diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
index b2c005199..c6ff64a13 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
@@ -667,6 +667,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
final String password = proxy.getPassword();
Settings.setStringIfNotNull(Settings.KEYS.PROXY_USERNAME, userName);
Settings.setStringIfNotNull(Settings.KEYS.PROXY_PASSWORD, password);
+ Settings.setStringIfNotNull(Settings.KEYS.PROXY_NON_PROXY_HOSTS, proxy.getNonProxyHosts());
}
Settings.setStringIfNotEmpty(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout);
diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
index 9e32c0fec..c67e3e7fe 100644
--- a/dependency-check-utils/pom.xml
+++ b/dependency-check-utils/pom.xml
@@ -139,6 +139,10 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
commons-io
commons-io
+
+ org.apache.commons
+ commons-lang3
+
org.slf4j
slf4j-api
diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
index 2cabc9b87..1ef117eb8 100644
--- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
+++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
@@ -165,6 +165,10 @@ public final class Settings {
* The properties key for the proxy password.
*/
public static final String PROXY_PASSWORD = "proxy.password";
+ /**
+ * The properties key for the non proxy hosts.
+ */
+ public static final String PROXY_NON_PROXY_HOSTS = "proxy.nonproxyhosts";
/**
* The properties key for the connection timeout.
*/
diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java
index c11e3ecf9..10da9464b 100644
--- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java
+++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java
@@ -18,6 +18,8 @@
package org.owasp.dependencycheck.utils;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import org.apache.commons.lang3.StringUtils;
+
import java.io.IOException;
import java.net.Authenticator;
import java.net.HttpURLConnection;
@@ -53,13 +55,15 @@ public final class URLConnectionFactory {
public static HttpURLConnection createHttpURLConnection(URL url) throws URLConnectionFailureException {
HttpURLConnection conn = null;
final String proxyUrl = Settings.getString(Settings.KEYS.PROXY_SERVER);
+
try {
- if (proxyUrl != null) {
+ if (proxyUrl != null && !matchNonProxy(url)) {
final int proxyPort = Settings.getInt(Settings.KEYS.PROXY_PORT);
final SocketAddress address = new InetSocketAddress(proxyUrl, proxyPort);
final String username = Settings.getString(Settings.KEYS.PROXY_USERNAME);
final String password = Settings.getString(Settings.KEYS.PROXY_PASSWORD);
+
if (username != null && password != null) {
final Authenticator auth = new Authenticator() {
@Override
@@ -94,6 +98,48 @@ public final class URLConnectionFactory {
return conn;
}
+ /**
+ * Check if hostname matches nonProxy settings
+ *
+ * @param url the url to connect to
+ * @return matching result. true: match nonProxy
+ */
+ private static boolean matchNonProxy(final URL url) {
+ String host = url.getHost();
+
+ // code partially from org.apache.maven.plugins.site.AbstractDeployMojo#getProxyInfo
+ final String nonProxyHosts = Settings.getString(Settings.KEYS.PROXY_NON_PROXY_HOSTS);
+ if (null != nonProxyHosts) {
+ final String[] nonProxies = nonProxyHosts.split( "(,)|(;)|(\\|)" );
+ for (final String nonProxyHost : nonProxies) {
+ //if ( StringUtils.contains( nonProxyHost, "*" ) )
+ if (null != nonProxyHost && nonProxyHost.contains("*")) {
+ // Handle wildcard at the end, beginning or middle of the nonProxyHost
+ final int pos = nonProxyHost.indexOf('*');
+ String nonProxyHostPrefix = nonProxyHost.substring(0, pos);
+ String nonProxyHostSuffix = nonProxyHost.substring(pos + 1);
+ // prefix*
+ if (!StringUtils.isEmpty(nonProxyHostPrefix) && host.startsWith(nonProxyHostPrefix) && StringUtils.isEmpty(nonProxyHostSuffix)) {
+ return true;
+ }
+ // *suffix
+ if (StringUtils.isEmpty(nonProxyHostPrefix) && !StringUtils.isEmpty(nonProxyHostSuffix) && host.endsWith(nonProxyHostSuffix)) {
+ return true;
+ }
+ // prefix*suffix
+ if (!StringUtils.isEmpty(nonProxyHostPrefix) && host.startsWith(nonProxyHostPrefix) && !StringUtils.isEmpty(nonProxyHostSuffix) && host.endsWith(nonProxyHostSuffix)) {
+ return true;
+ }
+ }
+ else if (host.equals(nonProxyHost)) {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+
+
/**
* Utility method to create an HttpURLConnection. The use of a proxy here is optional as there may be cases where a proxy is
* configured but we don't want to use it (for example, if there's an internal repository configured)