mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-14 15:53:36 +01:00
updated global Settings and moved connectionTimeout, proxyUrl, and proxyPort from system properties to normal command line properties
Former-commit-id: 0e7e552768dd43e9d0cb40052589a34d0738df37
This commit is contained in:
Jeremy Long
@@ -90,6 +90,7 @@ public class App {
|
||||
in.close();
|
||||
} catch (Exception ex) {
|
||||
//ignore
|
||||
in = null;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -119,8 +120,8 @@ public class App {
|
||||
if (cli.isGetVersion()) {
|
||||
cli.printVersionInfo();
|
||||
} else if (cli.isRunScan()) {
|
||||
runScan(cli.getReportDirectory(), cli.getReportFormat(), cli.getApplicationName(),
|
||||
cli.getScanFiles(), cli.isAutoUpdate(), cli.isDeepScan());
|
||||
updateSettings(cli.isAutoUpdate(), cli.isDeepScan(), cli.getConnectionTimeout(), cli.getProxyUrl(), cli.getProxyPort());
|
||||
runScan(cli.getReportDirectory(), cli.getReportFormat(), cli.getApplicationName(), cli.getScanFiles());
|
||||
} else {
|
||||
cli.printHelp();
|
||||
}
|
||||
@@ -135,12 +136,9 @@ public class App {
|
||||
* @param outputFormat the output format of the report
|
||||
* @param applicationName the application name for the report
|
||||
* @param files the files/directories to scan
|
||||
* @param autoUpdate whether to auto-update the cached data from the Internet
|
||||
* @param deepScan whether to perform a deep scan of the evidence in the project dependencies
|
||||
*/
|
||||
private void runScan(String reportDirectory, String outputFormat, String applicationName, String[] files, boolean autoUpdate, boolean deepScan) {
|
||||
final Engine scanner = new Engine(autoUpdate);
|
||||
Settings.setBoolean(Settings.KEYS.PERFORM_DEEP_SCAN, deepScan);
|
||||
private void runScan(String reportDirectory, String outputFormat, String applicationName, String[] files) {
|
||||
final Engine scanner = new Engine();
|
||||
|
||||
for (String file : files) {
|
||||
scanner.scan(file);
|
||||
@@ -158,4 +156,26 @@ public class App {
|
||||
Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Updates the global Settings.
|
||||
* @param autoUpdate whether or not to update cached web data sources
|
||||
* @param deepScan whether or not to perform a deep scan (increases false positives, but may reduce false negatives)
|
||||
* @param connectionTimeout the timeout to use when downloading resources (null or blank will use default)
|
||||
* @param proxyUrl the proxy url (null or blank means no proxy will be used)
|
||||
* @param proxyPort the proxy port (null or blank means no port will be used)
|
||||
*/
|
||||
private void updateSettings(boolean autoUpdate, boolean deepScan, String connectionTimeout, String proxyUrl, String proxyPort) {
|
||||
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
|
||||
Settings.setBoolean(Settings.KEYS.PERFORM_DEEP_SCAN, deepScan);
|
||||
if (proxyUrl != null && !proxyUrl.isEmpty()) {
|
||||
Settings.setString(Settings.KEYS.PROXY_URL, proxyUrl);
|
||||
}
|
||||
if (proxyPort != null && !proxyPort.isEmpty()) {
|
||||
Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort);
|
||||
}
|
||||
if (connectionTimeout != null && !connectionTimeout.isEmpty()) {
|
||||
Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -36,6 +36,8 @@ import org.owasp.dependencycheck.data.UpdateException;
|
||||
import org.owasp.dependencycheck.data.UpdateService;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
import org.owasp.dependencycheck.utils.FileUtils;
|
||||
import org.owasp.dependencycheck.utils.InvalidSettingException;
|
||||
import org.owasp.dependencycheck.utils.Settings;
|
||||
|
||||
/**
|
||||
* Scans files, directories, etc. for Dependencies. Analyzers are loaded and
|
||||
@@ -65,7 +67,15 @@ public class Engine {
|
||||
* Creates a new Engine.
|
||||
*/
|
||||
public Engine() {
|
||||
doUpdates();
|
||||
boolean autoupdate = true;
|
||||
try {
|
||||
autoupdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE);
|
||||
} catch (InvalidSettingException ex) {
|
||||
Logger.getLogger(Engine.class.getName()).log(Level.WARNING, "Invalid setting for auto-update.");
|
||||
}
|
||||
if (autoupdate) {
|
||||
doUpdates();
|
||||
}
|
||||
loadAnalyzers();
|
||||
}
|
||||
|
||||
@@ -74,7 +84,10 @@ public class Engine {
|
||||
*
|
||||
* @param autoUpdate indicates whether or not data should be updated from
|
||||
* the Internet.
