github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-16 16:46:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

renamed modules and fixed errors with various lifecycle stages

Browse Source
This commit is contained in:
Jeremy Long
2018-01-25 06:54:01 -05:00
parent 3736161e39
commit 62a5db6b8b
740 changed files with 40 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
archetype/src/main/resources/META-INF/maven/archetype-metadata.xml Normal file
View File

@@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<archetype-descriptor name="dependency-check-plugin"
xsi:schemaLocation="http://maven.apache.org/plugins/maven-archetype-plugin/archetype-descriptor/1.0.0 http://maven.apache.org/xsd/archetype-descriptor-1.0.0.xsd"
xmlns="http://maven.apache.org/plugins/maven-archetype-plugin/archetype-descriptor/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<requiredProperties>
<requiredProperty key="analyzerName">
<defaultValue>CustomAnalyzer</defaultValue>
</requiredProperty>
</requiredProperties>
<fileSets>
<fileSet filtered="true" packaged="true" encoding="UTF-8">
<directory>src/main/java</directory>
<includes>
<include>**/*.java</include>
</includes>
</fileSet>
<fileSet filtered="true" encoding="UTF-8">
<directory>src/main/resources</directory>
<includes>
<include>**/*</include>
</includes>
</fileSet>
<fileSet filtered="true" packaged="true" encoding="UTF-8">
<directory>src/test/java</directory>
<includes>
<include>**/*.java</include>
</includes>
</fileSet>
<fileSet filtered="true" encoding="UTF-8">
<directory>src/test/resources</directory>
<includes>
<include>**/*</include>
</includes>
</fileSet>
</fileSets>
</archetype-descriptor>

44
archetype/src/main/resources/archetype-resources/pom.xml Normal file
View File

@@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>\${groupId}</groupId>
<artifactId>\${artifactId}</artifactId>
<version>\${version}</version>
<name>\${artifactId}</name>
<packaging>jar</packaging>
<licenses>
<license>
<name>The Apache Software License, Version 2.0</name>
<url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
</license>
</licenses>
<dependencies>
<dependency>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-utils</artifactId>
<version>${project.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-core</artifactId>
<version>${project.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>${slf4j.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency>
</dependencies>
</project>

155
archetype/src/main/resources/archetype-resources/src/main/java/__analyzerName__.java Normal file
View File

@@ -0,0 +1,155 @@
/*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package ${package};
import java.io.File;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.AnalysisPhase;
import org.owasp.dependencycheck.analyzer.Analyzer;
import org.owasp.dependencycheck.analyzer.FileTypeAnalyzer;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.exception.InitializationException;
import org.owasp.dependencycheck.utils.Settings;
/**
* An OWASP dependency-check plug-in example. If you are not implementing a
* FileTypeAnalyzer, simple remove the annotation and the accept() method.
*/
public class ${analyzerName} implements Analyzer, FileTypeAnalyzer {
/**
* The Logger for use throughout the ${analyzerName}.
*/
private static final Logger LOGGER = LoggerFactory.getLogger(${analyzerName}.class);
/**
* <p>
* Method implementation for the FileTypeAnalyzer; if not implementing a
* file type analyzer this method can be removed.</p>
* <p>
* Determines if the analyzer can process the given file.</p>
*
* @param pathname the path to the file
* @return <code>true</code> if the analyzer can process the file; otherwise
* <code>false</code>
*/
@Override
public boolean accept(File pathname) {
return true;
}
/**
* Analyzes the given dependency. The analysis could be anything from
* identifying an Identifier for the dependency, to finding vulnerabilities,
* etc. Additionally, if the analyzer collects enough information to add a
* description or license information for the dependency it should be added.
*
* @param dependency a dependency to analyze.
* @param engine the engine that is scanning the dependencies - this is
* useful if we need to check other dependencies
* @throws AnalysisException is thrown if there is an error analyzing the
* dependency file
*/
@Override
public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
if (enabled) {
//TODO implement analyze
}
}
/**
* Returns the name of the analyzer.
*
* @return the name of the analyzer.
*/
@Override
public String getName() {
return "${analyzerName}";
}
/**
* Returns the phase that the analyzer is intended to run in.
*
* @return the phase that the analyzer is intended to run in.
*/
@Override
public AnalysisPhase getAnalysisPhase() {
return AnalysisPhase.INFORMATION_COLLECTION;
}
/**
* The initialize method is called just after instantiation of the object.
*
* @param settings a reference to the configured settings
*/
@Override
public void initialize(Settings settings) {
//TODO implement initialize
}
/**
* The prepare method is called once just prior to repeated calls to
* analyze.
*
* @param engine a reference to the engine
* @throws InitializationException thrown when the analyzer cannot be
* initialized
*/
@Override
public void prepare(Engine engine) throws InitializationException {
//TODO implement prepare
}
/**
* The close method is called after all of the dependencies have been
* analyzed.
*
* @throws Exception is thrown if an exception occurs closing the analyzer.
*/
@Override
public void close() throws Exception {
}
/**
* Returns whether multiple instances of the same type of analyzer can run
* in parallel. If the analyzer does not support parallel processing it is
* generally best to also mark the analyze(Dependency,Engine) as synchronized.
*
* @return {@code true} if the analyzer supports parallel processing,
* {@code false} else
*/
@Override
public boolean supportsParallelProcessing() {
return true;
}
/**
* Flag indicating whether or not the analyzer is enabled.
*/
private boolean enabled = true;
/**
* Returns whether or not the analyzer is enabled.
*
* @return whether or not the analyzer is enabled
*/
@Override
public boolean isEnabled() {
return enabled;
}
}

