changed where the flag is set to only update once in a multi-module project (from issue #168) to resolve issue #191

Former-commit-id: 56b8342ffeead397b2c9554c36bf360cb4c2b7fe
2026-01-14 15:53:36 +01:00 · 2015-01-21 19:27:13 -05:00
parent 4461c2e4a4
commit 88924ea520
1 changed files with 27 additions and 13 deletions
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java
@@ -27,8 +27,8 @@ import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 import org.owasp.dependencycheck.utils.Settings;

 /**
- * A modified version of the core engine specifically designed to persist some data between multiple executions of a
- * multi-module Maven project.
+ * A modified version of the core engine specifically designed to persist some
+ * data between multiple executions of a multi-module Maven project.
 *
 * @author Jeremy Long <jeremy.long@owasp.org>
 */
@@ -51,7 +51,8 @@ public class Engine extends org.owasp.dependencycheck.Engine {
     */
    private List<MavenProject> reactorProjects;
    /**
-     * Key used in the MavenProject context values to note whether or not an update has been executed.
+     * Key used in the MavenProject context values to note whether or not an
+     * update has been executed.
     */
    public static final String UPDATE_EXECUTED_FLAG = "dependency-check-update-executed";

@@ -59,12 +60,22 @@ public class Engine extends org.owasp.dependencycheck.Engine {
     * Creates a new Engine to perform anyalsis on dependencies.
     *
     * @param project the current Maven project
-     * @param reactorProjects the reactor projects for the current Maven execution
-     * @throws DatabaseException thrown if there is an issue connecting to the database
+     * @param reactorProjects the reactor projects for the current Maven
+     * execution
+     * @throws DatabaseException thrown if there is an issue connecting to the
+     * database
     */
    public Engine(MavenProject project, List<MavenProject> reactorProjects) throws DatabaseException {
        this.currentProject = project;
        this.reactorProjects = reactorProjects;
+        initializeEngine();
+    }
+
+    /**
+     * Runs the analyzers against all of the dependencies.
+     */
+    @Override
+    public void analyzeDependencies() {
        final MavenProject root = getExecutionRoot();
        if (root != null) {
            LOGGER.fine(String.format("Checking root project, %s, if updates have already been completed", root.getArtifactId()));
@@ -74,7 +85,7 @@ public class Engine extends org.owasp.dependencycheck.Engine {
        if (root != null && root.getContextValue(UPDATE_EXECUTED_FLAG) != null) {
            System.setProperty(Settings.KEYS.AUTO_UPDATE, Boolean.FALSE.toString());
        }
-        initializeEngine();
+        super.analyzeDependencies();
        if (root != null) {
            root.setContextValue(UPDATE_EXECUTED_FLAG, Boolean.TRUE);
        }
@@ -83,14 +94,15 @@ public class Engine extends org.owasp.dependencycheck.Engine {
    /**
     * This constructor should not be called. Use Engine(MavenProject) instead.
     *
-     * @throws DatabaseException thrown if there is an issue connecting to the database
+     * @throws DatabaseException thrown if there is an issue connecting to the
+     * database
     */
    private Engine() throws DatabaseException {
    }

    /**
-     * Initializes the given analyzer. This skips the initialization of the CPEAnalyzer if it has been initialized by a
-     * previous execution.
+     * Initializes the given analyzer. This skips the initialization of the
+     * CPEAnalyzer if it has been initialized by a previous execution.
     *
     * @param analyzer the analyzer to initialize
     * @return the initialized analyzer
@@ -109,7 +121,8 @@ public class Engine extends org.owasp.dependencycheck.Engine {
    }

    /**
-     * Releases resources used by the analyzers by calling close() on each analyzer.
+     * Releases resources used by the analyzers by calling close() on each
+     * analyzer.
     */
    @Override
    public void cleanup() {
@@ -196,9 +209,10 @@ public class Engine extends org.owasp.dependencycheck.Engine {
    }

    /**
-     * Resets the file type analyzers so that they can be re-used to scan additional directories. Without the reset the
-     * analyzer might be disabled because the first scan/analyze did not identify any files that could be processed by
-     * the analyzer.
+     * Resets the file type analyzers so that they can be re-used to scan
+     * additional directories. Without the reset the analyzer might be disabled
+     * because the first scan/analyze did not identify any files that could be
+     * processed by the analyzer.
     */
    public void resetFileTypeAnalyzers() {
        for (FileTypeAnalyzer a : getFileTypeAnalyzers()) {