github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 07:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Patches from Steve Springett for XML report format

Browse Source 
Former-commit-id: 711371d19c3b79cc6411adef59d992cc16d5bf57
This commit is contained in:
Jeremy Long
2013-02-17 07:27:01 -05:00
parent 03c9ce3589
commit 6c837f0639
4 changed files with 48 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/main/java/org/codesecure/dependencycheck/App.java
View File

@@ -112,7 +112,7 @@ public class App {
if (cli.isGetVersion()) {
cli.printVersionInfo();
} else if (cli.isRunScan()) {
runScan(cli.getReportDirectory(), cli.getApplicationName(), cli.getScanFiles(), cli.isAutoUpdate());
runScan(cli.getReportDirectory(), cli.getReportFormat(), cli.getApplicationName(), cli.getScanFiles(), cli.isAutoUpdate());
} else {
cli.printHelp();
}
@@ -125,10 +125,11 @@ public class App {
*
* @param reportDirectory the path to the directory where the reports will
* be written.
* @param outputFormat the output format of the report.
* @param applicationName the application name for the report.
* @param files the files/directories to scan.
*/
private void runScan(String reportDirectory, String applicationName, String[] files, boolean autoUpdate) {
private void runScan(String reportDirectory, String outputFormat, String applicationName, String[] files, boolean autoUpdate) {
Engine scanner = new Engine(autoUpdate);
for (String file : files) {
scanner.scan(file);
@@ -138,7 +139,7 @@ public class App {
ReportGenerator report = new ReportGenerator(applicationName, dependencies, scanner.getAnalyzers());
try {
report.generateReports(reportDirectory);
report.generateReports(reportDirectory, outputFormat);
} catch (IOException ex) {
Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
} catch (Exception ex) {

10
src/main/java/org/codesecure/dependencycheck/reporting/ReportGenerator.java
View File

@@ -104,13 +104,17 @@ public class ReportGenerator {
* Generates the Dependency Reports for the identified dependencies.
*
* @param outputDir the path where the reports should be written.
* @param outputFormat the format the report should be written in.
* @throws IOException is thrown when the template file does not exist.
* @throws Exception is thrown if there is an error writting out the
* reports.
*/
public void generateReports(String outputDir) throws IOException, Exception {
generateReport("HtmlReport", outputDir + File.separator + "DependencyCheck-Report.html");
//generateReport("XmlReport", outputDir + File.separator + "DependencyCheck-Report.xml");
public void generateReports(String outputDir, String outputFormat) throws IOException, Exception {
if (outputFormat.equalsIgnoreCase("XML")) {
generateReport("XmlReport", outputDir + File.separator + "DependencyCheck-Report.xml");
} else {
generateReport("HtmlReport", outputDir + File.separator + "DependencyCheck-Report.html");
}
}
/**

42
src/main/java/org/codesecure/dependencycheck/utils/CliParser.java
View File

@@ -105,6 +105,11 @@ public final class CliParser {
throw new ParseException("Scan cannot be run without specifying an application "
+ "name via the 'app' argument.");
}
if (line.hasOption(ArgumentName.OUTPUT_FORMAT)) {
String format = line.getOptionValue(ArgumentName.OUTPUT_FORMAT);
if (!(format.equalsIgnoreCase("XML") || format.equalsIgnoreCase("HTML")))
throw new ParseException("Supported output formats are XML and HTML");
}
}
}
@@ -114,7 +119,7 @@ public final class CliParser {
* thrown.
*
* @param paths the paths to validate if they exists
* @throws FileNoteFoundException is thrown if one of the paths being
* @throws FileNotFoundException is thrown if one of the paths being
* validated does not exist.
*/
private void validatePathExists(String[] paths) throws FileNotFoundException {
@@ -128,8 +133,8 @@ public final class CliParser {
* path does not point to an existing file a FileNotFoundException is
* thrown.
*
* @param paths the paths to validate if they exists
* @throws FileNoteFoundException is thrown if the path being validated does
* @param path the paths to validate if they exists
* @throws FileNotFoundException is thrown if the path being validated does
* not exist.
*/
private void validatePathExists(String path) throws FileNotFoundException {
@@ -176,6 +181,10 @@ public final class CliParser {
.withDescription("the folder to write reports to.")
.create(ArgumentName.OUT_SHORT);
Option outputformat = OptionBuilder.withArgName("format").hasArg().withLongOpt(ArgumentName.OUTPUT_FORMAT)
.withDescription("the output format to write to.")
.create(ArgumentName.OUTPUT_FORMAT_SHORT);
//TODO add the ability to load a properties file to override the defaults...
OptionGroup og = new OptionGroup();
@@ -184,6 +193,7 @@ public final class CliParser {
Options opts = new Options();
opts.addOptionGroup(og);
opts.addOption(out);
opts.addOption(outputformat);
opts.addOption(appname);
opts.addOption(version);
opts.addOption(help);
@@ -233,13 +243,13 @@ public final class CliParser {
+ "using the -p <file> argument or by passing them in as system properties." + nl
+ nl + " " + Settings.KEYS.PROXY_URL + "\t\t the proxy URL to use when downloading resources."
+ nl + " " + Settings.KEYS.PROXY_PORT + "\t\t the proxy port to use when downloading resources."
+ nl + " " + Settings.KEYS.CONNECTION_TIMEOUT + "\t the cconnection timeout (in milliseconds) to use"
+ nl + " " + Settings.KEYS.CONNECTION_TIMEOUT + "\t the connection timeout (in milliseconds) to use"
+ nl + "\t\t\t when downloading resources.";
}
formatter.printHelp(Settings.getString("application.name", "DependencyCheck"),
nl + Settings.getString("application.name", "DependencyCheck")
+ " can be used to identify if there are any known CVE vulnerabilities in libraries utillized by an application. "
+ " can be used to identify if there are any known CVE vulnerabilities in libraries utilized by an application. "
+ Settings.getString("application.name", "DependencyCheck")
+ " will automatically update required data from the Internet, such as the CVE and CPE data files from nvd.nist.gov." + nl + nl,
options,
@@ -271,10 +281,20 @@ public final class CliParser {
return line.getOptionValue(ArgumentName.OUT);
}
/**
* Returns the output format specified on the command line. Defaults to
* HTML if no format was specified.
*
* @return the output format name.
*/
public String getReportFormat() {
return line.getOptionValue(ArgumentName.OUTPUT_FORMAT, "HTML");
}
/**
* Returns the application name specified on the command line.
*
* @return the applicatoin name.
* @return the application name.
*/
public String getApplicationName() {
return line.getOptionValue(ArgumentName.APPNAME);
@@ -336,6 +356,16 @@ public final class CliParser {
* reports to.
*/
public static final String OUT_SHORT = "o";
/**
* The long CLI argument name specifing the output format to write the
* reports to.
*/
public static final String OUTPUT_FORMAT = "format";
/**
* The short CLI argument name specifing the output format to write the
* reports to.
*/
public static final String OUTPUT_FORMAT_SHORT = "f";
/**
* The long CLI argument name specifing the name of the application to
* be scanned.

2
src/test/java/org/codesecure/dependencycheck/EngineIntegrationTest.java
View File

@@ -53,6 +53,6 @@ public class EngineIntegrationTest {
instance.analyzeDependencies();
ReportGenerator rg = new ReportGenerator("DependencyCheck",
instance.getDependencies(), instance.getAnalyzers());
rg.generateReports("./target/");
rg.generateReports("./target/", "HTML");
}
}