1
archetype/src/main/resources/archetype-resources/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer Normal file
View File

@@ -0,0 +1 @@
${package}.${analyzerName}

0
archetype/src/main/resources/archetype-resources/src/main/resources/META-INF/services/org.owasp.dependencycheck.data.update.CachedWebDataSource Normal file
View File

147
archetype/src/main/resources/archetype-resources/src/test/java/__analyzerName__Test.java Normal file
View File

@@ -0,0 +1,147 @@
/*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package ${package};
import java.io.File;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.AnalysisPhase;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.utils.Settings;
/**
* Test cases for ${analyzerName}
*/
public class ${analyzerName}Test {
Settings settings = null;
public ${analyzerName}Test() {
}
@BeforeClass
public static void setUpClass() {
}
@AfterClass
public static void tearDownClass() {
}
@Before
public void setUp() {
settings = new Settings();
}
@After
public void tearDown() {
settings.cleanup();
}
/**
* Test of accept method, of class ${analyzerName}.
*/
@Test
public void testAccept() {
File pathname = new File("test.file");
${analyzerName} instance = new ${analyzerName}();
boolean expResult = true;
boolean result = instance.accept(pathname);
assertEquals(expResult, result);
}
/**
* Test of analyze method, of class ${analyzerName}.
*/
@Test
public void testAnalyze() throws Exception {
//The engine is generally null for most analyzer test cases but can be instantiated if needed.
Engine engine = null;
${analyzerName} instance = new ${analyzerName}();
instance.initialize(settings);
instance.prepare(engine);
File file = new File(${analyzerName}.class.getClassLoader().getResource("test.file").toURI().getPath());
Dependency dependency = new Dependency(file);
//TODO uncomment the following line and add assertions against the dependency.
//instance.analyze(dependency, engine);
}
/**
* Test of getName method, of class ${analyzerName}.
*/
@Test
public void testGetName() {
${analyzerName} instance = new ${analyzerName}();
String expResult = "${analyzerName}";
String result = instance.getName();
assertEquals(expResult, result);
}
/**
* Test of getAnalysisPhase method, of class ${analyzerName}.
*/
@Test
public void testGetAnalysisPhase() {
${analyzerName} instance = new ${analyzerName}();
AnalysisPhase expResult = AnalysisPhase.INFORMATION_COLLECTION;
AnalysisPhase result = instance.getAnalysisPhase();
assertEquals(expResult, result);
}
/**
* Test of initialize method, of class ${analyzerName}.
*/
@Test
public void testInitialize() throws Exception {
${analyzerName} instance = new ${analyzerName}();
instance.initialize(settings);
}
/**
* Test of close method, of class ${analyzerName}.
*/
@Test
public void testClose() throws Exception {
${analyzerName} instance = new ${analyzerName}();
instance.close();
}
/**
* Test of supportsParallelProcessing method, of class ${analyzerName}.
*/
@Test
public void testSupportsParallelProcessing() {
${analyzerName} instance = new ${analyzerName}();
boolean expResult = true;
boolean result = instance.supportsParallelProcessing();
assertEquals(expResult, result);
}
/**
* Test of isEnabled method, of class ${analyzerName}.
*/
@Test
public void testIsEnabled() {
${analyzerName} instance = new ${analyzerName}();
boolean expResult = true;
boolean result = instance.isEnabled();
assertEquals(expResult, result);
}
}

0
archetype/src/main/resources/archetype-resources/src/test/resources/test.file Normal file
View File

10
archetype/src/site/markdown/index.md.vm Normal file
View File

@@ -0,0 +1,10 @@
About
=====
OWASP dependency-check-plugin is a maven archetype for generating a maven project for
a dependency-check plugin (i.e. a project containing one or more analyzers).
Usage
=====
```bash
mvn archetype:generate -DarchetypeGroupId=org.owasp -DarchetypeArtifactId=dependency-check-plugin -DarchetypeVersion=${project.version}
```

1
archetype/src/site/resources/images/dc.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 9.0 KiB

34
archetype/src/site/site.xml Normal file
View File

@@ -0,0 +1,34 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
This file is part of dependency-check-plugin.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Copyright (c) 2017 Jeremy Long. All Rights Reserved.
-->
<project name="dependency-check-plugin">
<bannerLeft>
<name>OWASP dependency-check-plugin</name>
<alt>OWASP dependency-check-plugin</alt>
<src>/images/dc.svg</src>
</bannerLeft>
<body>
<breadcrumbs>
<item name="dependency-check" href="../index.html"/>
</breadcrumbs>
<menu name="Getting Started">
<item name="Usage" href="index.html"/>
</menu>
<menu ref="reports"/>
</body>
</project>