added the path to mono as a configurable setting

Former-commit-id: e0b0e5eed59f36060c4ad57052fe3e610ff2d637
2026-03-20 16:24:11 +01:00 · 2014-03-08 05:42:32 -05:00
parent 25050da2c9
commit 998aedde33
7 changed files with 126 additions and 59 deletions
--- a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java
+++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java
@@ -753,6 +753,28 @@ public class DependencyCheckTask extends Task {
    public void setCveUrl20Base(String cveUrl20Base) {
        this.cveUrl20Base = cveUrl20Base;
    }
    /**
     * The path to Mono for .NET assembly analysis on non-windows systems.
     */
    private String pathToMono;
    /**
     * Get the value of pathToMono.
     *
     * @return the value of pathToMono
     */
    public String getPathToMono() {
        return pathToMono;
    }
    /**
     * Set the value of pathToMono.
     *
     * @param pathToMono new value of pathToMono
     */
    public void setPathToMono(String pathToMono) {
        this.pathToMono = pathToMono;
    }
    @Override
    public void execute() throws BuildException {
@@ -920,6 +942,9 @@ public class DependencyCheckTask extends Task {
        if (cveUrl20Base != null && !cveUrl20Base.isEmpty()) {
            Settings.setString(Settings.KEYS.CVE_SCHEMA_2_0, cveUrl20Base);
        }
        if (pathToMono != null && !pathToMono.isEmpty()) {
            Settings.setString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, pathToMono);
        }
    }
    /**
--- a/dependency-check-ant/src/site/markdown/configuration.md
+++ b/dependency-check-ant/src/site/markdown/configuration.md
@@ -48,3 +48,4 @@ cveUrl12Modified      | URL for the modified CVE 1.2 | Optional | http://nvd.nis
 cveUrl20Modified      | URL for the modified CVE 2.0 | Optional | http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml
 cveUrl12Base          | Base URL for each year's CVE 1.2, the %d will be replaced with the year | Optional | http://nvd.nist.gov/download/nvdcve-%d.xml
 cveUrl20Base          | Base URL for each year's CVE 2.0, the %d will be replaced with the year | Optional | http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml
 pathToMono            | The path to Mono for .NET assembly analysis on non-windows systems | Optional | &nbsp;
--- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
+++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
@@ -167,6 +167,7 @@ public class App {
        final String databaseUser = cli.getDatabaseUser();
        final String databasePassword = cli.getDatabasePassword();
        final String additionalZipExtensions = cli.getAdditionalZipExtensions();
        final String pathToMono = cli.getPathToMono();
        if (propertiesFile != null) {
            try {
@@ -235,5 +236,8 @@ public class App {
        if (additionalZipExtensions != null && !additionalZipExtensions.isEmpty()) {
            Settings.setString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, additionalZipExtensions);
        }
        if (pathToMono != null && !pathToMono.isEmpty()) {
            Settings.setString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, pathToMono);
        }
    }
 }
--- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java
+++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java
@@ -196,24 +196,6 @@ public final class CliParser {
                .withDescription("The file path to the suppression XML file.")
                .create();
        final Option disableNexusAnalyzer = OptionBuilder.withLongOpt(ArgumentName.DISABLE_NEXUS)
                .withDescription("Disable the Nexus Analyzer.")
                .create();
        final Option nexusUrl = OptionBuilder.withArgName("url").hasArg().withLongOpt(ArgumentName.NEXUS_URL)
                .withDescription("The url to the Nexus Server.")
                .create();
        final Option nexusUsesProxy = OptionBuilder.withArgName("true/false").hasArg().withLongOpt(ArgumentName.NEXUS_USES_PROXY)
                .withDescription("Whether or not the configured proxy should be used when connecting to Nexus.")
                .create();
        final Option additionalZipExtensions = OptionBuilder.withArgName("extensions").hasArg()
                .withLongOpt(ArgumentName.ADDITIONAL_ZIP_EXTENSIONS)
                .withDescription("A comma seperated list of additional extensions to be scanned as ZIP files "
                        + "(ZIP, EAR, WAR are already treated as zip files)")
                .create();
        //This is an option group because it can be specified more then once.
        final OptionGroup og = new OptionGroup();
        og.addOption(path);
@@ -228,11 +210,7 @@ public final class CliParser {
                .addOption(noUpdate)
                .addOption(props)
                .addOption(verboseLog)
-                .addOption(suppressionFile)
+                .addOption(suppressionFile);
                .addOption(disableNexusAnalyzer)
                .addOption(nexusUrl)
                .addOption(nexusUsesProxy)
                .addOption(additionalZipExtensions);
    }
    /**
@@ -272,19 +250,45 @@ public final class CliParser {
        final Option connectionString = OptionBuilder.withArgName("connStr").hasArg().withLongOpt(ArgumentName.CONNECTION_STRING)
                .withDescription("The connection string to the database.")
                .create();
        final Option dbUser = OptionBuilder.withArgName("user").hasArg().withLongOpt(ArgumentName.DB_NAME)
                .withDescription("The username used to connect to the database.")
                .create();
        final Option dbPassword = OptionBuilder.withArgName("password").hasArg().withLongOpt(ArgumentName.DB_PASSWORD)
                .withDescription("The password for connecting to the database.")
                .create();
        final Option dbDriver = OptionBuilder.withArgName("driver").hasArg().withLongOpt(ArgumentName.DB_DRIVER)
                .withDescription("The database driver name.")
                .create();
        final Option dbDriverPath = OptionBuilder.withArgName("path").hasArg().withLongOpt(ArgumentName.DB_DRIVER_PATH)
                .withDescription("The path to the database driver; note, this does not need to be set unless the JAR is outside of the classpath.")
                .create();
        final Option disableNexusAnalyzer = OptionBuilder.withLongOpt(ArgumentName.DISABLE_NEXUS)
                .withDescription("Disable the Nexus Analyzer.")
                .create();
        final Option nexusUrl = OptionBuilder.withArgName("url").hasArg().withLongOpt(ArgumentName.NEXUS_URL)
                .withDescription("The url to the Nexus Server.")
                .create();
        final Option nexusUsesProxy = OptionBuilder.withArgName("true/false").hasArg().withLongOpt(ArgumentName.NEXUS_USES_PROXY)
                .withDescription("Whether or not the configured proxy should be used when connecting to Nexus.")
                .create();
        final Option additionalZipExtensions = OptionBuilder.withArgName("extensions").hasArg()
                .withLongOpt(ArgumentName.ADDITIONAL_ZIP_EXTENSIONS)
                .withDescription("A comma seperated list of additional extensions to be scanned as ZIP files "
                        + "(ZIP, EAR, WAR are already treated as zip files)")
                .create();
        final Option pathToMono = OptionBuilder.withArgName("path").hasArg().withLongOpt(ArgumentName.PATH_TO_MONO)
                .withDescription("The path to Mono for .NET Assembly analysis on non-windows systems.")
                .create();
        options.addOption(proxyPort)
                .addOption(proxyUrl)
                .addOption(proxyUsername)
@@ -295,7 +299,12 @@ public final class CliParser {
                .addOption(data)
                .addOption(dbPassword)
                .addOption(dbDriver)
-                .addOption(dbDriverPath);
+                .addOption(dbDriverPath)
                .addOption(disableNexusAnalyzer)
                .addOption(nexusUrl)
                .addOption(nexusUsesProxy)
                .addOption(additionalZipExtensions)
                .addOption(pathToMono);
    }
    /**
@@ -403,6 +412,15 @@ public final class CliParser {
        return line.getOptionValue(ArgumentName.OUT, ".");
    }
    /**
     * Returns the path to Mono for .NET Assembly analysis on non-windows systems.
     *
     * @return the path to Mono
     */
    public String getPathToMono() {
        return line.getOptionValue(ArgumentName.PATH_TO_MONO);
    }
    /**
     * Returns the output format specified on the command line. Defaults to HTML if no format was specified.
     *
@@ -740,6 +758,10 @@ public final class CliParser {
         * The CLI argument name for setting the path to the database driver; in case it is not on the class path.
         */
        public static final String DB_DRIVER_PATH = "dbDriverPath";
        /**
         * The CLI argument name for setting the path to mono for .NET Assembly analysis on non-windows systems.
         */
        public static final String PATH_TO_MONO = "mono";
        /**
         * The CLI argument name for setting extra extensions.
         */
--- a/dependency-check-cli/src/site/markdown/arguments.md
+++ b/dependency-check-cli/src/site/markdown/arguments.md
@@ -30,3 +30,4 @@ Short  | Argument Name         | Parameter       | Description | Requirement
       | \-\-nexus             | \<url\>         | The url to the Nexus Server. | Optional
       | \-\-nexusUsesProxy    | \<true\|false\> | Whether or not the defined proxy should be used when connecting to Nexus. | Optional
       | \-\-zipExtensions     | \<strings\>     | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. | Optional
       | \-\-pathToMono        | \<path\>        | The path to Mono for .NET Assembly analysis on non-windows systems. | Optional
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java
@@ -92,17 +92,17 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
    @Parameter(property = "report-name", defaultValue = "dependency-check-report")
    private String reportName;
    /**
-     * The path to the verbose log
+     * The path to the verbose log.
     */
    @Parameter(property = "logfile", defaultValue = "")
    private String logFile;
    /**
-     * The name of the report to be displayed in the Maven Generated Reports page
+     * The name of the report to be displayed in the Maven Generated Reports page.
     */
    @Parameter(property = "name", defaultValue = "Dependency-Check")
    private String name;
    /**
-     * The description of the Dependency-Check report to be displayed in the Maven Generated Reports page
+     * The description of the Dependency-Check report to be displayed in the Maven Generated Reports page.
     */
    @Parameter(property = "description", defaultValue = "A report providing details on any published "
            + "vulnerabilities within project dependencies. This report is a best effort but may contain "
@@ -117,6 +117,7 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
     * Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11
     * which means since the CVSS scores are 0-10, by default the build will never fail.
     */
    @SuppressWarnings("CanBeFinal")
    @Parameter(property = "failBuildOnCVSS", defaultValue = "11", required = true)
    private float failBuildOnCVSS = 11;
    /**
@@ -128,7 +129,7 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
     * Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to
     * false. Default is true.
     */
-    @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"})
+    @SuppressWarnings("CanBeFinal")
    @Parameter(property = "autoupdate", defaultValue = "true", required = true)
    private boolean autoUpdate = true;
    /**
@@ -240,18 +241,21 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
    @Parameter(property = "zipExtensions", required = false)
    private String zipExtensions;
    /**
-     * Skip Analisys for Test Scope Dependencies
+     * Skip Analisys for Test Scope Dependencies.
     */
    @SuppressWarnings("CanBeFinal")
    @Parameter(property = "skipTestScope", defaultValue = "true", required = false)
    private boolean skipTestScope = true;
    /**
-     * Skip Analisys for Runtime Scope Dependencies
+     * Skip Analisys for Runtime Scope Dependencies.
     */
    @SuppressWarnings("CanBeFinal")
    @Parameter(property = "skipRuntimeScope", defaultValue = "false", required = false)
    private boolean skipRuntimeScope = false;
    /**
-     * Skip Analisys for Provided Scope Dependencies
+     * Skip Analisys for Provided Scope Dependencies.
     */
    @SuppressWarnings("CanBeFinal")
    @Parameter(property = "skipProvidedScope", defaultValue = "false", required = false)
    private boolean skipProvidedScope = false;
    /**
@@ -260,26 +264,32 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
    @Parameter(property = "dataDirectory", defaultValue = "", required = false)
    private String dataDirectory;
    /**
-     * Data Mirror URL for CVE 1.2
+     * Data Mirror URL for CVE 1.2.
     */
    @Parameter(property = "cveUrl12Modified", defaultValue = "", required = false)
    private String cveUrl12Modified;
    /**
-     * Data Mirror URL for CVE 2.0
+     * Data Mirror URL for CVE 2.0.
     */
    @Parameter(property = "cveUrl20Modified", defaultValue = "", required = false)
    private String cveUrl20Modified;
    /**
-     * Base Data Mirror URL for CVE 1.2
+     * Base Data Mirror URL for CVE 1.2.
     */
    @Parameter(property = "cveUrl12Base", defaultValue = "", required = false)
    private String cveUrl12Base;
    /**
-     * Data Mirror URL for CVE 2.0
+     * Data Mirror URL for CVE 2.0.
     */
    @Parameter(property = "cveUrl20Base", defaultValue = "", required = false)
    private String cveUrl20Base;
    /**
     * The path to mono for .NET Assembly analysis on non-windows systems.
     */
    @Parameter(property = "pathToMono", defaultValue = "", required = false)
    private String pathToMono;
    // </editor-fold>
    /**
     * Executes the Dependency-Check on the dependent libraries.
@@ -800,6 +810,9 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
        if (cveUrl20Base != null && !cveUrl20Base.isEmpty()) {
            Settings.setString(Settings.KEYS.CVE_SCHEMA_2_0, cveUrl20Base);
        }
        if (pathToMono != null && !pathToMono.isEmpty()) {
            Settings.setString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, pathToMono);
        }
    }
    /**
--- a/dependency-check-maven/src/site/markdown/configuration.md
+++ b/dependency-check-maven/src/site/markdown/configuration.md
@@ -8,27 +8,28 @@ autoUpdate           | Sets whether auto-updating of the NVD CVE/CPE data is ena
 externalReport       | When using as a Site plugin this parameter sets whether or not the external report format should be used. | false
 failBuildOnCVSS      | Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11 which means since the CVSS scores are 0-10, by default the build will never fail.         | 11
 format               | The report format to be generated (HTML, XML, VULN, ALL). This configuration option has no affect if using this within the Site plugin unless the externalReport is set to true. | HTML
-logFile              | The file path to write verbose logging information. |
+logFile              | The file path to write verbose logging information. | &nbsp;
-suppressionFile      | The file path to the XML suppression file \- used to suppress [false positives](../suppression.html) |
+suppressionFile      | The file path to the XML suppression file \- used to suppress [false positives](../suppression.html) | &nbsp;
-connectionTimeout    | The Connection Timeout.            |
+connectionTimeout    | The Connection Timeout.            | &nbsp;
-proxyUrl             | The Proxy URL.                     |
+proxyUrl             | The Proxy URL.                     | &nbsp;
-proxyPort            | The Proxy Port.                    |
+proxyPort            | The Proxy Port.                    | &nbsp;
-proxyUsername        | Defines the proxy user name.       |
+proxyUsername        | Defines the proxy user name.       | &nbsp;
-proxyPassword        | Defines the proxy password.        |
+proxyPassword        | Defines the proxy password.        | &nbsp;
-nexusAnalyzerEnabled | Sets whether Nexus Analyzer will be used. |
+nexusAnalyzerEnabled | Sets whether Nexus Analyzer will be used. | &nbsp;
-nexusUrl             | Defines the Nexus URL. |
+nexusUrl             | Defines the Nexus URL. | &nbsp;
 nexusUsesProxy       | Whether or not the defined proxy should be used when connecting to Nexus. | true
-databaseDriverName   | The name of the database driver. Example: org.h2.Driver. |
+databaseDriverName   | The name of the database driver. Example: org.h2.Driver. | &nbsp;
-databaseDriverPath   | The path to the database driver JAR file; only used if the driver is not in the class path. |
+databaseDriverPath   | The path to the database driver JAR file; only used if the driver is not in the class path. | &nbsp;
-connectionString     | The connection string used to connect to the database. |
+connectionString     | The connection string used to connect to the database. | &nbsp;
-databaseUser         | The username used when connecting to the database. |
+databaseUser         | The username used when connecting to the database. | &nbsp;
-databasePassword     | The password used when connecting to the database. |
+databasePassword     | The password used when connecting to the database. | &nbsp;
-zipExtensions        | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. |
+zipExtensions        | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. | &nbsp;
 skipTestScope        | Should be skip analysis for artifacts with Test Scope | true
 skipProvidedScope    | Should be skip analysis for artifacts with Provided Scope | false
 skipRuntimeScope     | Should be skip analysis for artifacts with Runtime Scope | false
-dataDirectory | Data directory to hold SQL CVEs contents. This should generally not be changed. |
+dataDirectory        | Data directory to hold SQL CVEs contents. This should generally not be changed. | &nbsp;
 cveUrl12Modified     | URL for the modified CVE 1.2 | http://nvd.nist.gov/download/nvdcve-modified.xml
 cveUrl20Modified     | URL for the modified CVE 2.0 | http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml
 cveUrl12Base         | Base URL for each year's CVE 1.2, the %d will be replaced with the year | http://nvd.nist.gov/download/nvdcve-%d.xml
 cveUrl20Base         | Base URL for each year's CVE 2.0, the %d will be replaced with the year | http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml
 pathToMono           | The path to Mono for .NET assembly analysis on non-windows systems | &nbsp;