diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java index db7d68b1b..2846a457c 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java @@ -17,6 +17,7 @@ */ package org.owasp.dependencycheck.maven; +import java.util.List; import java.util.logging.Logger; import org.apache.maven.project.MavenProject; import org.owasp.dependencycheck.analyzer.Analyzer; @@ -44,6 +45,14 @@ public class Engine extends org.owasp.dependencycheck.Engine { * The current MavenProject. */ private MavenProject currentProject; + /** + * The list of MavenProjects that are part of the current build. + */ + private List reactorProjects; + /** + * Key used in the MavenProject context values to note whether or not an update has been executed. + */ + public static final String UPDATE_EXECUTED_FLAG = "dependency-check-update-executed"; /** * Creates a new Engine to perform anyalsis on dependencies. @@ -51,20 +60,21 @@ public class Engine extends org.owasp.dependencycheck.Engine { * @param project the current Maven project * @throws DatabaseException thrown if there is an issue connecting to the database */ - public Engine(MavenProject project) throws DatabaseException { + public Engine(MavenProject project, List reactorProjects) throws DatabaseException { this.currentProject = project; - final MavenProject parent = getRootParent(); - if (parent != null) { - LOGGER.fine(String.format("Checking root project, %s, if updates have already been completed", parent.getArtifactId())); + this.reactorProjects = reactorProjects; + final MavenProject root = getExecutionRoot(); + if (root != null) { + LOGGER.fine(String.format("Checking root project, %s, if updates have already been completed", root.getArtifactId())); } else { LOGGER.fine("Checking root project, null, if updates have already been completed"); } - if (parent != null && parent.getContextValue("dependency-check-data-was-updated") != null) { + if (root != null && root.getContextValue(UPDATE_EXECUTED_FLAG) != null) { System.setProperty(Settings.KEYS.AUTO_UPDATE, Boolean.FALSE.toString()); } initializeEngine(); - if (parent != null) { - parent.setContextValue("dependency-check-data-was-updated", Boolean.valueOf(true)); + if (root != null) { + root.setContextValue(UPDATE_EXECUTED_FLAG, Boolean.TRUE); } } @@ -86,7 +96,7 @@ public class Engine extends org.owasp.dependencycheck.Engine { @Override protected Analyzer initializeAnalyzer(Analyzer analyzer) { if ((analyzer instanceof CPEAnalyzer)) { - CPEAnalyzer cpe = getPreviouslyLoadedAnalyzer(); + CPEAnalyzer cpe = getPreviouslyLoadedCPEAnalyzer(); if (cpe != null) { return cpe; } @@ -96,6 +106,20 @@ public class Engine extends org.owasp.dependencycheck.Engine { return super.initializeAnalyzer(analyzer); } + /** + * Releases resources used by the analyzers by calling close() on each analyzer. + */ + @Override + public void cleanup() { + super.cleanup(); + if (this.currentProject == reactorProjects.get(reactorProjects.size() - 1)) { + final CPEAnalyzer cpe = getPreviouslyLoadedCPEAnalyzer(); + if (cpe != null) { + cpe.close(); + } + } + } + /** * Closes the given analyzer. This skips closing the CPEAnalyzer. * @@ -104,7 +128,7 @@ public class Engine extends org.owasp.dependencycheck.Engine { @Override protected void closeAnalyzer(Analyzer analyzer) { if ((analyzer instanceof CPEAnalyzer)) { - if (getPreviouslyLoadedAnalyzer() == null) { + if (getPreviouslyLoadedCPEAnalyzer() == null) { super.closeAnalyzer(analyzer); } } else { @@ -112,27 +136,17 @@ public class Engine extends org.owasp.dependencycheck.Engine { } } - /** - * Closes the CPEAnalyzer if it has been created and persisted in the root parent MavenProject context. - */ - public void cleanupFinal() { - final CPEAnalyzer cpe = getPreviouslyLoadedAnalyzer(); - if (cpe != null) { - cpe.close(); - } - } - /** * Gets the CPEAnalyzer from the root Maven Project. * * @return an initialized CPEAnalyzer */ - private CPEAnalyzer getPreviouslyLoadedAnalyzer() { + private CPEAnalyzer getPreviouslyLoadedCPEAnalyzer() { CPEAnalyzer cpe = null; - final MavenProject project = getRootParent(); + final MavenProject project = getExecutionRoot(); if (project != null) { Object obj = project.getContextValue(CPE_ANALYZER_KEY); - if (obj instanceof CPEAnalyzer) { + if (obj != null && obj instanceof CPEAnalyzer) { cpe = (CPEAnalyzer) project.getContextValue(CPE_ANALYZER_KEY); } } @@ -145,7 +159,7 @@ public class Engine extends org.owasp.dependencycheck.Engine { * @param cpe the CPEAnalyzer to store */ private void storeCPEAnalyzer(CPEAnalyzer cpe) { - final MavenProject p = getRootParent(); + final MavenProject p = getExecutionRoot(); if (p != null) { p.setContextValue(CPE_ANALYZER_KEY, cpe); } @@ -156,7 +170,16 @@ public class Engine extends org.owasp.dependencycheck.Engine { * * @return the root Maven Project */ - private MavenProject getRootParent() { + private MavenProject getExecutionRoot() { + if (reactorProjects == null) { + return null; + } + for (MavenProject p : reactorProjects) { + if (p.isExecutionRoot()) { + return p; + } + } + //the following should never run, but leaving it as a failsafe. if (this.currentProject == null) { return null; }