github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-18 17:47:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

added the path to mono as a configurable setting

Browse Source 
Former-commit-id: e0b0e5eed59f36060c4ad57052fe3e610ff2d637
This commit is contained in:
Jeremy Long
2014-03-08 05:42:32 -05:00
parent 25050da2c9
commit 998aedde33
7 changed files with 126 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java
View File

@@ -92,17 +92,17 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
@Parameter(property = "report-name", defaultValue = "dependency-check-report")
private String reportName;
/**
* The path to the verbose log
* The path to the verbose log.
*/
@Parameter(property = "logfile", defaultValue = "")
private String logFile;
/**
* The name of the report to be displayed in the Maven Generated Reports page
* The name of the report to be displayed in the Maven Generated Reports page.
*/
@Parameter(property = "name", defaultValue = "Dependency-Check")
private String name;
/**
* The description of the Dependency-Check report to be displayed in the Maven Generated Reports page
* The description of the Dependency-Check report to be displayed in the Maven Generated Reports page.
*/
@Parameter(property = "description", defaultValue = "A report providing details on any published "
+ "vulnerabilities within project dependencies. This report is a best effort but may contain "
@@ -117,6 +117,7 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
* Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11
* which means since the CVSS scores are 0-10, by default the build will never fail.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "failBuildOnCVSS", defaultValue = "11", required = true)
private float failBuildOnCVSS = 11;
/**
@@ -128,7 +129,7 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
* Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to
* false. Default is true.
*/
@SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"})
@SuppressWarnings("CanBeFinal")
@Parameter(property = "autoupdate", defaultValue = "true", required = true)
private boolean autoUpdate = true;
/**
@@ -240,18 +241,21 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
@Parameter(property = "zipExtensions", required = false)
private String zipExtensions;
/**
* Skip Analisys for Test Scope Dependencies
* Skip Analisys for Test Scope Dependencies.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "skipTestScope", defaultValue = "true", required = false)
private boolean skipTestScope = true;
/**
* Skip Analisys for Runtime Scope Dependencies
* Skip Analisys for Runtime Scope Dependencies.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "skipRuntimeScope", defaultValue = "false", required = false)
private boolean skipRuntimeScope = false;
/**
* Skip Analisys for Provided Scope Dependencies
* Skip Analisys for Provided Scope Dependencies.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "skipProvidedScope", defaultValue = "false", required = false)
private boolean skipProvidedScope = false;
/**
@@ -260,26 +264,32 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
@Parameter(property = "dataDirectory", defaultValue = "", required = false)
private String dataDirectory;
/**
* Data Mirror URL for CVE 1.2
* Data Mirror URL for CVE 1.2.
*/
@Parameter(property = "cveUrl12Modified", defaultValue = "", required = false)
private String cveUrl12Modified;
/**
* Data Mirror URL for CVE 2.0
* Data Mirror URL for CVE 2.0.
*/
@Parameter(property = "cveUrl20Modified", defaultValue = "", required = false)
private String cveUrl20Modified;
/**
* Base Data Mirror URL for CVE 1.2
* Base Data Mirror URL for CVE 1.2.
*/
@Parameter(property = "cveUrl12Base", defaultValue = "", required = false)
private String cveUrl12Base;
/**
* Data Mirror URL for CVE 2.0
* Data Mirror URL for CVE 2.0.
*/
@Parameter(property = "cveUrl20Base", defaultValue = "", required = false)
private String cveUrl20Base;
/**
* The path to mono for .NET Assembly analysis on non-windows systems.
*/
@Parameter(property = "pathToMono", defaultValue = "", required = false)
private String pathToMono;
// </editor-fold>
/**
* Executes the Dependency-Check on the dependent libraries.
@@ -800,6 +810,9 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
if (cveUrl20Base != null && !cveUrl20Base.isEmpty()) {
Settings.setString(Settings.KEYS.CVE_SCHEMA_2_0, cveUrl20Base);
}
if (pathToMono != null && !pathToMono.isEmpty()) {
Settings.setString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, pathToMono);
}
}
/**

