From a0437bf933c33358ea2aa53efda8a4a305a92edb Mon Sep 17 00:00:00 2001 From: Dale Visser Date: Sun, 30 Aug 2015 15:07:21 -0400 Subject: [PATCH] Ruby bunder: Code needed to disable the analyzer in the CLI if desired. --- .../main/java/org/owasp/dependencycheck/App.java | 2 ++ .../org/owasp/dependencycheck/CliParser.java | 16 ++++++++++++++++ .../src/site/markdown/arguments.md | 2 +- .../analyzer/RubyBundleAuditAnalyzer.java | 2 +- .../owasp/dependencycheck/utils/Settings.java | 4 ++++ 5 files changed, 24 insertions(+), 2 deletions(-) diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java index 4a1d1084a..274f2fb55 100644 --- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java +++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java @@ -252,6 +252,7 @@ public class App { final boolean cMakeDisabled = cli.isCmakeDisabled(); final boolean pyPkgDisabled = cli.isPythonPackageDisabled(); final boolean autoconfDisabled = cli.isAutoconfDisabled(); + final boolean bundleAuditDisabled = cli.isBundleAuditDisabled(); final boolean assemblyDisabled = cli.isAssemblyDisabled(); final boolean nuspecDisabled = cli.isNuspecDisabled(); final boolean centralDisabled = cli.isCentralDisabled(); @@ -325,6 +326,7 @@ public class App { Settings.setBoolean(Settings.KEYS.ANALYZER_CMAKE_ENABLED, !cMakeDisabled); Settings.setBoolean(Settings.KEYS.ANALYZER_NUSPEC_ENABLED, !nuspecDisabled); Settings.setBoolean(Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED, !assemblyDisabled); + Settings.setBoolean(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_ENABLED, !bundleAuditDisabled); Settings.setBoolean(Settings.KEYS.ANALYZER_OPENSSL_ENABLED, !cli.isOpenSSLDisabled()); Settings.setBoolean(Settings.KEYS.ANALYZER_NODE_PACKAGE_ENABLED, !cli.isNodeJsDisabled()); Settings.setBoolean(Settings.KEYS.ANALYZER_RUBY_GEMSPEC_ENABLED, !cli.isRubyGemspecDisabled()); diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java index 2cd4cb00b..18d7454e8 100644 --- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java +++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java @@ -417,6 +417,8 @@ public final class CliParser { .addOption(disableJarAnalyzer) .addOption(disableArchiveAnalyzer) .addOption(disableAssemblyAnalyzer) + .addOption(OptionBuilder.withLongOpt(ARGUMENT.DISABLE_BUNDLE_AUDIT) + .withDescription("Disable the Ruby Bundler Audit Analyzer.").create()) .addOption(disablePythonDistributionAnalyzer) .addOption(disableCmakeAnalyzer) .addOption(disablePythonPackageAnalyzer) @@ -534,6 +536,16 @@ public final class CliParser { return (line != null) && line.hasOption(ARGUMENT.DISABLE_ASSEMBLY); } + /** + * Returns true if the disableBundleAudit command line argument was specified. + * + * @return true if the disableBundleAudit command line argument was specified; otherwise false + */ + public boolean isBundleAuditDisabled() { + return (line != null) && line.hasOption(ARGUMENT.DISABLE_BUNDLE_AUDIT); + } + + /** * Returns true if the disablePyDist command line argument was specified. * @@ -1129,6 +1141,10 @@ public final class CliParser { * Disables the Assembly Analyzer. */ public static final String DISABLE_ASSEMBLY = "disableAssembly"; + /** + * Disables the Ruby Bundler Audit Analyzer. + */ + public static final String DISABLE_BUNDLE_AUDIT = "disableBundleAudit"; /** * Disables the Nuspec Analyzer. */ diff --git a/dependency-check-cli/src/site/markdown/arguments.md b/dependency-check-cli/src/site/markdown/arguments.md index f3193b41a..0953f85f3 100644 --- a/dependency-check-cli/src/site/markdown/arguments.md +++ b/dependency-check-cli/src/site/markdown/arguments.md @@ -32,7 +32,7 @@ Short | Argument Name        | Paramete | \-\-disablePyPkg | | Sets whether the Python Package Analyzer will be used. | false | \-\-disableNodeJS | | Sets whehter the Node.js Package Analyzer will be used. | false | \-\-disableRubygems | | Sets whether the Ruby Gemspec Analyzer will be used. | false - | \-\-disableBundlerAudit | | Sets whether the Ruby Bundler Audit Analyzer will be used. | false + | \-\-disableBundleAudit | | Sets whether the Ruby Bundler Audit Analyzer will be used. | false | \-\-disableAutoconf | | Sets whether the Autoconf Analyzer will be used. | false | \-\-disableOpenSSL | | Sets whether the OpenSSL Analyzer will be used. | false | \-\-disableCmake | | Sets whether the Cmake Analyzer will be used. | false diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java index a21ce3b32..217de39b7 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java @@ -162,7 +162,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer { */ @Override protected String getAnalyzerEnabledSettingKey() { - return Settings.KEYS.ANALYZER_RUBY_GEMSPEC_ENABLED; + return Settings.KEYS.ANALYZER_BUNDLE_AUDIT_ENABLED; } @Override diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java index 94600032e..63c5a0b19 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -206,6 +206,10 @@ public final class Settings { * The properties key for whether the CMake analyzer is enabled. */ public static final String ANALYZER_CMAKE_ENABLED = "analyzer.cmake.enabled"; + /** + * The properties key for whether the Ruby Bundler Audit analyzer is enabled. + */ + public static final String ANALYZER_BUNDLE_AUDIT_ENABLED = "analyzer.bundle.audit.enabled"; /** * The properties key for whether the .NET Assembly analyzer is enabled. */