From a3ad598004dfa69574ae5b7c55948c619102ac44 Mon Sep 17 00:00:00 2001 From: Dale Visser Date: Wed, 8 Jul 2015 14:07:17 -0400 Subject: [PATCH] OpenSSL: Untested changes to get command-line working. Former-commit-id: f81a410bba6cbc1b71cb7d5fef121eb4f52a780b --- .../java/org/owasp/dependencycheck/App.java | 10 ++++------ .../org/owasp/dependencycheck/CliParser.java | 17 +++++++++++++++++ .../src/site/markdown/arguments.md | 1 + .../analyzer/OpenSSLAnalyzer.java | 3 ++- .../org.owasp.dependencycheck.analyzer.Analyzer | 3 ++- .../owasp/dependencycheck/utils/Settings.java | 4 ++++ 6 files changed, 30 insertions(+), 8 deletions(-) diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java index d068d435b..346ca8be2 100644 --- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java +++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java @@ -250,9 +250,6 @@ public class App { final String suppressionFile = cli.getSuppressionFile(); final boolean jarDisabled = cli.isJarDisabled(); final boolean archiveDisabled = cli.isArchiveDisabled(); - final boolean pyDistDisabled = cli.isPythonDistributionDisabled(); - final boolean pyPkgDisabled = cli.isPythonPackageDisabled(); - final boolean autoconfDisabled = cli.isAutoconfDisabled(); final boolean assemblyDisabled = cli.isAssemblyDisabled(); final boolean nuspecDisabled = cli.isNuspecDisabled(); final boolean centralDisabled = cli.isCentralDisabled(); @@ -316,11 +313,12 @@ public class App { //File Type Analyzer Settings Settings.setBoolean(Settings.KEYS.ANALYZER_JAR_ENABLED, !jarDisabled); Settings.setBoolean(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, !archiveDisabled); - Settings.setBoolean(Settings.KEYS.ANALYZER_PYTHON_DISTRIBUTION_ENABLED, !pyDistDisabled); - Settings.setBoolean(Settings.KEYS.ANALYZER_PYTHON_PACKAGE_ENABLED, !pyPkgDisabled); - Settings.setBoolean(Settings.KEYS.ANALYZER_AUTOCONF_ENABLED, !autoconfDisabled); + Settings.setBoolean(Settings.KEYS.ANALYZER_PYTHON_DISTRIBUTION_ENABLED, !cli.isPythonDistributionDisabled()); + Settings.setBoolean(Settings.KEYS.ANALYZER_PYTHON_PACKAGE_ENABLED, !cli.isPythonPackageDisabled()); + Settings.setBoolean(Settings.KEYS.ANALYZER_AUTOCONF_ENABLED, !cli.isAutoconfDisabled()); Settings.setBoolean(Settings.KEYS.ANALYZER_NUSPEC_ENABLED, !nuspecDisabled); Settings.setBoolean(Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED, !assemblyDisabled); + Settings.setBoolean(Settings.KEYS.ANALYZER_OPENSSL_ENABLED, !cli.isOpenSSLDisabled()); Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, !centralDisabled); Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, !nexusDisabled); diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java index 313537ab3..ebf57e7dc 100644 --- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java +++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java @@ -339,6 +339,9 @@ public final class CliParser { .withLongOpt(ARGUMENT.DISABLE_AUTOCONF) .withDescription("Disable the Autoconf Analyzer.").create(); + final Option disableOpenSSLAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_OPENSSL) + .withDescription("Disable the OpenSSL Analyzer.").create(); + final Option disableCentralAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_CENTRAL) .withDescription("Disable the Central Analyzer. If this analyzer is disabled it is likely you also want to disable " + "the Nexus Analyzer.") @@ -385,6 +388,7 @@ public final class CliParser { .addOption(disablePythonDistributionAnalyzer) .addOption(disablePythonPackageAnalyzer) .addOption(disableAutoconfAnalyzer) + .addOption(disableOpenSSLAnalyzer) .addOption(disableNuspecAnalyzer) .addOption(disableCentralAnalyzer) .addOption(disableNexusAnalyzer) @@ -510,6 +514,15 @@ public final class CliParser { return (line != null) && line.hasOption(ARGUMENT.DISABLE_NEXUS); } + /** + * Returns true if the disableOpenSSL command line argument was specified. + * + * @return true if the disableOpenSSL command line argument was specified; otherwise false + */ + public boolean isOpenSSLDisabled() { + return (line != null) && line.hasOption(ARGUMENT.DISABLE_OPENSSL); + } + /** * Returns true if the disableCentral command line argument was specified. * @@ -970,6 +983,10 @@ public final class CliParser { * Disables the Nexus Analyzer. */ public static final String DISABLE_NEXUS = "disableNexus"; + /** + * Disables the OpenSSL Analyzer. + */ + public static final String DISABLE_OPENSSL = "disableOpenSSL"; /** * The URL of the nexus server. */ diff --git a/dependency-check-cli/src/site/markdown/arguments.md b/dependency-check-cli/src/site/markdown/arguments.md index ca2beb9b6..84e900db6 100644 --- a/dependency-check-cli/src/site/markdown/arguments.md +++ b/dependency-check-cli/src/site/markdown/arguments.md @@ -26,6 +26,7 @@ Short | Argument Name        | Paramete | \-\-disablePyDist | | Sets whether the Python Distribution Analyzer will be used. | false | \-\-disablePyPkg | | Sets whether the Python Package Analyzer will be used. | false | \-\-disableAutoconf | | Sets whether the Autoconf Analyzer will be used. | false + | \-\-disableOpenSSL | | Sets whether the OpenSSL Analyzer will be used. | false | \-\-disableArchive | | Sets whether the Archive Analyzer will be used. | false | \-\-zipExtensions | \ | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. |   | \-\-disableJar | | Sets whether the Jar Analyzer will be used. | false diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzer.java index a5d6ec993..92420a027 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzer.java @@ -23,6 +23,7 @@ import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Dependency; +import org.owasp.dependencycheck.utils.Settings; import java.io.File; import java.io.FileFilter; @@ -176,6 +177,6 @@ public class OpenSSLAnalyzer extends AbstractFileTypeAnalyzer { @Override protected String getAnalyzerEnabledSettingKey() { - return "fixme"; + return Settings.KEYS.ANALYZER_OPENSSL_ENABLED; } } \ No newline at end of file diff --git a/dependency-check-core/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer b/dependency-check-core/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer index 6a3bae2bf..31a22eb0f 100644 --- a/dependency-check-core/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer +++ b/dependency-check-core/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer @@ -14,4 +14,5 @@ org.owasp.dependencycheck.analyzer.NuspecAnalyzer org.owasp.dependencycheck.analyzer.AssemblyAnalyzer org.owasp.dependencycheck.analyzer.PythonDistributionAnalyzer org.owasp.dependencycheck.analyzer.PythonPackageAnalyzer -org.owasp.dependencycheck.analyzer.AutoconfAnalyzer \ No newline at end of file +org.owasp.dependencycheck.analyzer.AutoconfAnalyzer +org.owasp.dependencycheck.analyzer.OpenSSLAnalyzer \ No newline at end of file diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java index 884263202..654416171 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -217,6 +217,10 @@ public final class Settings { * The properties key for whether the Central analyzer is enabled. */ public static final String ANALYZER_CENTRAL_ENABLED = "analyzer.central.enabled"; + /** + * The properties key for whether the OpenSSL analyzer is enabled. + */ + public static final String ANALYZER_OPENSSL_ENABLED = "analyzer.openssl.enabled"; /** * The properties key for the Central search URL. */