47
dependency-check-maven/src/site/markdown/configuration.md
View File

@@ -8,27 +8,28 @@ autoUpdate | Sets whether auto-updating of the NVD CVE/CPE data is ena
externalReport | When using as a Site plugin this parameter sets whether or not the external report format should be used. | false
failBuildOnCVSS | Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11 which means since the CVSS scores are 0-10, by default the build will never fail. | 11
format | The report format to be generated (HTML, XML, VULN, ALL). This configuration option has no affect if using this within the Site plugin unless the externalReport is set to true. | HTML
logFile | The file path to write verbose logging information. |
suppressionFile | The file path to the XML suppression file \- used to suppress [false positives](../suppression.html) |
connectionTimeout | The Connection Timeout. |
proxyUrl | The Proxy URL. |
proxyPort | The Proxy Port. |
proxyUsername | Defines the proxy user name. |
proxyPassword | Defines the proxy password. |
nexusAnalyzerEnabled | Sets whether Nexus Analyzer will be used. |
nexusUrl | Defines the Nexus URL. |
logFile | The file path to write verbose logging information. | &nbsp;
suppressionFile | The file path to the XML suppression file \- used to suppress [false positives](../suppression.html) | &nbsp;
connectionTimeout | The Connection Timeout. | &nbsp;
proxyUrl | The Proxy URL. | &nbsp;
proxyPort | The Proxy Port. | &nbsp;
proxyUsername | Defines the proxy user name. | &nbsp;
proxyPassword | Defines the proxy password. | &nbsp;
nexusAnalyzerEnabled | Sets whether Nexus Analyzer will be used. | &nbsp;
nexusUrl | Defines the Nexus URL. | &nbsp;
nexusUsesProxy | Whether or not the defined proxy should be used when connecting to Nexus. | true
databaseDriverName | The name of the database driver. Example: org.h2.Driver. |
databaseDriverPath | The path to the database driver JAR file; only used if the driver is not in the class path. |
connectionString | The connection string used to connect to the database. |
databaseUser | The username used when connecting to the database. |
databasePassword | The password used when connecting to the database. |
zipExtensions | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. |
skipTestScope | Should be skip analysis for artifacts with Test Scope | true
skipProvidedScope | Should be skip analysis for artifacts with Provided Scope | false
skipRuntimeScope | Should be skip analysis for artifacts with Runtime Scope | false
dataDirectory | Data directory to hold SQL CVEs contents. This should generally not be changed. |
cveUrl12Modified | URL for the modified CVE 1.2 | http://nvd.nist.gov/download/nvdcve-modified.xml
cveUrl20Modified | URL for the modified CVE 2.0 | http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml
cveUrl12Base | Base URL for each year's CVE 1.2, the %d will be replaced with the year | http://nvd.nist.gov/download/nvdcve-%d.xml
cveUrl20Base | Base URL for each year's CVE 2.0, the %d will be replaced with the year | http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml
databaseDriverName | The name of the database driver. Example: org.h2.Driver. | &nbsp;
databaseDriverPath | The path to the database driver JAR file; only used if the driver is not in the class path. | &nbsp;
connectionString | The connection string used to connect to the database. | &nbsp;
databaseUser | The username used when connecting to the database. | &nbsp;
databasePassword | The password used when connecting to the database. | &nbsp;
zipExtensions | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. | &nbsp;
skipTestScope | Should be skip analysis for artifacts with Test Scope | true
skipProvidedScope | Should be skip analysis for artifacts with Provided Scope | false
skipRuntimeScope | Should be skip analysis for artifacts with Runtime Scope | false
dataDirectory | Data directory to hold SQL CVEs contents. This should generally not be changed. | &nbsp;
cveUrl12Modified | URL for the modified CVE 1.2 | http://nvd.nist.gov/download/nvdcve-modified.xml
cveUrl20Modified | URL for the modified CVE 2.0 | http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml
cveUrl12Base | Base URL for each year's CVE 1.2, the %d will be replaced with the year | http://nvd.nist.gov/download/nvdcve-%d.xml
cveUrl20Base | Base URL for each year's CVE 2.0, the %d will be replaced with the year | http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml
pathToMono | The path to Mono for .NET assembly analysis on non-windows systems | &nbsp;