updates to resolve issue #71 - added configuration for cve urls to the ant task

Former-commit-id: d30b9b01f9af8392e1e8a2493a7c8951d088241f
2026-03-17 23:04:07 +01:00 · 2014-02-15 08:32:20 -05:00
parent ae76a7f7d4
commit 6ec931fcd7
2 changed files with 130 additions and 24 deletions
--- a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java
+++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java
@@ -640,6 +640,98 @@ public class DependencyCheckTask extends Task {
        this.zipExtensions = zipExtensions;
    }
    /**
     * The url for the modified NVD CVE (1.2 schema).
     */
    private String cveUrl12Modified;
    /**
     * Get the value of cveUrl12Modified.
     *
     * @return the value of cveUrl12Modified
     */
    public String getCveUrl12Modified() {
        return cveUrl12Modified;
    }
    /**
     * Set the value of cveUrl12Modified.
     *
     * @param cveUrl12Modified new value of cveUrl12Modified
     */
    public void setCveUrl12Modified(String cveUrl12Modified) {
        this.cveUrl12Modified = cveUrl12Modified;
    }
    /**
     * The url for the modified NVD CVE (2.0 schema).
     */
    private String cveUrl20Modified;
    /**
     * Get the value of cveUrl20Modified.
     *
     * @return the value of cveUrl20Modified
     */
    public String getCveUrl20Modified() {
        return cveUrl20Modified;
    }
    /**
     * Set the value of cveUrl20Modified.
     *
     * @param cveUrl20Modified new value of cveUrl20Modified
     */
    public void setCveUrl20Modified(String cveUrl20Modified) {
        this.cveUrl20Modified = cveUrl20Modified;
    }
    /**
     * Base Data Mirror URL for CVE 1.2.
     */
    private String cveUrl12Base;
    /**
     * Get the value of cveUrl12Base.
     *
     * @return the value of cveUrl12Base
     */
    public String getCveUrl12Base() {
        return cveUrl12Base;
    }
    /**
     * Set the value of cveUrl12Base.
     *
     * @param cveUrl12Base new value of cveUrl12Base
     */
    public void setCveUrl12Base(String cveUrl12Base) {
        this.cveUrl12Base = cveUrl12Base;
    }
    /**
     * Data Mirror URL for CVE 2.0.
     */
    private String cveUrl20Base;
    /**
     * Get the value of cveUrl20Base.
     *
     * @return the value of cveUrl20Base
     */
    public String getCveUrl20Base() {
        return cveUrl20Base;
    }
    /**
     * Set the value of cveUrl20Base.
     *
     * @param cveUrl20Base new value of cveUrl20Base
     */
    public void setCveUrl20Base(String cveUrl20Base) {
        this.cveUrl20Base = cveUrl20Base;
    }
    @Override
    public void execute() throws BuildException {
        final InputStream in = DependencyCheckTask.class.getClassLoader().getResourceAsStream(LOG_PROPERTIES_FILE);
@@ -780,6 +872,18 @@ public class DependencyCheckTask extends Task {
        if (zipExtensions != null && !zipExtensions.isEmpty()) {
            Settings.setString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, zipExtensions);
        }
        if (cveUrl12Modified != null && !cveUrl12Modified.isEmpty()) {
            Settings.setString(Settings.KEYS.CVE_MODIFIED_12_URL, cveUrl12Modified);
        }
        if (cveUrl20Modified != null && !cveUrl20Modified.isEmpty()) {
            Settings.setString(Settings.KEYS.CVE_MODIFIED_20_URL, cveUrl20Modified);
        }
        if (cveUrl12Base != null && !cveUrl12Base.isEmpty()) {
            Settings.setString(Settings.KEYS.CVE_SCHEMA_1_2, cveUrl12Base);
        }
        if (cveUrl20Base != null && !cveUrl20Base.isEmpty()) {
            Settings.setString(Settings.KEYS.CVE_SCHEMA_2_0, cveUrl20Base);
        }
    }
    /**
--- a/dependency-check-ant/src/site/markdown/configuration.md
+++ b/dependency-check-ant/src/site/markdown/configuration.md
@@ -20,28 +20,30 @@ the project's dependencies.
