Merge branch 'upmaster' into ruby-bundler

Conflicts: dependency-check-core/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer
2026-01-17 09:06:55 +01:00 · 2015-08-27 14:05:36 -04:00
parent 271016f0fa acd4b4371d
commit a0492fe944
84 changed files with 4384 additions and 268 deletions
--- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
+++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
@@ -326,6 +326,7 @@ public class App {
        Settings.setBoolean(Settings.KEYS.ANALYZER_NUSPEC_ENABLED, !nuspecDisabled);
        Settings.setBoolean(Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED, !assemblyDisabled);
        Settings.setBoolean(Settings.KEYS.ANALYZER_OPENSSL_ENABLED, !cli.isOpenSSLDisabled());
+        Settings.setBoolean(Settings.KEYS.ANALYZER_NODE_PACKAGE_ENABLED, !cli.isNodeJsDisabled());
        Settings.setBoolean(Settings.KEYS.ANALYZER_RUBY_GEMSPEC_ENABLED, !cli.isRubyGemspecDisabled());

        Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, !centralDisabled);
--- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
+++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
@@ -427,6 +427,8 @@ public final class CliParser {
                .addOption(disableNuspecAnalyzer)
                .addOption(disableCentralAnalyzer)
                .addOption(disableNexusAnalyzer)
+                .addOption(OptionBuilder.withLongOpt(ARGUMENT.DISABLE_NODE_JS)
+                        .withDescription("Disable the Node.js Package Analyzer.").create())
                .addOption(nexusUrl)
                .addOption(nexusUsesProxy)
                .addOption(additionalZipExtensions)
@@ -595,6 +597,15 @@ public final class CliParser {
        return (line != null) && line.hasOption(ARGUMENT.DISABLE_OPENSSL);
    }

+    /**
+     * Returns true if the disableNodeJS command line argument was specified.
+     *
+     * @return true if the disableNodeJS command line argument was specified; otherwise false
+     */
+    public boolean isNodeJsDisabled() {
+        return (line != null) && line.hasOption(ARGUMENT.DISABLE_NODE_JS);
+    }
+
    /**
     * Returns true if the disableCentral command line argument was specified.
     *
@@ -1134,6 +1145,10 @@ public final class CliParser {
         * Disables the OpenSSL Analyzer.
         */
        public static final String DISABLE_OPENSSL = "disableOpenSSL";
+        /**
+         * Disables the Node.js Package Analyzer.
+         */
+        public static final String DISABLE_NODE_JS = "disableNodeJS";
        /**
         * The URL of the nexus server.
         */
--- a/dependency-check-cli/src/site/markdown/arguments.md
+++ b/dependency-check-cli/src/site/markdown/arguments.md
@@ -13,7 +13,7 @@ Short  | Argument&nbsp;Name&nbsp;&nbsp; | Parameter       | Description | Requir
 \-f   | \-\-format            | \<format\>      | The output format to write to (XML, HTML, VULN, ALL). The default is HTML. | Required
 \-l   | \-\-log               | \<file\>        | The file path to write verbose logging information. | Optional
 \-n   | \-\-noupdate          |                 | Disables the automatic updating of the CPE data. | Optional
-       | \-\-suppression       | \<file\>        | The file path to the suppression XML file; used to suppress [false positives](../suppression.html). | Optional
+       | \-\-suppression       | \<file\>        | The file path to the suppression XML file; used to suppress [false positives](../general/suppression.html). | Optional
 \-h   | \-\-help              |                 | Print the help message. | Optional
       | \-\-advancedHelp      |                 | Print the advanced help message. | Optional
 \-v   | \-\-version           |                 | Print the version information. | Optional
@@ -30,7 +30,8 @@ Short  | Argument&nbsp;Name&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | Paramete
       | \-\-updateonly        |                 | If set only the update phase of dependency-check will be executed; no scan will be executed and no report will be generated. | &nbsp;
       | \-\-disablePyDist     |                 | Sets whether the Python Distribution Analyzer will be used.                      | false
       | \-\-disablePyPkg      |                 | Sets whether the Python Package Analyzer will be used.                           | false
-       | \-\-disableRubygems   |                 | Sets whether the Ruby Gemspec Analyzer will be used.                           | false
+       | \-\-disableNodeJS     |                 | Sets whehter the Node.js Package Analyzer will be used.                          | false
+       | \-\-disableRubygems   |                 | Sets whether the Ruby Gemspec Analyzer will be used.                             | false
       | \-\-disableAutoconf   |                 | Sets whether the Autoconf Analyzer will be used.                                 | false
       | \-\-disableOpenSSL    |                 | Sets whether the OpenSSL Analyzer will be used.                                  | false
       | \-\-disableCmake      |                 | Sets whether the Cmake Analyzer will be used.                                    | false