From 94ae6e76f15976de2ba50ed03e031639942eff95 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Fri, 24 Jul 2015 05:50:55 -0400 Subject: [PATCH] manually merged PR #282 Former-commit-id: cf2ae5572602f7258b4c617097ab003fe3f644c6 --- dependency-check-gradle/build.gradle | 6 +- .../plugin/DependencyCheckGradlePlugin.groovy | 17 +++- .../security/tasks/DependencyCheckTask.groovy | 42 ++++++--- .../DependencyCheckGradlePluginSpec.groovy | 91 +++++++++++++++++++ 4 files changed, 141 insertions(+), 15 deletions(-) create mode 100644 dependency-check-gradle/src/test/groovy/com/tools/security/plugin/DependencyCheckGradlePluginSpec.groovy diff --git a/dependency-check-gradle/build.gradle b/dependency-check-gradle/build.gradle index 479dbdcec..f15527be4 100644 --- a/dependency-check-gradle/build.gradle +++ b/dependency-check-gradle/build.gradle @@ -49,6 +49,10 @@ dependencies { 'org.owasp:dependency-check-core:1.2.11', 'org.owasp:dependency-check-utils:1.2.11' ) + + testCompile ('com.netflix.nebula:nebula-test:2.2.+'){ + exclude group: 'org.codehaus.groovy' + } } group = 'com.thoughtworks.tools' @@ -57,4 +61,4 @@ version = '0.0.5' apply from: 'conf/publish/local.gradle' //apply from: 'conf/publish/maven.gradle' apply from: 'conf/publish/gradlePluginsPortal.gradle' -apply from: 'conf/publish/bintray.gradle' // according to the documentation of plugindev, this line has to be placed and the very end of the build file \ No newline at end of file +//apply from: 'conf/publish/bintray.gradle' // according to the documentation of plugindev, this line has to be placed and the very end of the build file diff --git a/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy b/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy index f4db1773a..937226401 100644 --- a/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy +++ b/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy @@ -24,6 +24,7 @@ import org.gradle.api.Plugin import org.gradle.api.Project class DependencyCheckGradlePlugin implements Plugin { + static final String EXTENSION_NAME = 'dependencyCheck' @Override void apply(Project project) { @@ -32,10 +33,22 @@ class DependencyCheckGradlePlugin implements Plugin { } def initializeConfigurations(Project project) { - project.extensions.create("dependencyCheck", DependencyCheckConfigurationExtension) + project.extensions.create(EXTENSION_NAME, DependencyCheckConfigurationExtension) } def registerTasks(Project project) { - project.tasks.create("dependencyCheck", DependencyCheckTask) + project.task('dependencyCheck', type: DependencyCheckTask) { + def extension = project.extensions.findByName(EXTENSION_NAME) + conventionMapping.proxyServer = { extension.proxyServer } + conventionMapping.proxyPort = { extension.proxyPort } + conventionMapping.proxyUsername = { extension.proxyUsername } + conventionMapping.proxyPassword = { extension.proxyPassword } + conventionMapping.cveUrl12Modified = { extension.cveUrl12Modified } + conventionMapping.cveUrl20Modified = { extension.cveUrl20Modified } + conventionMapping.cveStartYear = { extension.cveStartYear } + conventionMapping.cveUrl12Base = { extension.cveUrl12Base } + conventionMapping.cveUrl20Base = { extension.cveUrl20Base } + conventionMapping.outputDirectory = { extension.outputDirectory } + } } } \ No newline at end of file diff --git a/dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy b/dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy index 7752dd767..c18cf8c7e 100644 --- a/dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy +++ b/dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy @@ -34,6 +34,24 @@ class DependencyCheckTask extends DefaultTask { def currentProjectName = project.getName() + String proxyServer + Integer proxyPort + String proxyUsername = "" + String proxyPassword = "" + + String cveUrl12Modified = "https://nvd.nist.gov/download/nvdcve-Modified.xml.gz" + String cveUrl20Modified = "https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz" + Integer cveStartYear = 2002 + String cveUrl12Base = "https://nvd.nist.gov/download/nvdcve-%d.xml.gz" + String cveUrl20Base = "https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml.gz" + + String outputDirectory = "./reports" + + DependencyCheckTask() { + group = 'Dependency Check' + description = 'Produce dependency security report.' + } + @TaskAction def check() { initializeSettings() @@ -82,22 +100,22 @@ class DependencyCheckTask extends DefaultTask { } def generateReportDirectory(String currentProjectName) { - "${project.dependencyCheck.outputDirectory}/${currentProjectName}" + "${outputDirectory}/${currentProjectName}" } def