github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-02-23 10:55:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

documentation v1.3.2

Browse Source
This commit is contained in:
Jeremy Long
2015-11-29 07:44:14 -05:00
parent 191c5fae56
commit a426de69cd
1220 changed files with 51071 additions and 40455 deletions
Download Patch File Download Diff File Expand all files Collapse all files

406
xref/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.html
View File

@@ -848,231 +848,191 @@
<a class="jxr_linenumber" name="L840" href="#L840">840</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L841" href="#L841">841</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> executeDependencyCheck() <strong class="jxr_keyword">throws</strong> DatabaseException {
<a class="jxr_linenumber" name="L842" href="#L842">842</a> populateSettings();
<a class="jxr_linenumber" name="L843" href="#L843">843</a> <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L844" href="#L844">844</a> engine = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a>();
<a class="jxr_linenumber" name="L845" href="#L845">845</a> engine.setDependencies(<strong class="jxr_keyword">this</strong>.dependencies);
<a class="jxr_linenumber" name="L846" href="#L846">846</a> engine.analyzeDependencies();
<a class="jxr_linenumber" name="L847" href="#L847">847</a> <strong class="jxr_keyword">return</strong> engine;
<a class="jxr_linenumber" name="L848" href="#L848">848</a> }
<a class="jxr_linenumber" name="L849" href="#L849">849</a>
<a class="jxr_linenumber" name="L850" href="#L850">850</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L851" href="#L851">851</a> <em class="jxr_javadoccomment"> * Generates the reports for a given dependency-check engine.</em>
<a class="jxr_linenumber" name="L852" href="#L852">852</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L853" href="#L853">853</a> <em class="jxr_javadoccomment"> * @param engine a dependency-check engine</em>
<a class="jxr_linenumber" name="L854" href="#L854">854</a> <em class="jxr_javadoccomment"> * @param outDirectory the directory to write the reports to</em>
<a class="jxr_linenumber" name="L855" href="#L855">855</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L856" href="#L856">856</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> generateExternalReports(<a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine, File outDirectory) {
<a class="jxr_linenumber" name="L857" href="#L857">857</a> <a href="../../../../org/owasp/dependencycheck/data/nvdcve/DatabaseProperties.html">DatabaseProperties</a> prop = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L858" href="#L858">858</a> <a href="../../../../org/owasp/dependencycheck/data/nvdcve/CveDB.html">CveDB</a> cve = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L859" href="#L859">859</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L860" href="#L860">860</a> cve = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/data/nvdcve/CveDB.html">CveDB</a>();
<a class="jxr_linenumber" name="L861" href="#L861">861</a> cve.open();
<a class="jxr_linenumber" name="L862" href="#L862">862</a> prop = cve.getDatabaseProperties();
<a class="jxr_linenumber" name="L863" href="#L863">863</a> } <strong class="jxr_keyword">catch</strong> (DatabaseException ex) {
<a class="jxr_linenumber" name="L864" href="#L864">864</a> LOGGER.debug(<span class="jxr_string">"Unable to retrieve DB Properties"</span>, ex);
<a class="jxr_linenumber" name="L865" href="#L865">865</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L866" href="#L866">866</a> <strong class="jxr_keyword">if</strong> (cve != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L867" href="#L867">867</a> cve.close();
<a class="jxr_linenumber" name="L868" href="#L868">868</a> }
<a class="jxr_linenumber" name="L869" href="#L869">869</a> }
<a class="jxr_linenumber" name="L870" href="#L870">870</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/reporting/ReportGenerator.html">ReportGenerator</a> r = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/reporting/ReportGenerator.html">ReportGenerator</a>(<strong class="jxr_keyword">this</strong>.applicationName, engine.getDependencies(), engine.getAnalyzers(), prop);
<a class="jxr_linenumber" name="L871" href="#L871">871</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L872" href="#L872">872</a> r.generateReports(outDirectory.getCanonicalPath(), <strong class="jxr_keyword">this</strong>.reportFormat.name());
<a class="jxr_linenumber" name="L873" href="#L873">873</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L874" href="#L874">874</a> LOGGER.error(
<a class="jxr_linenumber" name="L875" href="#L875">875</a> <span class="jxr_string">"Unexpected exception occurred during analysis; please see the verbose error log for more details."</span>);
<a class="jxr_linenumber" name="L876" href="#L876">876</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
<a class="jxr_linenumber" name="L877" href="#L877">877</a> } <strong class="jxr_keyword">catch</strong> (Throwable ex) {
<a class="jxr_linenumber" name="L878" href="#L878">878</a> LOGGER.error(
<a class="jxr_linenumber" name="L879" href="#L879">879</a> <span class="jxr_string">"Unexpected exception occurred during analysis; please see the verbose error log for more details."</span>);
<a class="jxr_linenumber" name="L880" href="#L880">880</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
<a class="jxr_linenumber" name="L881" href="#L881">881</a> }
<a class="jxr_linenumber" name="L882" href="#L882">882</a> }
<a class="jxr_linenumber" name="L883" href="#L883">883</a>
<a class="jxr_linenumber" name="L884" href="#L884">884</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L885" href="#L885">885</a> <em class="jxr_javadoccomment"> * Takes the properties supplied and updates the dependency-check settings. Additionally, this sets the system properties</em>
<a class="jxr_linenumber" name="L886" href="#L886">886</a> <em class="jxr_javadoccomment"> * required to change the proxy server, port, and connection timeout.</em>
<a class="jxr_linenumber" name="L887" href="#L887">887</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L888" href="#L888">888</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> populateSettings() {
<a class="jxr_linenumber" name="L889" href="#L889">889</a> Settings.initialize();
<a class="jxr_linenumber" name="L890" href="#L890">890</a> <strong class="jxr_keyword">if</strong> (dataDirectory != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L891" href="#L891">891</a> Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDirectory);
<a class="jxr_linenumber" name="L892" href="#L892">892</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L893" href="#L893">893</a> <strong class="jxr_keyword">final</strong> File jarPath = <strong class="jxr_keyword">new</strong> File(DependencyCheckScanAgent.<strong class="jxr_keyword">class</strong>.getProtectionDomain().getCodeSource().getLocation().getPath());
<a class="jxr_linenumber" name="L894" href="#L894">894</a> <strong class="jxr_keyword">final</strong> File base = jarPath.getParentFile();
<a class="jxr_linenumber" name="L895" href="#L895">895</a> <strong class="jxr_keyword">final</strong> String sub = Settings.getString(Settings.KEYS.DATA_DIRECTORY);
<a class="jxr_linenumber" name="L896" href="#L896">896</a> <strong class="jxr_keyword">final</strong> File dataDir = <strong class="jxr_keyword">new</strong> File(base, sub);
<a class="jxr_linenumber" name="L897" href="#L897">897</a> Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath());
<a class="jxr_linenumber" name="L898" href="#L898">898</a> }
<a class="jxr_linenumber" name="L899" href="#L899">899</a>
<a class="jxr_linenumber" name="L900" href="#L900">900</a> Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
<a class="jxr_linenumber" name="L901" href="#L901">901</a>
<a class="jxr_linenumber" name="L902" href="#L902">902</a> <strong class="jxr_keyword">if</strong> (proxyServer != <strong class="jxr_keyword">null</strong> &amp;&amp; !proxyServer.isEmpty()) {
<a class="jxr_linenumber" name="L903" href="#L903">903</a> Settings.setString(Settings.KEYS.PROXY_SERVER, proxyServer);
<a class="jxr_linenumber" name="L904" href="#L904">904</a> }
<a class="jxr_linenumber" name="L905" href="#L905">905</a> <strong class="jxr_keyword">if</strong> (proxyPort != <strong class="jxr_keyword">null</strong> &amp;&amp; !proxyPort.isEmpty()) {
<a class="jxr_linenumber" name="L906" href="#L906">906</a> Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort);
<a class="jxr_linenumber" name="L907" href="#L907">907</a> }