 ```
 The following table lists the configurable properties:
-Property              | Description | Requirement
+Property              | Description | Requirement | Default Value
----------------------|-------------|---------
+----------------------|-------------|-------------|------------
-ApplicationName       | The name of the application to use in the generated report. | Required
+ApplicationName       | The name of the application to use in the generated report. | Required |
-ReportFormat          | The format of the report to be generated. Allowed values are: HTML, XML, VULN, or ALL. The default value is HTML.| Optional
+ReportFormat          | The format of the report to be generated. Allowed values are: HTML, XML, VULN, or ALL. The default value is HTML.| Optional |
-ReportOutputDirectory | The directory where dependency-check will store data used for analysis. Defaults to the current working directory. | Optional
+ReportOutputDirectory | The directory where dependency-check will store data used for analysis. Defaults to the current working directory. | Optional |
-FailBuildOn           | If set and a CVE is found that is greater then the specified value the build will fail. The default value is 11 which means that the build will not fail. Valid values are 0-11. | Optional
+FailBuildOn           | If set and a CVE is found that is greater then the specified value the build will fail. The default value is 11 which means that the build will not fail. Valid values are 0-11. | Optional |
-AutoUpdate            | If set to false the NVD CVE data is not automatically updated. Setting this to false could result in false negatives. However, this may be required in some environments. The default value is true. | Optional
+AutoUpdate            | If set to false the NVD CVE data is not automatically updated. Setting this to false could result in false negatives. However, this may be required in some environments. The default value is true. | Optional |
-DataDirectory         | The directory where dependency-check will store data used for analysis. Defaults to a folder called, called 'dependency-check-data', that is in the same directory as the dependency-check-ant jar file was installed in. *It is not recommended to change this.* | Optional
+DataDirectory         | The directory where dependency-check will store data used for analysis. Defaults to a folder called, called 'dependency-check-data', that is in the same directory as the dependency-check-ant jar file was installed in. *It is not recommended to change this.* | Optional |
-LogFile               | The file path to write verbose logging information. | Optional
+LogFile               | The file path to write verbose logging information. | Optional |
-SuppressionFile       | An XML file conforming to the suppression schema that suppresses findings; this is used to hide [false positives](../suppression.html). | Optional
+SuppressionFile       | An XML file conforming to the suppression schema that suppresses findings; this is used to hide [false positives](../suppression.html). | Optional |
-ProxyUrl              | Defines the proxy used to connect to the Internet. | Optional
+ProxyUrl              | Defines the proxy used to connect to the Internet. | Optional |
-ProxyPort             | Defines the port for the proxy. | Optional
+ProxyPort             | Defines the port for the proxy. | Optional |
-ProxyUsername         | Defines the proxy user name. | Optional
+ProxyUsername         | Defines the proxy user name. | Optional |
-ProxyPassword         | Defines the proxy password. | Optional
+ProxyPassword         | Defines the proxy password. | Optional |
-ConnectionTimeout     | The connection timeout used when downloading data files from the Internet. | Optional
+ConnectionTimeout     | The connection timeout used when downloading data files from the Internet. | Optional |
-nexusAnalyzerEnabled  | The connection timeout used when downloading data files from the Internet. | Optional
+nexusAnalyzerEnabled  | The connection timeout used when downloading data files from the Internet. | Optional |
-nexusUrl              | The connection timeout used when downloading data files from the Internet. | Optional
+nexusUrl              | The connection timeout used when downloading data files from the Internet. | Optional |
-databaseDriverName    | The name of the database driver. Example: org.h2.Driver. | Optional
+databaseDriverName    | The name of the database driver. Example: org.h2.Driver. | Optional |
-databaseDriverPath    | The path to the database driver JAR file; only used if the driver is not in the class path. | Optional
+databaseDriverPath    | The path to the database driver JAR file; only used if the driver is not in the class path. | Optional |
-connectionString      | The connection string used to connect to the database. | Optional
+connectionString      | The connection string used to connect to the database. | Optional |
-databaseUser          | The username used when connecting to the database. | Optional
+databaseUser          | The username used when connecting to the database. | Optional | dcuser
-databasePassword      | The password used when connecting to the database. | Optional
+databasePassword      | The password used when connecting to the database. | Optional |
 zipExtensions         | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. | Optional
-
+cveUrl12Modified      | URL for the modified CVE 1.2 | Optional | http://nvd.nist.gov/download/nvdcve-modified.xml
-
+cveUrl20Modified      | URL for the modified CVE 2.0 | Optional | http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml
 cveUrl12Base          | Base URL for each year's CVE 1.2, the %d will be replaced with the year | Optional | http://nvd.nist.gov/download/nvdcve-%d.xml
 cveUrl20Base          | Base URL for each year's CVE 2.0, the %d will be replaced with the year | Optional | http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml