github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-21 08:39:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

work in progress

Browse Source 
Former-commit-id: 74f303b69fa5af225b75d6643aed60e66a4cf081
This commit is contained in:
Jeremy Long
2015-02-22 10:24:45 -05:00
parent d6fc456039
commit 64dedf892d
1 changed files with 48 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
View File

@@ -429,8 +429,33 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
*/ */
protected File getCorrectOutputDirectory(MavenProject current) { protected File getCorrectOutputDirectory(MavenProject current) {
final Object obj = current.getContextValue(getOutputDirectoryContextKey()); final Object obj = current.getContextValue(getOutputDirectoryContextKey());
if (obj != null && obj instanceof File) { if (obj != null) {
return (File) obj; if (obj instanceof File) {
return (File) obj;
}
}
File target = new File(current.getBuild().getDirectory());
if (target.getParentFile() != null && "target".equals(target.getParentFile().getName())) {
target = target.getParentFile();
}
return target;
}
/**
* Returns the correct output directory depending on if a site is being executed or not.
*
* @param current the Maven project to get the output directory from
* @return the directory to write the report(s)
*/
protected File getDataFile(MavenProject current) {
LOGGER.fine(String.format("Getting data filefor %s using key '%s'", current.getName(), getDataFileContextKey()));
final Object obj = current.getContextValue(getDataFileContextKey());
if (obj != null) {
if (obj instanceof File) {
return (File) obj;
}
} else {
LOGGER.info("Context value not found");
} }
return null; return null;
} }
@@ -454,6 +479,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
final MavenArtifact ma = new MavenArtifact(a.getGroupId(), a.getArtifactId(), a.getVersion()); final MavenArtifact ma = new MavenArtifact(a.getGroupId(), a.getArtifactId(), a.getVersion());
d.addAsEvidence("pom", ma, Confidence.HIGHEST); d.addAsEvidence("pom", ma, Confidence.HIGHEST);
d.addProjectReference(project.getName()); d.addProjectReference(project.getName());
LOGGER.info(String.format("Adding project reference %s on dependency %s", project.getName(), d.getDisplayFileName()));
if (metadataSource != null) { if (metadataSource != null) {
try { try {
DependencyVersion currentVersion = new DependencyVersion(a.getVersion()); DependencyVersion currentVersion = new DependencyVersion(a.getVersion());
@@ -911,9 +937,14 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
*/ */
protected void writeDataFile(MavenProject mp, File writeTo, List<Dependency> dependencies) { protected void writeDataFile(MavenProject mp, File writeTo, List<Dependency> dependencies) {
File file; File file;
if (dependencies != null && mp.getContextValue(this.getDataFileContextKey()) == null) { //check to see if this was already written out
if (writeTo != null) { if (mp.getContextValue(this.getDataFileContextKey()) == null) {
file = new File(mp.getBuild().getDirectory(), dataFileName); if (writeTo == null) {
file = new File(mp.getBuild().getDirectory());
if ("target".equals(file.getParentFile().getName())) {
file = file.getParentFile();
}
file = new File(file, dataFileName);
} else { } else {
file = new File(writeTo, dataFileName); file = new File(writeTo, dataFileName);
} }
@@ -921,17 +952,20 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
OutputStream bos = null; OutputStream bos = null;
ObjectOutputStream out = null; ObjectOutputStream out = null;
try { try {
os = new FileOutputStream(file); if (dependencies != null) {
bos = new BufferedOutputStream(os); os = new FileOutputStream(file);
out = new ObjectOutputStream(bos); bos = new BufferedOutputStream(os);
out.writeObject(dependencies); out = new ObjectOutputStream(bos);
out.flush(); out.writeObject(dependencies);
out.flush();
//call reset to prevent resource leaks per //call reset to prevent resource leaks per
//https://www.securecoding.cert.org/confluence/display/java/SER10-J.+Avoid+memory+and+resource+leaks+during+serialization //https://www.securecoding.cert.org/confluence/display/java/SER10-J.+Avoid+memory+and+resource+leaks+during+serialization
out.reset(); out.reset();
}
LOGGER.fine(String.format("Serialized data file written to '%s' for %s, referenced by key %s",
file.getAbsolutePath(), mp.getName(), this.getDataFileContextKey()));
mp.setContextValue(this.getDataFileContextKey(), file.getAbsolutePath()); mp.setContextValue(this.getDataFileContextKey(), file.getAbsolutePath());
LOGGER.fine(String.format("Serialized data file written to '%s' for %s", file.getAbsolutePath(), mp.getName()));
} catch (IOException ex) { } catch (IOException ex) {
LOGGER.log(Level.WARNING, "Unable to create data file used for report aggregation; " LOGGER.log(Level.WARNING, "Unable to create data file used for report aggregation; "
+ "if report aggregation is being used the results may be incomplete."); + "if report aggregation is being used the results may be incomplete.");