From 5caf023677d8b1974e55c5de2129e7966c009b0e Mon Sep 17 00:00:00 2001
From: Erik Hooijmeijer <erik@ctrl-alt-dev.nl>
Date: Wed, 22 Oct 2014 19:08:33 +0200
Subject: [PATCH] added excludeInternalGroupIds configuration parameter that
 allows the exclusion of groupIds of internal projects. This is to speed up
 analysis as internal projects have no public vulnerabilites nor a sonatype
 listing but do frequently have names that collide with other libraries. The
 parameter can have multiple values, e.g.
 <excludeInternalGroupIds><groupId>nl.someinteral.project</groupId><groupId>org.another.one</groupId></excludeInternalGroupIds>

Former-commit-id: ffa0716366c6c7b65d1181f2bd945472b75b5483
---
 .../dependencycheck/maven/DependencyCheckMojo.java | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java
index cde37376b..bb2fc9561 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java
@@ -33,6 +33,7 @@ import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.maven.artifact.Artifact;
 import org.apache.maven.plugin.MojoExecutionException;
 import org.apache.maven.plugin.MojoFailureException;
@@ -242,6 +243,13 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
     @SuppressWarnings("CanBeFinal")
     @Parameter(property = "skipProvidedScope", defaultValue = "false", required = false)
     private boolean skipProvidedScope = false;
+    /**
+     * Skip Analysis of Dependencies that have a groupId that starts with this string.
+     * Multiple excludes are allowed by repeating the element. 
+     */
+    @SuppressWarnings("CanBeFinal")
+    @Parameter(property = "excludeInternalGroupIds", required = false)
+    private String[] excludeInternalGroupIds = new String[0];
     /**
      * The data directory, hold DC SQL DB.
      */
@@ -362,6 +370,12 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
         if (skipRuntimeScope && !Artifact.SCOPE_RUNTIME.equals(a.getScope())) {
             return true;
         }
+        for (String groupId : excludeInternalGroupIds) {
+            if (!StringUtils.isEmpty(groupId) && (a.getGroupId().startsWith(groupId))) {
+                LOGGER.log(Level.INFO, "Excluding " + a.getGroupId() + ":" + a.getArtifactId());
+                return true;
+            }
+        }
         return false;
     }