overrideProxySetting() { if (isProxySettingExist()) { - logger.lifecycle("Using proxy ${project.dependencyCheck.proxyServer}:${project.dependencyCheck.proxyPort}") + logger.lifecycle("Using proxy ${getProxyServer()}:${getProxyPort()}") - setString(Settings.KEYS.PROXY_SERVER, project.dependencyCheck.proxyServer) - setString(Settings.KEYS.PROXY_PORT, "${project.dependencyCheck.proxyPort}") - setString(Settings.KEYS.PROXY_USERNAME, project.dependencyCheck.proxyUsername) - setString(Settings.KEYS.PROXY_PASSWORD, project.dependencyCheck.proxyPassword) + setString(Settings.KEYS.PROXY_SERVER, getProxyServer()) + setString(Settings.KEYS.PROXY_PORT, "${getProxyPort()}") + setString(Settings.KEYS.PROXY_USERNAME, getProxyUsername()) + setString(Settings.KEYS.PROXY_PASSWORD, getProxyPassword()) } } def isProxySettingExist() { - project.dependencyCheck.proxyServer != null && project.dependencyCheck.proxyPort != null + getProxyServer() != null && getProxyPort() != null } def getAllDependencies(project) { @@ -109,10 +127,10 @@ class DependencyCheckTask extends DefaultTask { } def overrideCveUrlSetting() { - setString(Settings.KEYS.CVE_MODIFIED_20_URL, project.dependencyCheck.cveUrl20Modified) - setString(Settings.KEYS.CVE_MODIFIED_12_URL, project.dependencyCheck.cveUrl12Modified) - setString(Settings.KEYS.CVE_START_YEAR, "${project.dependencyCheck.cveStartYear}") - setString(Settings.KEYS.CVE_SCHEMA_2_0, project.dependencyCheck.cveUrl20Base) - setString(Settings.KEYS.CVE_SCHEMA_1_2, project.dependencyCheck.cveUrl12Base) + setString(Settings.KEYS.CVE_MODIFIED_20_URL, getCveUrl20Modified()) + setString(Settings.KEYS.CVE_MODIFIED_12_URL, getCveUrl12Modified()) + setString(Settings.KEYS.CVE_START_YEAR, "${getCveStartYear()}") + setString(Settings.KEYS.CVE_SCHEMA_2_0, getCveUrl20Base()) + setString(Settings.KEYS.CVE_SCHEMA_1_2, getCveUrl12Base()) } } diff --git a/dependency-check-gradle/src/test/groovy/com/tools/security/plugin/DependencyCheckGradlePluginSpec.groovy b/dependency-check-gradle/src/test/groovy/com/tools/security/plugin/DependencyCheckGradlePluginSpec.groovy new file mode 100644 index 000000000..892285197 --- /dev/null +++ b/dependency-check-gradle/src/test/groovy/com/tools/security/plugin/DependencyCheckGradlePluginSpec.groovy @@ -0,0 +1,91 @@ +/* + * This file is part of dependency-check-gradle. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright (c) 2015 Sion Williams. All Rights Reserved. + */ + +package com.tools.security.plugin + +import nebula.test.PluginProjectSpec +import org.gradle.api.Task + +class DependencyCheckGradlePluginSpec extends PluginProjectSpec { + static final String PLUGIN_ID = 'dependency-check' + + @Override + String getPluginName() { + return PLUGIN_ID + } + + def setup() { + project.apply plugin: pluginName + } + + def 'apply creates dependencyCheck extension'() { + expect: project.extensions.findByName( 'dependencyCheck' ) + } + + def "apply creates dependencyCheck task"() { + expect: project.tasks.findByName( 'dependencyCheck' ) + } + + def 'dependencyCheck task has correct default values'() { + setup: + Task task = project.tasks.findByName( 'dependencyCheck' ) + + expect: + task.group == 'Dependency Check' + task.description == 'Produce dependency security report.' + task.proxyServer == null + task.proxyPort == null + task.proxyUsername == '' + task.proxyPassword == '' + task.cveUrl12Modified == 'https://nvd.nist.gov/download/nvdcve-Modified.xml.gz' + task.cveUrl20Modified == 'https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz' + task.cveStartYear == 2002 + task.cveUrl12Base == 'https://nvd.nist.gov/download/nvdcve-%d.xml.gz' + task.cveUrl20Base == 'https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml.gz' + task.outputDirectory == './reports' + } + + def 'tasks use correct values when extension is used'() { + when: + project.dependencyCheck { + proxyServer = '127.0.0.1' + proxyPort = 3128 + proxyUsername = 'proxyUsername' + proxyPassword = 'proxyPassword' + cveUrl12Modified = 'cveUrl12Modified' + cveUrl20Modified = 'cveUrl20Modified' + cveStartYear = 2002 + cveUrl12Base = 'cveUrl12Base' + cveUrl20Base = 'cveUrl20Base' + outputDirectory = 'outputDirectory' + } + + then: + Task task = project.tasks.findByName( 'dependencyCheck' ) + task.proxyServer == '127.0.0.1' + task.proxyPort == 3128 + task.proxyUsername == 'proxyUsername' + task.proxyPassword == 'proxyPassword' + task.cveUrl12Modified == 'cveUrl12Modified' + task.cveUrl20Modified == 'cveUrl20Modified' + task.cveStartYear == 2002 + task.cveUrl12Base == 'cveUrl12Base' + task.cveUrl20Base == 'cveUrl20Base' + task.outputDirectory == 'outputDirectory' + } +}