|
||||
* @deprecated this function should no longer be used; the autoupdate flag should be set using
|
||||
* <code>Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, value);</code>
|
||||
*/
|
||||
@Deprecated
|
||||
public Engine(boolean autoUpdate) {
|
||||
if (autoUpdate) {
|
||||
doUpdates();
|
||||
|
||||
@@ -160,9 +160,6 @@ public final class CliParser {
|
||||
final Option help = new Option(ArgumentName.HELP_SHORT, ArgumentName.HELP, false,
|
||||
"print this message.");
|
||||
|
||||
final Option advancedHelp = new Option(ArgumentName.ADVANCED_HELP_SHORT, ArgumentName.ADVANCED_HELP, false,
|
||||
"shows additional help regarding properties file.");
|
||||
|
||||
final Option deepScan = new Option(ArgumentName.PERFORM_DEEP_SCAN_SHORT, ArgumentName.PERFORM_DEEP_SCAN, false,
|
||||
"extracts extra information from dependencies that may increase false positives, but also decrease false negatives.");
|
||||
|
||||
@@ -176,6 +173,18 @@ public final class CliParser {
|
||||
.withDescription("the name of the application being scanned.")
|
||||
.create(ArgumentName.APPNAME_SHORT);
|
||||
|
||||
final Option connectionTimeout = OptionBuilder.withArgName("timeout").hasArg().withLongOpt(ArgumentName.CONNECTION_TIMEOUT)
|
||||
.withDescription("the connection timeout (in milliseconds) to use when downloading resources.")
|
||||
.create(ArgumentName.CONNECTION_TIMEOUT_SHORT);
|
||||
|
||||
final Option proxyUrl = OptionBuilder.withArgName("url").hasArg().withLongOpt(ArgumentName.PROXY_URL)
|
||||
.withDescription("the proxy url to use when downloading resources.")
|
||||
.create(ArgumentName.PROXY_URL_SHORT);
|
||||
|
||||
final Option proxyPort = OptionBuilder.withArgName("port").hasArg().withLongOpt(ArgumentName.PROXY_PORT)
|
||||
.withDescription("the proxy port to use when downloading resources.")
|
||||
.create(ArgumentName.PROXY_PORT_SHORT);
|
||||
|
||||
final Option path = OptionBuilder.withArgName("path").hasArg().withLongOpt(ArgumentName.SCAN)
|
||||
.withDescription("the path to scan - this option can be specified multiple times.")
|
||||
.create(ArgumentName.SCAN_SHORT);
|
||||
@@ -192,8 +201,6 @@ public final class CliParser {
|
||||
.withDescription("the output format to write to (XML, HTML, ALL).")
|
||||
.create(ArgumentName.OUTPUT_FORMAT_SHORT);
|
||||
|
||||
//TODO add the ability to load a properties file to override the defaults...
|
||||
|
||||
final OptionGroup og = new OptionGroup();
|
||||
og.addOption(path);
|
||||
|
||||
@@ -207,7 +214,9 @@ public final class CliParser {
|
||||
opts.addOption(noupdate);
|
||||
opts.addOption(deepScan);
|
||||
opts.addOption(props);
|
||||
opts.addOption(advancedHelp);
|
||||
opts.addOption(proxyPort);
|
||||
opts.addOption(proxyUrl);
|
||||
opts.addOption(connectionTimeout);
|
||||
|
||||
return opts;
|
||||
}
|
||||
@@ -245,16 +254,6 @@ public final class CliParser {
|
||||
public void printHelp() {
|
||||
final HelpFormatter formatter = new HelpFormatter();
|
||||
final String nl = System.getProperty("line.separator");
|
||||
String advancedHelp = null;
|
||||
if (line != null && line.hasOption(ArgumentName.ADVANCED_HELP)) {
|
||||
advancedHelp = nl + nl
|
||||
+ "Additionally, the following properties are supported and can be specified either"
|
||||
+ "using the -p <file> argument or by passing them in as system properties." + nl
|
||||
+ nl + " " + Settings.KEYS.PROXY_URL + "\t\t the proxy URL to use when downloading resources."
|
||||
+ nl + " " + Settings.KEYS.PROXY_PORT + "\t\t the proxy port to use when downloading resources."
