github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-18 17:47:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated to resolve class loading issues with CPEAnalyzer and updated to use execution root instead of root parent project to store context flags

Browse Source 
Former-commit-id: 948ce11556e157e3d127be8f04cc2e4abfba2712
This commit is contained in:
Jeremy Long
2014-12-24 07:47:22 -05:00
parent 4e37165ba6
commit 4d006b3e05
1 changed files with 47 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java
View File

@@ -17,6 +17,7 @@
*/
package org.owasp.dependencycheck.maven;
import java.util.List;
import java.util.logging.Logger;
import org.apache.maven.project.MavenProject;
import org.owasp.dependencycheck.analyzer.Analyzer;
@@ -44,6 +45,14 @@ public class Engine extends org.owasp.dependencycheck.Engine {
* The current MavenProject.
*/
private MavenProject currentProject;
/**
* The list of MavenProjects that are part of the current build.
*/
private List<MavenProject> reactorProjects;
/**
* Key used in the MavenProject context values to note whether or not an update has been executed.
*/
public static final String UPDATE_EXECUTED_FLAG = "dependency-check-update-executed";
/**
* Creates a new Engine to perform anyalsis on dependencies.
@@ -51,20 +60,21 @@ public class Engine extends org.owasp.dependencycheck.Engine {
* @param project the current Maven project
* @throws DatabaseException thrown if there is an issue connecting to the database
*/
public Engine(MavenProject project) throws DatabaseException {
public Engine(MavenProject project, List<MavenProject> reactorProjects) throws DatabaseException {
this.currentProject = project;
final MavenProject parent = getRootParent();
if (parent != null) {
LOGGER.fine(String.format("Checking root project, %s, if updates have already been completed", parent.getArtifactId()));
this.reactorProjects = reactorProjects;
final MavenProject root = getExecutionRoot();
if (root != null) {
LOGGER.fine(String.format("Checking root project, %s, if updates have already been completed", root.getArtifactId()));
} else {
LOGGER.fine("Checking root project, null, if updates have already been completed");
}
if (parent != null && parent.getContextValue("dependency-check-data-was-updated") != null) {
if (root != null && root.getContextValue(UPDATE_EXECUTED_FLAG) != null) {
System.setProperty(Settings.KEYS.AUTO_UPDATE, Boolean.FALSE.toString());
}
initializeEngine();
if (parent != null) {
parent.setContextValue("dependency-check-data-was-updated", Boolean.valueOf(true));
if (root != null) {
root.setContextValue(UPDATE_EXECUTED_FLAG, Boolean.TRUE);
}
}
@@ -86,7 +96,7 @@ public class Engine extends org.owasp.dependencycheck.Engine {
@Override
protected Analyzer initializeAnalyzer(Analyzer analyzer) {
if ((analyzer instanceof CPEAnalyzer)) {
CPEAnalyzer cpe = getPreviouslyLoadedAnalyzer();
CPEAnalyzer cpe = getPreviouslyLoadedCPEAnalyzer();
if (cpe != null) {
return cpe;
}
@@ -96,6 +106,20 @@ public class Engine extends org.owasp.dependencycheck.Engine {
return super.initializeAnalyzer(analyzer);
}
/**
* Releases resources used by the analyzers by calling close() on each analyzer.
*/
@Override
public void cleanup() {
super.cleanup();
if (this.currentProject == reactorProjects.get(reactorProjects.size() - 1)) {
final CPEAnalyzer cpe = getPreviouslyLoadedCPEAnalyzer();
if (cpe != null) {
cpe.close();
}
}
}
/**
* Closes the given analyzer. This skips closing the CPEAnalyzer.
*
@@ -104,7 +128,7 @@ public class Engine extends org.owasp.dependencycheck.Engine {
@Override
protected void closeAnalyzer(Analyzer analyzer) {
if ((analyzer instanceof CPEAnalyzer)) {
if (getPreviouslyLoadedAnalyzer() == null) {
if (getPreviouslyLoadedCPEAnalyzer() == null) {
super.closeAnalyzer(analyzer);
}
} else {
@@ -112,27 +136,17 @@ public class Engine extends org.owasp.dependencycheck.Engine {
}
}
/**
* Closes the CPEAnalyzer if it has been created and persisted in the root parent MavenProject context.
*/
public void cleanupFinal() {
final CPEAnalyzer cpe = getPreviouslyLoadedAnalyzer();
if (cpe != null) {
cpe.close();
}
}
/**
* Gets the CPEAnalyzer from the root Maven Project.
*
* @return an initialized CPEAnalyzer
*/
private CPEAnalyzer getPreviouslyLoadedAnalyzer() {
private CPEAnalyzer getPreviouslyLoadedCPEAnalyzer() {
CPEAnalyzer cpe = null;
final MavenProject project = getRootParent();
final MavenProject project = getExecutionRoot();
if (project != null) {
Object obj = project.getContextValue(CPE_ANALYZER_KEY);
if (obj instanceof CPEAnalyzer) {
if (obj != null && obj instanceof CPEAnalyzer) {
cpe = (CPEAnalyzer) project.getContextValue(CPE_ANALYZER_KEY);
}
}
@@ -145,7 +159,7 @@ public class Engine extends org.owasp.dependencycheck.Engine {
* @param cpe the CPEAnalyzer to store
*/
private void storeCPEAnalyzer(CPEAnalyzer cpe) {
final MavenProject p = getRootParent();
final MavenProject p = getExecutionRoot();
if (p != null) {
p.setContextValue(CPE_ANALYZER_KEY, cpe);
}
@@ -156,7 +170,16 @@ public class Engine extends org.owasp.dependencycheck.Engine {
*
* @return the root Maven Project
*/
private MavenProject getRootParent() {
private MavenProject getExecutionRoot() {
if (reactorProjects == null) {
return null;
}
for (MavenProject p : reactorProjects) {
if (p.isExecutionRoot()) {
return p;
}
}
//the following should never run, but leaving it as a failsafe.
if (this.currentProject == null) {
return null;
}