github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-14 06:06:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Now switched to slf4j

Browse Source 
Former-commit-id: 880512e5998d86026cfec40b1a8a165dd6b4b8e1
This commit is contained in:
Will Stranathan
2015-06-16 18:50:05 -04:00
parent 1b4cb1379a
commit 8aca739f54
74 changed files with 1718 additions and 818 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
View File

@@ -25,8 +25,6 @@ import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.plugins.annotations.LifecyclePhase;
@@ -54,12 +52,6 @@ import org.owasp.dependencycheck.utils.Settings;
requiresOnline = true
)
public class AggregateMojo extends BaseDependencyCheckMojo {
/**
* Logger field reference.
*/
private static final Logger LOGGER = Logger.getLogger(AggregateMojo.class.getName());
/**
* Executes the aggregate dependency-check goal. This runs dependency-check and generates the subsequent reports.
*
@@ -76,7 +68,9 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
for (MavenProject current : getReactorProjects()) {
final File dataFile = getDataFile(current);
if (dataFile == null) { //dc was never run on this project. write the ser to the target.
LOGGER.fine(String.format("Executing dependency-check on %s", current.getName()));
if (getLog().isDebugEnabled()) {
getLog().debug(String.format("Executing dependency-check on %s", current.getName()));
}
generateDataFile(engine, current);
}
}
@@ -90,22 +84,32 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
for (MavenProject reportOn : childProjects) {
final List<Dependency> childDeps = readDataFile(reportOn);
if (childDeps != null && !childDeps.isEmpty()) {
LOGGER.fine(String.format("Adding %d dependencies from %s", childDeps.size(), reportOn.getName()));
if (getLog().isDebugEnabled()) {
getLog().debug(String.format("Adding %d dependencies from %s", childDeps.size(), reportOn.getName()));
}
dependencies.addAll(childDeps);
} else {
LOGGER.fine(String.format("No dependencies read for %s", reportOn.getName()));
if (getLog().isDebugEnabled()) {
getLog().debug(String.format("No dependencies read for %s", reportOn.getName()));
}
}
}
engine.getDependencies().clear();
engine.getDependencies().addAll(dependencies);
final DependencyBundlingAnalyzer bundler = new DependencyBundlingAnalyzer();
try {
LOGGER.fine(String.format("Dependency count pre-bundler: %s", engine.getDependencies().size()));
if (getLog().isDebugEnabled()) {
getLog().debug(String.format("Dependency count pre-bundler: %s", engine.getDependencies().size()));
}
bundler.analyze(null, engine);
LOGGER.fine(String.format("Dependency count post-bundler: %s", engine.getDependencies().size()));
if (getLog().isDebugEnabled()) {
getLog().debug(String.format("Dependency count post-bundler: %s", engine.getDependencies().size()));
}
} catch (AnalysisException ex) {
LOGGER.log(Level.WARNING, "An error occured grouping the dependencies; duplicate entries may exist in the report", ex);
LOGGER.log(Level.FINE, "Bundling Exception", ex);
getLog().warn("An error occured grouping the dependencies; duplicate entries may exist in the report", ex);
if (getLog().isDebugEnabled()) {
getLog().debug("Bundling Exception", ex);
}
}
File outputDir = getCorrectOutputDirectory(current);
@@ -133,17 +137,23 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
}
final Set<MavenProject> descendants = new HashSet<MavenProject>();
int size = 0;
LOGGER.fine(String.format("Collecting descendants of %s", project.getName()));
if (getLog().isDebugEnabled()) {
getLog().debug(String.format("Collecting descendants of %s", project.getName()));
}
for (String m : project.getModules()) {
for (MavenProject mod : getReactorProjects()) {
try {
File mpp = new File(project.getBasedir(), m);
mpp = mpp.getCanonicalFile();
if (mpp.compareTo(mod.getBasedir()) == 0 && descendants.add(mod)) {
LOGGER.fine(String.format("Decendent module %s added", mod.getName()));
if (getLog().isDebugEnabled()) {
getLog().debug(String.format("Decendent module %s added", mod.getName()));
};
}
} catch (IOException ex) {
LOGGER.log(Level.FINE, "Unable to determine module path", ex);
if (getLog().isDebugEnabled()) {
getLog().debug("Unable to determine module path", ex);
}
}
}
}
@@ -152,12 +162,16 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
for (MavenProject p : getReactorProjects()) {
if (project.equals(p.getParent()) || descendants.contains(p.getParent())) {
if (descendants.add(p)) {
LOGGER.fine(String.format("Decendent %s added", p.getName()));
if (getLog().isDebugEnabled()) {
getLog().debug(String.format("Decendent %s added", p.getName()));
}
}
for (MavenProject modTest : getReactorProjects()) {
if (p.getModules() != null && p.getModules().contains(modTest.getName())
&& descendants.add(modTest)) {
LOGGER.fine(String.format("Decendent %s added", modTest.getName()));
if (getLog().isDebugEnabled()) {
getLog().debug(String.format("Decendent %s added", modTest.getName()));
}
}
}
}
@@ -167,16 +181,22 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
File mpp = new File(dec.getBasedir(), mod);
mpp = mpp.getCanonicalFile();
if (mpp.compareTo(p.getBasedir()) == 0 && descendants.add(p)) {
LOGGER.fine(String.format("Decendent module %s added", p.getName()));
if (getLog().isDebugEnabled()) {
getLog().debug(String.format("Decendent module %s added", p.getName()));
}
}
} catch (IOException ex) {
LOGGER.log(Level.FINE, "Unable to determine module path", ex);
if (getLog().isDebugEnabled()) {
getLog().debug("Unable to determine module path", ex);
}
}
}
}
}
} while (size != 0 && size != descendants.size());
LOGGER.fine(String.format("%s has %d children", project, descendants.size()));
if (getLog().isDebugEnabled()) {
getLog().debug(String.format("%s has %d children", project, descendants.size()));
}
return descendants;
}
@@ -202,7 +222,9 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
try {
engine = initializeEngine();
} catch (DatabaseException ex) {
LOGGER.log(Level.FINE, "Database connection error", ex);
if (getLog().isDebugEnabled()) {
getLog().debug("Database connection error", ex);
}
throw new MojoExecutionException("An exception occured connecting to the local database. Please see the log file for more details.", ex);
}
return generateDataFile(engine, getProject());
@@ -218,7 +240,9 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
* @throws MojoFailureException thrown if dependency-check is configured to fail the build if severe CVEs are identified.
*/
protected Engine generateDataFile(Engine engine, MavenProject project) throws MojoExecutionException, MojoFailureException {
LOGGER.fine(String.format("Begin Scanning: %s", project.getName()));
if (getLog().isDebugEnabled()) {
getLog().debug(String.format("Begin Scanning: %s", project.getName()));
}
engine.getDependencies().clear();
engine.resetFileTypeAnalyzers();
scanArtifacts(project, engine);

110
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
View File

@@ -29,8 +29,6 @@ import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.util.List;
import java.util.Locale;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.maven.artifact.Artifact;
import org.apache.maven.artifact.metadata.ArtifactMetadataRetrievalException;
import org.apache.maven.artifact.metadata.ArtifactMetadataSource;
@@ -66,10 +64,6 @@ import org.owasp.dependencycheck.utils.Settings;
public abstract class BaseDependencyCheckMojo extends AbstractMojo implements MavenReport {
//<editor-fold defaultstate="collapsed" desc="Private fields">
/**
* Logger field reference.
*/
private static final Logger LOGGER = Logger.getLogger(BaseDependencyCheckMojo.class.getName());
/**
* The properties file location.
*/
@@ -407,7 +401,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
} catch (MojoExecutionException ex) {
throw new MavenReportException(ex.getMessage(), ex);
} catch (MojoFailureException ex) {
LOGGER.warning("Vulnerabilities were identifies that exceed the CVSS threshold for failing the build");
getLog().warn("Vulnerabilities were identifies that exceed the CVSS threshold for failing the build");
}
}
@@ -446,14 +440,18 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* @return the directory to write the report(s)
*/
protected File getDataFile(MavenProject current) {
LOGGER.fine(String.format("Getting data filefor %s using key '%s'", current.getName(), getDataFileContextKey()));
if (getLog().isDebugEnabled()) {
getLog().debug(String.format("Getting data filefor %s using key '%s'", current.getName(), getDataFileContextKey()));
}
final Object obj = current.getContextValue(getDataFileContextKey());
if (obj != null) {
if (obj instanceof File) {
return (File) obj;
}
} else {
LOGGER.fine("Context value not found");
if (getLog().isDebugEnabled()) {
getLog().debug("Context value not found");
}
}
return null;
}
@@ -477,8 +475,10 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
final MavenArtifact ma = new MavenArtifact(a.getGroupId(), a.getArtifactId(), a.getVersion());
d.addAsEvidence("pom", ma, Confidence.HIGHEST);
d.addProjectReference(project.getName());
LOGGER.fine(String.format("Adding project reference %s on dependency %s", project.getName(),
if (getLog().isDebugEnabled()) {
getLog().debug(String.format("Adding project reference %s on dependency %s", project.getName(),
d.getDisplayFileName()));
}
if (metadataSource != null) {
try {
final DependencyVersion currentVersion = new DependencyVersion(a.getVersion());
@@ -491,20 +491,26 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
}
}
} catch (ArtifactMetadataRetrievalException ex) {
LOGGER.log(Level.WARNING,
getLog().warn(
"Unable to check for new versions of dependencies; see the log for more details.");
LOGGER.log(Level.FINE, null, ex);
if (getLog().isDebugEnabled()) {
getLog().debug("", ex);
}
} catch (Throwable t) {
LOGGER.log(Level.WARNING,
getLog().warn(
"Unexpected error occured checking for new versions; see the log for more details.");
LOGGER.log(Level.FINE, "", t);
if (getLog().isDebugEnabled()) {
getLog().debug("", t);
}
}
}
}
} else {
final String msg = String.format("More then 1 dependency was identified in first pass scan of '%s:%s:%s'",
if (getLog().isDebugEnabled()) {
final String msg = String.format("More then 1 dependency was identified in first pass scan of '%s:%s:%s'",
a.getGroupId(), a.getArtifactId(), a.getVersion());
LOGGER.fine(msg);
getLog().debug(msg);
}
}
}
}
@@ -570,7 +576,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
} else if ("VULN".equalsIgnoreCase(this.format)) {
return "dependency-check-vulnerability";
} else {
LOGGER.log(Level.WARNING, "Unknown report format used during site generation.");
getLog().warn("Unknown report format used during site generation.");
return "dependency-check-report";
}
}
@@ -613,26 +619,30 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
mojoProperties = this.getClass().getClassLoader().getResourceAsStream(PROPERTIES_FILE);
Settings.mergeProperties(mojoProperties);
} catch (IOException ex) {
LOGGER.log(Level.WARNING, "Unable to load the dependency-check ant task.properties file.");
LOGGER.log(Level.FINE, null, ex);
getLog().warn("Unable to load the dependency-check ant task.properties file.");
if (getLog().isDebugEnabled()) {
getLog().debug("", ex);
}
} finally {
if (mojoProperties != null) {
try {
mojoProperties.close();
} catch (IOException ex) {
LOGGER.log(Level.FINEST, null, ex);
if (getLog().isDebugEnabled()) {
getLog().debug("", ex);
}
}
}
}
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
if (externalReport != null) {
LOGGER.warning("The 'externalReport' option was set; this configuration option has been removed. "
+ "Please update the dependency-check-maven plugin's configuration");
getLog().warn("The 'externalReport' option was set; this configuration option has been removed. "
+ "Please update the dependency-check-maven plugin's configuration");
}
if (proxyUrl != null && !proxyUrl.isEmpty()) {
LOGGER.warning("Deprecated configuration detected, proxyUrl will be ignored; use the maven settings " + "to configure the proxy instead");
getLog().warn("Deprecated configuration detected, proxyUrl will be ignored; use the maven settings " + "to configure the proxy instead");
}
final Proxy proxy = getMavenProxy();
if (proxy != null) {
@@ -739,8 +749,8 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
} else if (proxies.size() == 1) {
return proxies.get(0);
} else {
LOGGER.warning("Multiple proxy definitions exist in the Maven settings. In the dependency-check "
+ "configuration set the mavenSettingsProxyId so that the correct proxy will be used.");
getLog().warn("Multiple proxy definitions exist in the Maven settings. In the dependency-check "
+ "configuration set the mavenSettingsProxyId so that the correct proxy will be used.");
throw new IllegalStateException("Ambiguous proxy definition");
}
}
@@ -812,7 +822,9 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
cve.open();
prop = cve.getDatabaseProperties();
} catch (DatabaseException ex) {
LOGGER.log(Level.FINE, "Unable to retrieve DB Properties", ex);
if (getLog().isDebugEnabled()) {
getLog().debug("Unable to retrieve DB Properties", ex);
}
} finally {
if (cve != null) {
cve.close();
@@ -822,13 +834,17 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
try {
r.generateReports(outputDir.getAbsolutePath(), format);
} catch (IOException ex) {
LOGGER.log(Level.SEVERE,
getLog().error(
"Unexpected exception occurred during analysis; please see the verbose error log for more details.");
LOGGER.log(Level.FINE, null, ex);
if (getLog().isDebugEnabled()) {
getLog().debug("", ex);
}
} catch (Throwable ex) {
LOGGER.log(Level.SEVERE,
"Unexpected exception occurred during analysis; please see the verbose error log for more details.");
LOGGER.log(Level.FINE, null, ex);
getLog().error(
"Unexpected exception occurred during analysis; please see the verbose error log for more details.");
if (getLog().isDebugEnabled()) {
getLog().debug("", ex);
}
}
}
@@ -903,7 +919,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
if (summary.length() > 0) {
final String msg = String.format("%n%n" + "One or more dependencies were identified with known vulnerabilities in %s:%n%n%s"
+ "%n%nSee the dependency-check report for more details.%n%n", mp.getName(), summary.toString());
LOGGER.log(Level.WARNING, msg);
getLog().warn(msg);
}
}
}
@@ -962,33 +978,43 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
//https://www.securecoding.cert.org/confluence/display/java/SER10-J.+Avoid+memory+and+resource+leaks+during+serialization
out.reset();
}
LOGGER.fine(String.format("Serialized data file written to '%s' for %s, referenced by key %s",
if (getLog().isDebugEnabled()) {
getLog().debug(String.format("Serialized data file written to '%s' for %s, referenced by key %s",
file.getAbsolutePath(), mp.getName(), this.getDataFileContextKey()));
}
mp.setContextValue(this.getDataFileContextKey(), file.getAbsolutePath());
} catch (IOException ex) {
LOGGER.log(Level.WARNING, "Unable to create data file used for report aggregation; "
getLog().warn("Unable to create data file used for report aggregation; "
+ "if report aggregation is being used the results may be incomplete.");
LOGGER.log(Level.FINE, ex.getMessage(), ex);
if (getLog().isDebugEnabled()) {
getLog().debug(ex.getMessage(), ex);
}
} finally {
if (out != null) {
try {
out.close();
} catch (IOException ex) {
LOGGER.log(Level.FINEST, "ignore", ex);
if (getLog().isDebugEnabled()) {
getLog().debug("ignore", ex);
}
}
}
if (bos != null) {
try {
bos.close();
} catch (IOException ex) {
LOGGER.log(Level.FINEST, "ignore", ex);
if (getLog().isDebugEnabled()) {
getLog().debug("ignore", ex);
}
}
}
if (os != null) {
try {
os.close();
} catch (IOException ex) {
LOGGER.log(Level.FINEST, "ignore", ex);
if (getLog().isDebugEnabled()) {
getLog().debug("ignore", ex);
}
}
}
}
@@ -1016,17 +1042,17 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
ret = (List<Dependency>) ois.readObject();
} catch (FileNotFoundException ex) {
//TODO fix logging
LOGGER.log(Level.SEVERE, null, ex);
getLog().error("", ex);
} catch (IOException ex) {
LOGGER.log(Level.SEVERE, null, ex);
getLog().error("", ex);
} catch (ClassNotFoundException ex) {
LOGGER.log(Level.SEVERE, null, ex);
getLog().error("", ex);
} finally {
if (ois != null) {
try {
ois.close();
} catch (IOException ex) {
LOGGER.log(Level.SEVERE, null, ex);
getLog().error("", ex);
}
}
}

13
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java
View File

@@ -18,8 +18,6 @@
package org.owasp.dependencycheck.maven;
import java.util.Locale;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.maven.artifact.Artifact;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
@@ -43,11 +41,6 @@ import org.owasp.dependencycheck.utils.Settings;
)
public class CheckMojo extends BaseDependencyCheckMojo {
/**
* Logger field reference.
*/
private static final Logger LOGGER = Logger.getLogger(CheckMojo.class.getName());
/**
* Returns whether or not a the report can be generated.
*
@@ -77,12 +70,14 @@ public class CheckMojo extends BaseDependencyCheckMojo {
try {
engine = initializeEngine();
} catch (DatabaseException ex) {
LOGGER.log(Level.FINE, "Database connection error", ex);
if (getLog().isDebugEnabled()) {
getLog().debug("Database connection error", ex);
}
throw new MojoExecutionException("An exception occured connecting to the local database. Please see the log file for more details.", ex);
}
scanArtifacts(getProject(), engine);
if (engine.getDependencies().isEmpty()) {
LOGGER.info("No dependencies were identified that could be analyzed by dependency-check");
getLog().info("No dependencies were identified that could be analyzed by dependency-check");
} else {
engine.analyzeDependencies();
writeReports(engine, getProject(), getCorrectOutputDirectory());

9
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java
View File

@@ -18,13 +18,14 @@
package org.owasp.dependencycheck.maven;
import java.util.List;
import java.util.logging.Logger;
import org.apache.maven.project.MavenProject;
import org.owasp.dependencycheck.analyzer.Analyzer;
import org.owasp.dependencycheck.analyzer.CPEAnalyzer;
import org.owasp.dependencycheck.analyzer.FileTypeAnalyzer;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* A modified version of the core engine specifically designed to persist some data between multiple executions of a multi-module
@@ -37,7 +38,7 @@ public class Engine extends org.owasp.dependencycheck.Engine {
/**
* The logger.
*/
private static final transient Logger LOGGER = Logger.getLogger(Engine.class.getName());
private static final transient Logger LOGGER = LoggerFactory.getLogger(Engine.class);
/**
* A key used to persist an object in the MavenProject.
*/
@@ -75,9 +76,9 @@ public class Engine extends org.owasp.dependencycheck.Engine {
public void analyzeDependencies() {
final MavenProject root = getExecutionRoot();
if (root != null) {
LOGGER.fine(String.format("Checking root project, %s, if updates have already been completed", root.getArtifactId()));
LOGGER.debug("Checking root project, {}, if updates have already been completed", root.getArtifactId());
} else {
LOGGER.fine("Checking root project, null, if updates have already been completed");
LOGGER.debug("Checking root project, null, if updates have already been completed");
}
if (root != null && root.getContextValue(UPDATE_EXECUTED_FLAG) != null) {
System.setProperty(Settings.KEYS.AUTO_UPDATE, Boolean.FALSE.toString());

320
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/MavenLoggerAdapter.java Normal file
View File

@@ -0,0 +1,320 @@
/*
* This file is part of dependency-check-ant.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.maven;
import org.apache.maven.plugin.logging.Log;
import org.slf4j.helpers.FormattingTuple;
import org.slf4j.helpers.MarkerIgnoringBase;
import org.slf4j.helpers.MessageFormatter;
/**
* Created by colezlaw on 6/14/15.
*/
public class MavenLoggerAdapter extends MarkerIgnoringBase {
private Log log;
public MavenLoggerAdapter(Log log) {
super();
this.log = log;
}
@Override
public boolean isTraceEnabled() {
if (log != null) {
return log.isDebugEnabled();
}
return true;
}
@Override
public void trace(String msg) {
if (log != null) {
log.debug(msg);
} else {
System.out.println(msg);
}
}
@Override
public void trace(String format, Object arg) {
String message = MessageFormatter.format(format, arg).getMessage();
if (log != null) {
log.debug(message);
} else {
System.out.println(message);
}
}
@Override
public void trace(String format, Object arg1, Object arg2) {
String message = MessageFormatter.format(format, arg1, arg2).getMessage();
if (log != null) {
log.debug(message);
} else {
System.out.println(message);
}
}
@Override
public void trace(String format, Object... arguments) {
String message = MessageFormatter.format(format, arguments).getMessage();
if (log != null) {
log.debug(message);
} else {
System.out.println(message);
}
}
@Override
public void trace(String msg, Throwable t) {
if (log != null) {
log.debug(msg, t);
} else {
System.out.println(msg);
t.printStackTrace();
}
}
@Override
public boolean isDebugEnabled() {
if (log != null) {
return log.isDebugEnabled();
}
return true;
}
@Override
public void debug(String msg) {
if (log != null) {
log.debug(msg);
} else {
System.out.println(msg);
}
}
@Override
public void debug(String format, Object arg) {
String message = MessageFormatter.format(format, arg).getMessage();
if (log != null) {
log.debug(message);
} else {
System.out.println(message);
}
}
@Override
public void debug(String format, Object arg1, Object arg2) {
String message = MessageFormatter.format(format, arg1, arg2).getMessage();
if (log != null) {
log.debug(message);
} else {
System.out.println(message);
}
}
@Override
public void debug(String format, Object... arguments) {
String message = MessageFormatter.format(format, arguments).getMessage();
if (log != null) {
log.debug(message);
} else {
System.out.println(message);
}
}
@Override
public void debug(String msg, Throwable t) {
if (log != null) {
log.debug(msg, t);
} else {
System.out.println(msg);
t.printStackTrace();
}
}
@Override
public boolean isInfoEnabled() {
if (log != null) {
return log.isInfoEnabled();
}
return true;
}
@Override
public void info(String msg) {
if (log != null) {
log.info(msg);
} else {
System.out.println(msg);
}
}
@Override
public void info(String format, Object arg) {
String message = MessageFormatter.format(format, arg).getMessage();
if (log != null) {
log.info(message);
} else {
System.out.println(message);
}
}
@Override
public void info(String format, Object arg1, Object arg2) {
String message = MessageFormatter.format(format, arg1, arg2).getMessage();
if (log != null) {
log.info(message);
} else {
System.out.println(message);
}
}
@Override
public void info(String format, Object... arguments) {
String message = MessageFormatter.format(format, arguments).getMessage();
if (log != null) {
log.info(message);
} else {
System.out.println(message);
}
}
@Override
public void info(String msg, Throwable t) {
if (log != null) {
log.info(msg, t);
} else {
System.out.println(msg);
t.printStackTrace();
}
}
@Override
public boolean isWarnEnabled() {
if (log != null) {
return log.isWarnEnabled();
}
return true;
}
@Override
public void warn(String msg) {
if (log != null) {
log.warn(msg);
} else {
System.out.println(msg);
}
}
@Override
public void warn(String format, Object arg) {
String message = MessageFormatter.format(format, arg).getMessage();
if (log != null) {
log.warn(message);
} else {
System.out.println(message);
}
}
@Override
public void warn(String format, Object arg1, Object arg2) {
String message = MessageFormatter.format(format, arg1, arg2).getMessage();
if (log != null) {
log.warn(message);
} else {
System.out.println(message);
}
}
@Override
public void warn(String format, Object... arguments) {
String message = MessageFormatter.format(format, arguments).getMessage();
if (log != null) {
log.warn(message);
} else {
System.out.println(message);
}
}
@Override
public void warn(String msg, Throwable t) {
if (log != null) {
log.warn(msg, t);
} else {
System.out.println(msg);
t.printStackTrace();
}
}
@Override
public boolean isErrorEnabled() {
if (log != null) {
return log.isErrorEnabled();
}
return true;
}
@Override
public void error(String msg) {
if (log != null) {
log.error(msg);
} else {
System.out.println(msg);
}
}
@Override
public void error(String format, Object arg) {
String message = MessageFormatter.format(format, arg).getMessage();
if (log != null) {
log.error(message);
} else {
System.out.println(message);
}
}
@Override
public void error(String format, Object arg1, Object arg2) {
String message = MessageFormatter.format(format, arg1, arg2).getMessage();
if (log != null) {
log.error(message);
} else {
System.out.println(message);
}
}
@Override
public void error(String format, Object... arguments) {
String message = MessageFormatter.format(format, arguments).getMessage();
if (log != null) {
log.error(message);
} else {
System.out.println(message);
}
}
@Override
public void error(String msg, Throwable t) {
if (log != null) {
log.error(msg, t);
} else {
System.out.println(msg);
t.printStackTrace();
}
}
}

38
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/MavenLoggerFactory.java Normal file
View File

@@ -0,0 +1,38 @@
/*
* This file is part of dependency-check-ant.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.maven;
import org.apache.maven.plugin.logging.Log;
import org.slf4j.ILoggerFactory;
import org.slf4j.Logger;
/**
* Created by colezlaw on 6/14/15.
*/
public class MavenLoggerFactory implements ILoggerFactory {
private MavenLoggerAdapter mavenLoggerAdapter;
public MavenLoggerFactory(Log log) {
super();
this.mavenLoggerAdapter = new MavenLoggerAdapter(log);
}
public Logger getLogger(String name) {
return mavenLoggerAdapter;
}
}

11
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/UpdateMojo.java
View File

@@ -18,8 +18,6 @@
package org.owasp.dependencycheck.maven;
import java.util.Locale;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.plugins.annotations.LifecyclePhase;
@@ -42,11 +40,6 @@ import org.owasp.dependencycheck.utils.Settings;
)
public class UpdateMojo extends BaseDependencyCheckMojo {
/**
* Logger field reference.
*/
private static final Logger LOGGER = Logger.getLogger(UpdateMojo.class.getName());
/**
* Returns false; this mojo cannot generate a report.
*
@@ -70,7 +63,9 @@ public class UpdateMojo extends BaseDependencyCheckMojo {
engine = initializeEngine();
engine.update();
} catch (DatabaseException ex) {
LOGGER.log(Level.FINE, "Database connection error", ex);
if (getLog().isDebugEnabled()) {
getLog().debug("Database connection error", ex);
}
throw new MojoExecutionException("An exception occured connecting to the local database. Please see the log file for more details.", ex);
}
engine.cleanup();

88
dependency-check-maven/src/main/java/org/slf4j/impl/StaticLoggerBinder.java Normal file
View File

@@ -0,0 +1,88 @@
/*
* This file is part of dependency-check-ant.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
*/
package org.slf4j.impl;
import org.apache.maven.plugin.logging.Log;
import org.owasp.dependencycheck.maven.MavenLoggerFactory;
import org.slf4j.ILoggerFactory;
import org.slf4j.spi.LoggerFactoryBinder;
/**
* The binding of {@link org.slf4j.LoggerFactory} class with an actual instance of
* {@link ILoggerFactory} is performed using information returned by this class.
*
* @author colezlaw
*/
public class StaticLoggerBinder implements LoggerFactoryBinder {
/**
* The unique instance of this class
*
*/
private static final StaticLoggerBinder SINGLETON = new StaticLoggerBinder();
/**
* Return the singleton of this class.
*
* @return the StaticLoggerBinder singleton
*/
public static final StaticLoggerBinder getSingleton() {
return SINGLETON;
}
/**
* Maven mojos have their own logger, so we'll use one of those
*/
private Log log;
/**
* Set the Task which will this is to log through.
*
* @param log the task through which to log
*/
public void setLog(Log log) {
this.log = log;
loggerFactory = new MavenLoggerFactory(log);
}
/**
* Declare the version of the SLF4J API this implementation is compiled
* against. The value of this filed is usually modified with each release.
*/
// to avoid constant folding by the compiler, this field must *not* be final
public static String REQUESTED_API_VERSION = "1.7.12"; // final
private static final String loggerFactoryClassStr = MavenLoggerFactory.class.getName();
/**
* The ILoggerFactory instance returned by the {@link #getLoggerFactory}
* method should always be the smae object
*/
private ILoggerFactory loggerFactory;
private StaticLoggerBinder() {
loggerFactory = new MavenLoggerFactory(log);
}
public ILoggerFactory getLoggerFactory() {
return loggerFactory;
}
public String getLoggerFactoryClassStr() {
return loggerFactoryClassStr;
}
}