|
||||
+ nl + " " + Settings.KEYS.CONNECTION_TIMEOUT + "\t the connection timeout (in milliseconds) to use"
|
||||
+ nl + "\t\t\t when downloading resources.";
|
||||
}
|
||||
|
||||
formatter.printHelp(Settings.getString("application.name", "DependencyCheck"),
|
||||
nl + Settings.getString("application.name", "DependencyCheck")
|
||||
@@ -264,9 +263,6 @@ public final class CliParser {
|
||||
options,
|
||||
"",
|
||||
true);
|
||||
if (advancedHelp != null) {
|
||||
System.out.println(advancedHelp);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -308,6 +304,30 @@ public final class CliParser {
|
||||
return line.getOptionValue(ArgumentName.APPNAME);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the connection timeout.
|
||||
* @return the connection timeout
|
||||
*/
|
||||
public String getConnectionTimeout() {
|
||||
return line.getOptionValue(ArgumentName.CONNECTION_TIMEOUT);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the proxy url.
|
||||
* @return the proxy url
|
||||
*/
|
||||
public String getProxyUrl() {
|
||||
return line.getOptionValue(ArgumentName.PROXY_URL);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the proxy port.
|
||||
* @return the proxy port
|
||||
*/
|
||||
public String getProxyPort() {
|
||||
return line.getOptionValue(ArgumentName.PROXY_PORT);
|
||||
}
|
||||
|
||||
/**
|
||||
* <p>Prints the manifest information to standard output.</p>
|
||||
* <ul><li>Implementation-Title: ${pom.name}</li>
|
||||
@@ -408,13 +428,29 @@ public final class CliParser {
|
||||
*/
|
||||
public static final String VERSION = "version";
|
||||
/**
|
||||
* The CLI argument name asking for advanced help.
|
||||
* The short CLI argument name indicating the proxy port.
|
||||
*/
|
||||
public static final String ADVANCED_HELP_SHORT = "ah";
|
||||
public static final String PROXY_PORT_SHORT = "p";
|
||||
/**
|
||||
* The short CLI argument name asking for advanced help.
|
||||
* The CLI argument name indicating the proxy port.
|
||||
*/
|
||||
public static final String ADVANCED_HELP = "advancedhelp";
|
||||
public static final String PROXY_PORT = "proxyport";
|
||||
/**
|
||||
* The short CLI argument name indicating the proxy url.
|
||||
*/
|
||||
public static final String PROXY_URL_SHORT = "u";
|
||||
/**
|
||||
* The CLI argument name indicating the proxy url.
|
||||
*/
|
||||
public static final String PROXY_URL = "proxyurl";
|
||||
/**
|
||||
* The short CLI argument name indicating the proxy url.
|
||||
*/
|
||||
public static final String CONNECTION_TIMEOUT_SHORT = "c";
|
||||
/**
|
||||
* The CLI argument name indicating the proxy url.
|
||||
*/
|
||||
public static final String CONNECTION_TIMEOUT = "connectiontimeout";
|
||||
/**
|
||||
* The short CLI argument name indicating a deep scan of the dependencies
|
||||
* should be performed.
|
||||
|
||||
@@ -37,7 +37,6 @@ public final class Settings {
|
||||
* The collection of keys used within the properties file.
|
||||
*/
|
||||
public static final class KEYS {
|
||||
|
||||
/**
|
||||
* private constructor because this is a "utility" class containing constants
|
||||
*/
|
||||
@@ -45,6 +44,12 @@ public final class Settings {
|
||||
//do nothing
|
||||
}
|
||||
|
||||
/**
|
||||
* The properties key indicating whether or not the cached data sources
|
||||
* should be updated.
|
||||
*/
|
||||
public static final String AUTO_UPDATE = "autoupdate";
|
||||
|
||||
/**
|
||||
* The properties key for the path where the CPE Lucene Index will be
|
||||
* stored.
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
application.name=${pom.name}
|
||||
application.version=${pom.version}
|
||||
autoupdate=true
|
||||
|
||||
# the path to the lucene index to store the cpe data
|
||||
cpe=data/cpe
|
||||
@@ -8,7 +9,6 @@ cpe.url=http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-diction
|
||||
# the path to the cpe meta data file.
|
||||
cpe.meta.url=http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.2.meta
|
||||
|
||||
|
||||
# the path to the lucene index to store the nvd cve data
|
||||
cve=data/cve
|
||||
# the path to the nvd cve "meta" page where the timestamps for the last update files can be found.
|
||||
|
||||
Reference in New Issue
Block a user