Merge branch 'master' of github.com:jeremylong/DependencyCheck

Former-commit-id: 34458ee1dd984113551fa25a1ccc309d86587a9e

dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java

@@ -66,19 +66,34 @@ public class Engine {
      * A Map of analyzers grouped by Analysis phase.
      */
     private final Set<FileTypeAnalyzer> fileTypeAnalyzers;
+    /**
+     * The ClassLoader to use when dynamically loading Analyzer and Update services.
+     */
+    private ClassLoader serviceClassLoader;
     /**
      * The Logger for use throughout the class.
      */
     private static final Logger LOGGER = Logger.getLogger(Engine.class.getName());
+
     /**
      * Creates a new Engine.
      *
      * @throws DatabaseException thrown if there is an error connecting to the database
      */
     public Engine() throws DatabaseException {
+        this(Thread.currentThread().getContextClassLoader());
+    }
+
+    /**
+     * Creates a new Engine using the specified classloader to dynamically load Analyzer and Update services.
+     *
+     * @throws DatabaseException thrown if there is an error connecting to the database
+     */
+    public Engine(ClassLoader serviceClassLoader) throws DatabaseException {
         this.dependencies = new ArrayList<Dependency>();
         this.analyzers = new EnumMap<AnalysisPhase, List<Analyzer>>(AnalysisPhase.class);
         this.fileTypeAnalyzers = new HashSet<FileTypeAnalyzer>();
+        this.serviceClassLoader = serviceClassLoader;
 
         ConnectionFactory.initialize();
 
@@ -110,7 +125,7 @@ public class Engine {
             analyzers.put(phase, new ArrayList<Analyzer>());
         }
 
-        final AnalyzerService service = new AnalyzerService();
+        final AnalyzerService service = new AnalyzerService(serviceClassLoader);
         final Iterator<Analyzer> iterator = service.getAnalyzers();
         while (iterator.hasNext()) {
             final Analyzer a = iterator.next();
@@ -413,7 +428,7 @@ public class Engine {
      * Cycles through the cached web data sources and calls update on all of them.
      */
     private void doUpdates() {
-        final UpdateService service = new UpdateService();
+        final UpdateService service = new UpdateService(serviceClassLoader);
         final Iterator<CachedWebDataSource> iterator = service.getDataSources();
         while (iterator.hasNext()) {
             final CachedWebDataSource source = iterator.next();

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AnalyzerService.java

@@ -36,8 +36,8 @@ public class AnalyzerService {
     /**
      * Creates a new instance of AnalyzerService.
      */
-    public AnalyzerService() {
+    public AnalyzerService(ClassLoader classLoader) {
-        loader = ServiceLoader.load(Analyzer.class);
+        loader = ServiceLoader.load(Analyzer.class, classLoader);
     }
 
     /**

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/UpdateService.java

@@ -36,8 +36,8 @@ public class UpdateService {
     /**
      * Creates a new instance of UpdateService.
      */
-    public UpdateService() {
+    public UpdateService(ClassLoader classLoader) {
-        loader = ServiceLoader.load(CachedWebDataSource.class);
+        loader = ServiceLoader.load(CachedWebDataSource.class, classLoader);
     }
 
     /**

dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java

@@ -36,7 +36,6 @@ import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
 import org.apache.velocity.context.Context;
 import org.apache.velocity.runtime.RuntimeConstants;
-import org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader;
 import org.owasp.dependencycheck.analyzer.Analyzer;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
 import org.owasp.dependencycheck.dependency.Dependency;
@@ -123,29 +122,19 @@ public class ReportGenerator {
      * @return a velocity engine.
      */
     private VelocityEngine createVelocityEngine() {
-        final VelocityEngine ve = new VelocityEngine();
+        final VelocityEngine engine = new VelocityEngine();
-        ve.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, VelocityLoggerRedirect.class.getName());
+        // Logging redirection for Velocity - Required by Jenkins and other server applications
-        ve.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
+        engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, VelocityLoggerRedirect.class.getName());
-        ve.setProperty("classpath.resource.loader.class", ClasspathResourceLoader.class.getName());
+        return engine;
-        return ve;
     }
 
     /**
-     * Creates a new Velocity Context initialized with escape and date tools.
+     * Creates a new Velocity Context.
      *
      * @return a Velocity Context.
      */
     private Context createContext() {
-        //REMOVED all of the velocity tools to simplify the engine trying to resolve issues running this in Jenkins
+        return new VelocityContext();
-//        final ToolManager manager = new ToolManager();
-//        final Context c = manager.createContext();
-//        final EasyFactoryConfiguration config = new EasyFactoryConfiguration();
-//        config.addDefaultTools();
-//        config.toolbox("application").tool("esc", "org.apache.velocity.tools.generic.EscapeTool").
-//        tool("org.apache.velocity.tools.generic.DateTool");
-//        manager.configure(config);
-        final VelocityContext c = new VelocityContext();
-        return c;
     }
 
     /**

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AnalyzerServiceTest.java

@@ -33,7 +33,7 @@ public class AnalyzerServiceTest extends BaseTest {
      */
     @Test
     public void testGetAnalyzers() {
-        AnalyzerService instance = new AnalyzerService();
+        AnalyzerService instance = new AnalyzerService(Thread.currentThread().getContextClassLoader());
         Iterator<Analyzer> result = instance.getAnalyzers();
 
         boolean found = false;