<a class="jxr_linenumber" name="L908" href="#L908">908</a> <strong class="jxr_keyword">if</strong> (proxyUsername != <strong class="jxr_keyword">null</strong> &amp;&amp; !proxyUsername.isEmpty()) {
<a class="jxr_linenumber" name="L909" href="#L909">909</a> Settings.setString(Settings.KEYS.PROXY_USERNAME, proxyUsername);
<a class="jxr_linenumber" name="L910" href="#L910">910</a> }
<a class="jxr_linenumber" name="L911" href="#L911">911</a> <strong class="jxr_keyword">if</strong> (proxyPassword != <strong class="jxr_keyword">null</strong> &amp;&amp; !proxyPassword.isEmpty()) {
<a class="jxr_linenumber" name="L912" href="#L912">912</a> Settings.setString(Settings.KEYS.PROXY_PASSWORD, proxyPassword);
<a class="jxr_linenumber" name="L913" href="#L913">913</a> }
<a class="jxr_linenumber" name="L914" href="#L914">914</a> <strong class="jxr_keyword">if</strong> (connectionTimeout != <strong class="jxr_keyword">null</strong> &amp;&amp; !connectionTimeout.isEmpty()) {
<a class="jxr_linenumber" name="L915" href="#L915">915</a> Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout);
<a class="jxr_linenumber" name="L916" href="#L916">916</a> }
<a class="jxr_linenumber" name="L917" href="#L917">917</a> <strong class="jxr_keyword">if</strong> (suppressionFile != <strong class="jxr_keyword">null</strong> &amp;&amp; !suppressionFile.isEmpty()) {
<a class="jxr_linenumber" name="L918" href="#L918">918</a> Settings.setString(Settings.KEYS.SUPPRESSION_FILE, suppressionFile);
<a class="jxr_linenumber" name="L919" href="#L919">919</a> }
<a class="jxr_linenumber" name="L920" href="#L920">920</a> Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, centralAnalyzerEnabled);
<a class="jxr_linenumber" name="L921" href="#L921">921</a> <strong class="jxr_keyword">if</strong> (centralUrl != <strong class="jxr_keyword">null</strong> &amp;&amp; !centralUrl.isEmpty()) {
<a class="jxr_linenumber" name="L922" href="#L922">922</a> Settings.setString(Settings.KEYS.ANALYZER_CENTRAL_URL, centralUrl);
<a class="jxr_linenumber" name="L923" href="#L923">923</a> }
<a class="jxr_linenumber" name="L924" href="#L924">924</a> Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, nexusAnalyzerEnabled);
<a class="jxr_linenumber" name="L925" href="#L925">925</a> <strong class="jxr_keyword">if</strong> (nexusUrl != <strong class="jxr_keyword">null</strong> &amp;&amp; !nexusUrl.isEmpty()) {
<a class="jxr_linenumber" name="L926" href="#L926">926</a> Settings.setString(Settings.KEYS.ANALYZER_NEXUS_URL, nexusUrl);
<a class="jxr_linenumber" name="L927" href="#L927">927</a> }
<a class="jxr_linenumber" name="L928" href="#L928">928</a> Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_PROXY, nexusUsesProxy);
<a class="jxr_linenumber" name="L929" href="#L929">929</a> <strong class="jxr_keyword">if</strong> (databaseDriverName != <strong class="jxr_keyword">null</strong> &amp;&amp; !databaseDriverName.isEmpty()) {
<a class="jxr_linenumber" name="L930" href="#L930">930</a> Settings.setString(Settings.KEYS.DB_DRIVER_NAME, databaseDriverName);
<a class="jxr_linenumber" name="L931" href="#L931">931</a> }
<a class="jxr_linenumber" name="L932" href="#L932">932</a> <strong class="jxr_keyword">if</strong> (databaseDriverPath != <strong class="jxr_keyword">null</strong> &amp;&amp; !databaseDriverPath.isEmpty()) {
<a class="jxr_linenumber" name="L933" href="#L933">933</a> Settings.setString(Settings.KEYS.DB_DRIVER_PATH, databaseDriverPath);
<a class="jxr_linenumber" name="L934" href="#L934">934</a> }
<a class="jxr_linenumber" name="L935" href="#L935">935</a> <strong class="jxr_keyword">if</strong> (connectionString != <strong class="jxr_keyword">null</strong> &amp;&amp; !connectionString.isEmpty()) {
<a class="jxr_linenumber" name="L936" href="#L936">936</a> Settings.setString(Settings.KEYS.DB_CONNECTION_STRING, connectionString);
<a class="jxr_linenumber" name="L937" href="#L937">937</a> }
<a class="jxr_linenumber" name="L938" href="#L938">938</a> <strong class="jxr_keyword">if</strong> (databaseUser != <strong class="jxr_keyword">null</strong> &amp;&amp; !databaseUser.isEmpty()) {
<a class="jxr_linenumber" name="L939" href="#L939">939</a> Settings.setString(Settings.KEYS.DB_USER, databaseUser);
<a class="jxr_linenumber" name="L940" href="#L940">940</a> }
<a class="jxr_linenumber" name="L941" href="#L941">941</a> <strong class="jxr_keyword">if</strong> (databasePassword != <strong class="jxr_keyword">null</strong> &amp;&amp; !databasePassword.isEmpty()) {
