diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java index ab00565f2..3374d0deb 100644 --- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java +++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java @@ -129,12 +129,14 @@ public final class CliParser { * @throws FileNotFoundException is thrown if the path being validated does not exist. */ private void validatePathExists(String path, String argumentName) throws FileNotFoundException { - final File f = new File(path); - if (!f.exists()) { - isValid = false; - final String msg = String.format("Invalid '%s' argument: '%s'", argumentName, path); - throw new FileNotFoundException(msg); - } + if (!path.contains("*.")) { + final File f = new File(path); + if (!f.exists()) { + isValid = false; + final String msg = String.format("Invalid '%s' argument: '%s'", argumentName, path); + throw new FileNotFoundException(msg); + } + } // else { // TODO add a validation for *.zip extensions rather then relying on the engine to validate it. } /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java index 233ca01c4..daf789935 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java @@ -166,38 +166,49 @@ public class Engine { * @param path the path to a file or directory to be analyzed. */ public void scan(String path) { - final File file = new File(path); - scan(file); - } - - /** - * Scans an array of files or directories. If a directory is specified, it will be scanned recursively. Any - * dependencies identified are added to the dependency collection. - * - * @since v0.3.2.5 - * - * @param files an array of paths to files or directories to be analyzed. - */ - public void scan(File[] files) { - for (File file : files) { - scan(file); - } - } - - /** - * Scans a list of files or directories. If a directory is specified, it will be scanned recursively. Any - * dependencies identified are added to the dependency collection. - * - * @since v0.3.2.5 - * - * @param files a set of paths to files or directories to be analyzed. - */ - public void scan(Set files) { - for (File file : files) { + if (path.matches("^.*[\\/]\\*\\.[^\\/:*|?<>\"]+$")) { + String[] parts = path.split("\\*\\."); + String[] ext = new String[]{parts[parts.length - 1]}; + File dir = new File(path.substring(0, path.length() - ext[0].length() - 2)); + if (dir.isDirectory()) { + List files = (List) org.apache.commons.io.FileUtils.listFiles(dir, ext, true); + scan(files); + } else { + final String msg = String.format("Invalid file path provided to scan '%s'", path); + Logger.getLogger(Engine.class.getName()).log(Level.SEVERE, msg); + } + } else { + final File file = new File(path); scan(file); } } +// /** +// * Scans an array of files or directories. If a directory is specified, it will be scanned recursively. Any +// * dependencies identified are added to the dependency collection. +// * +// * @since v0.3.2.5 +// * +// * @param files an array of paths to files or directories to be analyzed. +// */ +// public void scan(File[] files) { +// for (File file : files) { +// scan(file); +// } +// } +// /** +// * Scans a list of files or directories. If a directory is specified, it will be scanned recursively. Any +// * dependencies identified are added to the dependency collection. +// * +// * @since v0.3.2.5 +// * +// * @param files a set of paths to files or directories to be analyzed. +// */ +// public void scan(Set files) { +// for (File file : files) { +// scan(file); +// } +// } /** * Scans a list of files or directories. If a directory is specified, it will be scanned recursively. Any * dependencies identified are added to the dependency collection. diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineIntegrationTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineIntegrationTest.java index 1b2b64b4c..453ed5891 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineIntegrationTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineIntegrationTest.java @@ -25,7 +25,9 @@ import org.junit.BeforeClass; import org.junit.Test; import org.owasp.dependencycheck.data.nvdcve.CveDB; import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties; +import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.reporting.ReportGenerator; +import org.owasp.dependencycheck.utils.Settings; /** * @@ -57,6 +59,26 @@ public class EngineIntegrationTest { */ @Test public void testScan() throws Exception { + String testClasses = "target/test-classes/*.zip"; + boolean autoUpdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE); + Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); + Engine instance = new Engine(); + Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate); + instance.scan(testClasses); + assertTrue(instance.getDependencies().size() > 0); + for (Dependency d : instance.getDependencies()) { + assertTrue("non-zip file collected " + d.getFileName(), d.getFileName().toLowerCase().endsWith(".zip")); + } + instance.cleanup(); + } + + /** + * Test running the entire engine. + * + * @throws Exception is thrown when an exception occurs. + */ + @Test + public void testEngine() throws Exception { String testClasses = "target/test-classes"; Engine instance = new Engine(); instance.scan(testClasses);