github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-20 16:24:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Ruby Bundler: Added informative message about updating DB. Switched most log messages to debug level.

Browse Source
This commit is contained in:
Dale Visser
2015-08-30 14:52:55 -04:00
parent c393e74160
commit 73e0292a4b
2 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dependency-check-cli/src/site/markdown/arguments.md
View File

@@ -32,6 +32,7 @@ Short | Argument Name        | Paramete
| \-\-disablePyPkg | | Sets whether the Python Package Analyzer will be used. | false | \-\-disablePyPkg | | Sets whether the Python Package Analyzer will be used. | false
| \-\-disableNodeJS | | Sets whehter the Node.js Package Analyzer will be used. | false | \-\-disableNodeJS | | Sets whehter the Node.js Package Analyzer will be used. | false
| \-\-disableRubygems | | Sets whether the Ruby Gemspec Analyzer will be used. | false | \-\-disableRubygems | | Sets whether the Ruby Gemspec Analyzer will be used. | false
| \-\-disableBundlerAudit | | Sets whether the Ruby Bundler Audit Analyzer will be used. | false
| \-\-disableAutoconf | | Sets whether the Autoconf Analyzer will be used. | false | \-\-disableAutoconf | | Sets whether the Autoconf Analyzer will be used. | false
| \-\-disableOpenSSL | | Sets whether the OpenSSL Analyzer will be used. | false | \-\-disableOpenSSL | | Sets whether the OpenSSL Analyzer will be used. | false
| \-\-disableCmake | | Sets whether the Cmake Analyzer will be used. | false | \-\-disableCmake | | Sets whether the Cmake Analyzer will be used. | false
@@ -45,6 +46,7 @@ Short | Argument Name        | Paramete
| \-\-disableNuspec | | Sets whether or not the .NET Nuget Nuspec Analyzer will be used. | false | \-\-disableNuspec | | Sets whether or not the .NET Nuget Nuspec Analyzer will be used. | false
| \-\-disableAssembly | | Sets whether or not the .NET Assembly Analyzer should be used. | false | \-\-disableAssembly | | Sets whether or not the .NET Assembly Analyzer should be used. | false
| \-\-mono | \<path\> | The path to Mono for .NET Assembly analysis on non-windows systems. | &nbsp; | \-\-mono | \<path\> | The path to Mono for .NET Assembly analysis on non-windows systems. | &nbsp;
| \-\-bundleAudit | | The path to the bundle-audit executable. | &nbsp;
| \-\-proxyserver | \<server\> | The proxy server to use when downloading resources. | &nbsp; | \-\-proxyserver | \<server\> | The proxy server to use when downloading resources. | &nbsp;
| \-\-proxyport | \<port\> | The proxy port to use when downloading resources. | &nbsp; | \-\-proxyport | \<port\> | The proxy port to use when downloading resources. | &nbsp;
| \-\-connectiontimeout | \<timeout\> | The connection timeout (in milliseconds) to use when downloading resources. | &nbsp; | \-\-connectiontimeout | \<timeout\> | The connection timeout (in milliseconds) to use when downloading resources. | &nbsp;

14
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
View File

@@ -129,6 +129,10 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
LOGGER.debug("Exception while trying to launch bundle-audit.", ae); LOGGER.debug("Exception while trying to launch bundle-audit.", ae);
setEnabled(false); setEnabled(false);
} }
if (isEnabled()) {
LOGGER.info(ANALYZER_NAME + " is enabled. It is necessary to manually run \"bundle-audit update\" " +
"occasionally to keep its database up to date.");
}
} }
/** /**
@@ -208,7 +212,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
map.put(gem, createDependencyForGem(engine, parentName, fileName, gem)); map.put(gem, createDependencyForGem(engine, parentName, fileName, gem));
} }
dependency = map.get(gem); dependency = map.get(gem);
LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine)); LOGGER.debug(String.format("bundle-audit (%s): %s", parentName, nextLine));
} else if (nextLine.startsWith(VERSION)) { } else if (nextLine.startsWith(VERSION)) {
vulnerability = createVulnerability(parentName, dependency, vulnerability, gem, nextLine); vulnerability = createVulnerability(parentName, dependency, vulnerability, gem, nextLine);
} else if (nextLine.startsWith(ADVISORY)) { } else if (nextLine.startsWith(ADVISORY)) {
@@ -238,7 +242,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
if (null != dependency) { if (null != dependency) {
dependency.getVulnerabilities().add(vulnerability); // needed to wait for vulnerability name to avoid NPE dependency.getVulnerabilities().add(vulnerability); // needed to wait for vulnerability name to avoid NPE
} }
LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine)); LOGGER.debug(String.format("bundle-audit (%s): %s", parentName, nextLine));
} }
private void addReferenceToVulnerability(String parentName, Vulnerability vulnerability, String nextLine) { private void addReferenceToVulnerability(String parentName, Vulnerability vulnerability, String nextLine) {
@@ -250,7 +254,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
ref.setUrl(url); ref.setUrl(url);
vulnerability.getReferences().add(ref); vulnerability.getReferences().add(ref);
} }
LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine)); LOGGER.debug(String.format("bundle-audit (%s): %s", parentName, nextLine));
} }
private void addCriticalityToVulnerability(String parentName, Vulnerability vulnerability, String nextLine) { private void addCriticalityToVulnerability(String parentName, Vulnerability vulnerability, String nextLine) {
@@ -266,7 +270,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
vulnerability.setCvssScore(-1.0f); vulnerability.setCvssScore(-1.0f);
} }
} }
LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine)); LOGGER.debug(String.format("bundle-audit (%s): %s", parentName, nextLine));
} }
private Vulnerability createVulnerability(String parentName, Dependency dependency, Vulnerability vulnerability, String gem, String nextLine) { private Vulnerability createVulnerability(String parentName, Dependency dependency, Vulnerability vulnerability, String gem, String nextLine) {
@@ -288,7 +292,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
vulnerability.setCvssConfidentialityImpact("-"); vulnerability.setCvssConfidentialityImpact("-");
vulnerability.setCvssIntegrityImpact("-"); vulnerability.setCvssIntegrityImpact("-");
} }
LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine)); LOGGER.debug(String.format("bundle-audit (%s): %s", parentName, nextLine));
return vulnerability; return vulnerability;
} }