     private boolean externalReport = false;
     /**
      * The Proxy URL.
+     *
      * @deprecated Please use mavenSettings instead
      */
     @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"})
@@ -164,9 +160,9 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
     @Parameter(property = "mavenSettingsProxyId", required = false)
     private String mavenSettingsProxyId;
 
-    
     /**
      * The Proxy Port.
+     *
      * @deprecated Please use mavenSettings instead
      */
     @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"})
@@ -175,6 +171,7 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
     private String proxyPort = null;
     /**
      * The Proxy username.
+     *
      * @deprecated Please use mavenSettings instead
      */
     @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"})
@@ -183,6 +180,7 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
     private String proxyUsername = null;
     /**
      * The Proxy password.
+     *
      * @deprecated Please use mavenSettings instead
      */
     @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"})
@@ -355,8 +353,9 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
      * Generates the reports for a given dependency-check engine.
      *
      * @param engine a dependency-check engine
+     * @param outDirectory the directory to write the reports to
      */
-    private void generateExternalReports(Engine engine) {
+    private void generateExternalReports(Engine engine, File outDirectory) {
         DatabaseProperties prop = null;
         CveDB cve = null;
         try {
@@ -372,7 +371,7 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
         }
         final ReportGenerator r = new ReportGenerator(project.getName(), engine.getDependencies(), engine.getAnalyzers(), prop);
         try {
-            r.generateReports(outputDirectory.getCanonicalPath(), format);
+            r.generateReports(outDirectory.getCanonicalPath(), format);
         } catch (IOException ex) {
             Logger.getLogger(DependencyCheckMojo.class.getName()).log(Level.SEVERE,
                     "Unexpected exception occurred during analysis; please see the verbose error log for more details.");
@@ -742,26 +741,23 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
     // </editor-fold>
 
     private String getMavenSettingsProxyUrl(Proxy proxy) {
-        return new StringBuilder(proxy.getProtocol()).append( "://" ).append(proxy.getHost()).toString();
+        return new StringBuilder(proxy.getProtocol()).append("://").append(proxy.getHost()).toString();
     }
 
-    private Proxy getMavenProxy(){
+    private Proxy getMavenProxy() {
-        if (mavenSettings!=null) {
+        if (mavenSettings != null) {
             List<Proxy> proxies = mavenSettings.getProxies();
-            if ( proxies != null && proxies.size() > 0) {
+            if (proxies != null && proxies.size() > 0) {
-                if (mavenSettingsProxyId!=null) {
+                if (mavenSettingsProxyId != null) {
-                    for ( Proxy proxy : proxies )
+                    for (Proxy proxy : proxies) {
-                    {
+                        if (mavenSettingsProxyId.equalsIgnoreCase(proxy.getId())) {
-                        if ( mavenSettingsProxyId.equalsIgnoreCase( proxy.getId() )) {
                             return proxy;
                         }
                     }
-                }
+                } else if (proxies.size() == 1) {
-                else if (proxies.size() == 1) {
                     return proxies.get(0);
-                }
+                } else {
-                else {
+                    throw new IllegalStateException("Ambigous proxy definition");
-                    throw new IllegalStateException( "Ambigous proxy definition" );
                 }
             }
         }
@@ -793,14 +789,13 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
 
         Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
 
-        
         Proxy proxy = getMavenProxy();
         if (proxy != null) {
-            Settings.setString(Settings.KEYS.PROXY_URL,getMavenSettingsProxyUrl(proxy));
+            Settings.setString(Settings.KEYS.PROXY_URL, getMavenSettingsProxyUrl(proxy));
-            Settings.setString(Settings.KEYS.PROXY_PORT,Integer.toString(proxy.getPort()));
+            Settings.setString(Settings.KEYS.PROXY_PORT, Integer.toString(proxy.getPort()));
             String userName = proxy.getUsername();
             String password = proxy.getPassword();
-            if ( userName != null && password != null){
+            if (userName != null && password != null) {
                 Settings.setString(Settings.KEYS.PROXY_USERNAME, userName);
                 Settings.setString(Settings.KEYS.PROXY_PASSWORD, password);
             }
@@ -886,7 +881,7 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
         Engine engine = null;
         try {
             engine = executeDependencyCheck();
-            generateExternalReports(engine);
+            generateExternalReports(engine, outputDirectory);
             if (this.showSummary) {
                 showSummary(engine.getDependencies());
             }
@@ -928,7 +923,11 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
         Engine engine = null;
         try {
             engine = executeDependencyCheck();
-            generateMavenSiteReport(engine, sink);
+            if (this.externalReport) {
+                generateExternalReports(engine, reportOutputDirectory);
+            } else {
+                generateMavenSiteReport(engine, sink);
+            }
         } catch (DatabaseException ex) {
             Logger.getLogger(DependencyCheckMojo.class.getName()).log(Level.SEVERE,
                     "Unable to connect to the dependency-check database; analysis has stopped");
@@ -947,7 +946,18 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
      * @return the output name
      */
     public String getOutputName() {
-        return reportName;
+        if ("HTML".equalsIgnoreCase(this.format)
+                || "ALL".equalsIgnoreCase(this.format)) {
+            return "dependency-check-report";
+        } else if ("XML".equalsIgnoreCase(this.format)) {
+            return "dependency-check-report.xml#";
+        } else if ("VULN".equalsIgnoreCase(this.format)) {
+            return "dependency-check-vulnerability";
+        } else {
+            Logger.getLogger(DependencyCheckMojo.class
+                    .getName()).log(Level.WARNING, "Unknown report format used during site generatation.");
+            return "dependency-check-report";
+        }
     }
 
     /**
@@ -1083,7 +1093,9 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
             final String msg = String.format("%n%n"
                     + "One or more dependencies were identified with known vulnerabilities:%n%n%s"
                     + "%n%nSee the dependency-check report for more details.%n%n", summary.toString());
-            Logger.getLogger(DependencyCheckMojo.class.getName()).log(Level.WARNING, msg);
+            Logger
+                    .getLogger(DependencyCheckMojo.class
+                            .getName()).log(Level.WARNING, msg);
         }
     }
 }

dependency-check-maven/src/site/markdown/configuration.md

@@ -6,15 +6,12 @@ Property             | Description                        | Default Value
 ---------------------|------------------------------------|------------------
 autoUpdate           | Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. | true
 externalReport       | When using as a Site plugin this parameter sets whether or not the external report format should be used. | false
+outputDirectory      | The location to write the report(s). Note, this is not used if generating the report as part of a `mvn site` build | 'target'
 failBuildOnCVSS      | Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11 which means since the CVSS scores are 0-10, by default the build will never fail.         | 11
 format               | The report format to be generated (HTML, XML, VULN, ALL). This configuration option has no affect if using this within the Site plugin unless the externalReport is set to true. | HTML
 logFile              | The file path to write verbose logging information. |  
 suppressionFile      | The file path to the XML suppression file \- used to suppress [false positives](../suppression.html) |  
 connectionTimeout    | The Connection Timeout.            |  
-proxyUrl             | The Proxy URL.                     |  
-proxyPort            | The Proxy Port.                    |  
-proxyUsername        | Defines the proxy user name.       |  
-proxyPassword        | Defines the proxy password.        |  
 nexusAnalyzerEnabled | Sets whether Nexus Analyzer will be used. |  
 nexusUrl             | Defines the Nexus URL. |  
 nexusUsesProxy       | Whether or not the defined proxy should be used when connecting to Nexus. | true
@@ -33,3 +30,19 @@ cveUrl20Modified     | URL for the modified CVE 2.0 | http://static.nvd.nist.gov
 cveUrl12Base         | Base URL for each year's CVE 1.2, the %d will be replaced with the year | http://nvd.nist.gov/download/nvdcve-%d.xml
 cveUrl20Base         | Base URL for each year's CVE 2.0, the %d will be replaced with the year | http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml
 pathToMono           | The path to Mono for .NET assembly analysis on non-windows systems |  
+
+
+Deprecated Properties
+====================
+The following properties have been deprecated. These can stell be set in
+the dependency-check-maven plugin's configuration. However, future versions
+will remove these properties. Instead using these properties you should
+use [Maven's settings](https://maven.apache.org/settings.html#Proxies) to
+configure a proxy.
+
+Property             | Description                        | Default Value
+---------------------|------------------------------------|------------------
+proxyUrl             | The Proxy URL.                     |  
+proxyPort            | The Proxy Port.                    |  
+proxyUsername        | Defines the proxy user name.       |  
+proxyPassword        | Defines the proxy password.        |