github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-11 22:41:00 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #735 from jeremylong/issue_718

Browse Source 
Issue 718
This commit is contained in:
Jeremy Long
2017-05-20 06:07:44 -04:00
committed by GitHub
parent f584be7f44 898412eaea
commit 6b5cfe1560
5 changed files with 22 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dependency-check-core/src/main/resources/dependencycheck.properties
View File

@@ -41,6 +41,8 @@ data.password=DC-Pass1337!
data.driver_name=org.h2.Driver
data.driver_path=
proxy.disableSchemas=true
# the number of days that the modified nvd cve data holds data for. We don't need
# to update the other files if we are within this timespan. Per NIST this file
# holds 8 days of updates, we are using 7 just to be safe.

1
dependency-check-core/src/test/resources/dependencycheck.properties
View File

@@ -36,6 +36,7 @@ data.password=DC-Pass1337!
data.driver_name=org.h2.Driver
data.driver_path=
proxy.disableSchemas=true
# the number of days that the modified nvd cve data holds data for. We don't need
# to update the other files if we are within this timespan. Per NIST this file
# holds 8 days of updates, we are using 7 just to be safe.

6
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
View File

@@ -185,6 +185,12 @@ public final class Settings {
* The properties key for the URL to retrieve the CPE.
*/
public static final String CPE_URL = "cpe.url";
/**
* Whether or not if using basic auth with a proxy the system setting
* 'jdk.http.auth.tunneling.disabledSchemes' should be set to an empty
* string.
*/
public static final String PROXY_DISABLE_SCHEMAS = "proxy.disableSchemas";
/**
* The properties key for the proxy server.
*

16
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java
View File

@@ -67,12 +67,12 @@ public final class URLConnectionFactory {
@SuppressFBWarnings(value = "RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE", justification = "Just being extra safe")
public static HttpURLConnection createHttpURLConnection(URL url) throws URLConnectionFailureException {
HttpURLConnection conn = null;
final String proxyUrl = Settings.getString(Settings.KEYS.PROXY_SERVER);
final String proxyHost = Settings.getString(Settings.KEYS.PROXY_SERVER);
try {
if (proxyUrl != null && !matchNonProxy(url)) {
if (proxyHost != null && !matchNonProxy(url)) {
final int proxyPort = Settings.getInt(Settings.KEYS.PROXY_PORT);
final SocketAddress address = new InetSocketAddress(proxyUrl, proxyPort);
final SocketAddress address = new InetSocketAddress(proxyHost, proxyPort);
final String username = Settings.getString(Settings.KEYS.PROXY_USERNAME);
final String password = Settings.getString(Settings.KEYS.PROXY_PASSWORD);
@@ -81,7 +81,15 @@ public final class URLConnectionFactory {
final Authenticator auth = new Authenticator() {
@Override
public PasswordAuthentication getPasswordAuthentication() {
if (getRequestorType().equals(Authenticator.RequestorType.PROXY)) {
if (proxyHost.equals(getRequestingHost()) || getRequestorType().equals(Authenticator.RequestorType.PROXY)) {
LOGGER.debug("Using the configured proxy username and password");
try {
if (Settings.getBoolean(Settings.KEYS.PROXY_DISABLE_SCHEMAS, true)) {
System.setProperty("jdk.http.auth.tunneling.disabledSchemes", "");
}
} catch (InvalidSettingException ex) {
LOGGER.trace("This exception can be ignored", ex);
}
return new PasswordAuthentication(username, password.toCharArray());
}
return super.getPasswordAuthentication();

1
dependency-check-utils/src/test/resources/dependencycheck.properties
View File

@@ -36,6 +36,7 @@ data.password=DC-Pass1337!
data.driver_name=org.h2.Driver
data.driver_path=
proxy.disableSchemas=true
# the path to the cpe xml file
cpe.url=http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.2.xml.gz
# the path to the cpe meta data file.