diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java index 9c1d905ce..43e0ea230 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java @@ -24,8 +24,9 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** - * An extremely simple wrapper around various escape utils to perform URL and HTML encoding within the reports. This class was - * created to simplify the velocity configuration and avoid using the "built-in" escape tool. + * An extremely simple wrapper around various escape utils to perform URL and + * HTML encoding within the reports. This class was created to simplify the + * velocity configuration and avoid using the "built-in" escape tool. * * @author Jeremy Long */ @@ -82,7 +83,8 @@ public class EscapeTool { } /** - * JSON Encodes the provded text + * JSON Encodes the provided text. + * * @param text the text to encode * @return the JSON encoded text */ diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java index 194c3ceca..da4fa5429 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java @@ -132,18 +132,19 @@ public class ReportGenerator { * Constructs a new ReportGenerator. * * @param applicationName the application name being analyzed - * @param applicationVersion the application version being analyzed - * @param artifactID the application version being analyzed - * @param applicationVersion the application version being analyzed + * @param groupID the group id of the project being analyzed + * @param artifactID the application id of the project being analyzed + * @param version the application version of the project being analyzed * @param dependencies the list of dependencies * @param analyzers the list of analyzers used * @param properties the database properties (containing timestamps of the * NVD CVE data) */ - public ReportGenerator(String applicationName, String applicationVersion, String artifactID, String groupID, List dependencies, List analyzers, DatabaseProperties properties) { + public ReportGenerator(String applicationName, String groupID, String artifactID, String version, + List dependencies, List analyzers, DatabaseProperties properties) { this(applicationName, dependencies, analyzers, properties); - context.put("applicationVersion", applicationVersion); + context.put("applicationVersion", version); context.put("artifactID", artifactID); context.put("groupID", groupID); } @@ -216,6 +217,12 @@ public class ReportGenerator { } } + /** + * Reformats the given JSON file. + * + * @param pathToJson the path to the JSON file to be reformatted + * @throws JsonSyntaxException thrown if the given JSON file is malformed + */ private void pretifyJson(String pathToJson) throws JsonSyntaxException { final String outputPath = pathToJson + ".pretty"; final File in = new File(pathToJson); @@ -248,7 +255,7 @@ public class ReportGenerator { private static void prettyPrint(JsonReader reader, JsonWriter writer) throws IOException { writer.setIndent(" "); while (true) { - JsonToken token = reader.peek(); + final JsonToken token = reader.peek(); switch (token) { case BEGIN_ARRAY: reader.beginArray(); @@ -267,19 +274,19 @@ public class ReportGenerator { writer.endObject(); break; case NAME: - String name = reader.nextName(); + final String name = reader.nextName(); writer.name(name); break; case STRING: - String s = reader.nextString(); + final String s = reader.nextString(); writer.value(s); break; case NUMBER: - String n = reader.nextString(); + final String n = reader.nextString(); writer.value(new BigDecimal(n)); break; case BOOLEAN: - boolean b = reader.nextBoolean(); + final boolean b = reader.nextBoolean(); writer.value(b); break; case NULL: @@ -288,6 +295,9 @@ public class ReportGenerator { break; case END_DOCUMENT: return; + default: + LOGGER.debug("Unexpected JSON toekn {}", token.toString()); + break; } } } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorIT.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorIT.java index 131baf78c..e472c1e63 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorIT.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorIT.java @@ -109,8 +109,8 @@ public class ReportGeneratorIT extends BaseDBTestCase { } /** - * Generates an XML report containing known vulnerabilities and realistic data and validates the generated XML document - * against the XSD. + * Generates an XML report containing known vulnerabilities and realistic + * data and validates the generated XML document against the XSD. * * @throws Exception */ @@ -118,42 +118,43 @@ public class ReportGeneratorIT extends BaseDBTestCase { public void testGenerateXMLReport() { try { String templateName = "XmlReport"; - + File f = new File("target/test-reports"); if (!f.exists()) { f.mkdir(); } String writeTo = "target/test-reports/Report.xml"; File suppressionFile = BaseTest.getResourceAsFile(this, "incorrectSuppressions.xml"); - + Settings.setString(Settings.KEYS.SUPPRESSION_FILE, suppressionFile.getAbsolutePath()); - + //File struts = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); File struts = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar"); //File axis = new File(this.getClass().getClassLoader().getResource("axis2-adb-1.4.1.jar").getPath()); File axis = BaseTest.getResourceAsFile(this, "axis2-adb-1.4.1.jar"); //File jetty = new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath()); File jetty = BaseTest.getResourceAsFile(this, "org.mortbay.jetty.jar"); - + boolean autoUpdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); Engine engine = new Engine(); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate); - + engine.scan(struts); engine.scan(axis); engine.scan(jetty); engine.analyzeDependencies(); - + CveDB cveDB = CveDB.getInstance(); DatabaseProperties dbProp = cveDB.getDatabaseProperties(); - ReportGenerator generator = new ReportGenerator("Test Report","1.4.7","dependency-check-core","org.owasp", engine.getDependencies(), engine.getAnalyzers(), dbProp); + ReportGenerator generator = new ReportGenerator("Test Report", "org.owasp", "dependency-check-core", "1.4.7", + engine.getDependencies(), engine.getAnalyzers(), dbProp); generator.generateReport(templateName, writeTo); cveDB.close(); - + engine.cleanup(); - + InputStream xsdStream = ReportGenerator.class.getClassLoader().getResourceAsStream("schema/dependency-check.1.5.xsd"); StreamSource xsdSource = new StreamSource(xsdStream); StreamSource xmlSource = new StreamSource(new File(writeTo)); diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java index 547f68fb5..1a923a698 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java @@ -117,7 +117,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma * The Maven Session. */ @Parameter(defaultValue = "${session}", readonly = true, required = true) - protected MavenSession session; + private MavenSession session; /** * Remote repositories which will be searched for artifacts. @@ -627,7 +627,8 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma * @return a collection of exceptions that may have occurred while resolving * and scanning the dependencies */ - private ExceptionCollection collectDependencies(Engine engine, MavenProject project, List nodes, ProjectBuildingRequest buildingRequest) { + private ExceptionCollection collectDependencies(Engine engine, MavenProject project, + List nodes, ProjectBuildingRequest buildingRequest) { ExceptionCollection exCol = null; for (DependencyNode dependencyNode : nodes) { exCol = collectDependencies(engine, project, dependencyNode.getChildren(), buildingRequest); @@ -1015,7 +1016,8 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma getLog().debug("Unable to retrieve DB Properties", ex); } } - final ReportGenerator r = new ReportGenerator(p.getName(),p.getVersion(),p.getArtifactId(),p.getGroupId(), engine.getDependencies(), engine.getAnalyzers(), prop); + final ReportGenerator r = new ReportGenerator(p.getName(), p.getGroupId(), p.getArtifactId(), p.getVersion(), + engine.getDependencies(), engine.getAnalyzers(), prop); try { r.generateReports(outputDir.getAbsolutePath(), format); } catch (ReportException ex) {