<a class="jxr_linenumber" name="L942" href="#L942">942</a> Settings.setString(Settings.KEYS.DB_PASSWORD, databasePassword);
<a class="jxr_linenumber" name="L943" href="#L943">943</a> }
<a class="jxr_linenumber" name="L944" href="#L944">944</a> <strong class="jxr_keyword">if</strong> (zipExtensions != <strong class="jxr_keyword">null</strong> &amp;&amp; !zipExtensions.isEmpty()) {
<a class="jxr_linenumber" name="L945" href="#L945">945</a> Settings.setString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, zipExtensions);
<a class="jxr_linenumber" name="L946" href="#L946">946</a> }
<a class="jxr_linenumber" name="L947" href="#L947">947</a> <strong class="jxr_keyword">if</strong> (cveUrl12Modified != <strong class="jxr_keyword">null</strong> &amp;&amp; !cveUrl12Modified.isEmpty()) {
<a class="jxr_linenumber" name="L948" href="#L948">948</a> Settings.setString(Settings.KEYS.CVE_MODIFIED_12_URL, cveUrl12Modified);
<a class="jxr_linenumber" name="L949" href="#L949">949</a> }
<a class="jxr_linenumber" name="L950" href="#L950">950</a> <strong class="jxr_keyword">if</strong> (cveUrl20Modified != <strong class="jxr_keyword">null</strong> &amp;&amp; !cveUrl20Modified.isEmpty()) {
<a class="jxr_linenumber" name="L951" href="#L951">951</a> Settings.setString(Settings.KEYS.CVE_MODIFIED_20_URL, cveUrl20Modified);
<a class="jxr_linenumber" name="L843" href="#L843">843</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a>();
<a class="jxr_linenumber" name="L844" href="#L844">844</a> engine.setDependencies(<strong class="jxr_keyword">this</strong>.dependencies);
<a class="jxr_linenumber" name="L845" href="#L845">845</a> engine.analyzeDependencies();
<a class="jxr_linenumber" name="L846" href="#L846">846</a> <strong class="jxr_keyword">return</strong> engine;
<a class="jxr_linenumber" name="L847" href="#L847">847</a> }
<a class="jxr_linenumber" name="L848" href="#L848">848</a>
<a class="jxr_linenumber" name="L849" href="#L849">849</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L850" href="#L850">850</a> <em class="jxr_javadoccomment"> * Generates the reports for a given dependency-check engine.</em>
<a class="jxr_linenumber" name="L851" href="#L851">851</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L852" href="#L852">852</a> <em class="jxr_javadoccomment"> * @param engine a dependency-check engine</em>
<a class="jxr_linenumber" name="L853" href="#L853">853</a> <em class="jxr_javadoccomment"> * @param outDirectory the directory to write the reports to</em>
<a class="jxr_linenumber" name="L854" href="#L854">854</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L855" href="#L855">855</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> generateExternalReports(<a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine, File outDirectory) {
<a class="jxr_linenumber" name="L856" href="#L856">856</a> <a href="../../../../org/owasp/dependencycheck/data/nvdcve/DatabaseProperties.html">DatabaseProperties</a> prop = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L857" href="#L857">857</a> <a href="../../../../org/owasp/dependencycheck/data/nvdcve/CveDB.html">CveDB</a> cve = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L858" href="#L858">858</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L859" href="#L859">859</a> cve = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/data/nvdcve/CveDB.html">CveDB</a>();
<a class="jxr_linenumber" name="L860" href="#L860">860</a> cve.open();
<a class="jxr_linenumber" name="L861" href="#L861">861</a> prop = cve.getDatabaseProperties();
<a class="jxr_linenumber" name="L862" href="#L862">862</a> } <strong class="jxr_keyword">catch</strong> (DatabaseException ex) {
<a class="jxr_linenumber" name="L863" href="#L863">863</a> LOGGER.debug(<span class="jxr_string">"Unable to retrieve DB Properties"</span>, ex);
<a class="jxr_linenumber" name="L864" href="#L864">864</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L865" href="#L865">865</a> <strong class="jxr_keyword">if</strong> (cve != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L866" href="#L866">866</a> cve.close();
<a class="jxr_linenumber" name="L867" href="#L867">867</a> }
<a class="jxr_linenumber" name="L868" href="#L868">868</a> }
<a class="jxr_linenumber" name="L869" href="#L869">869</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/reporting/ReportGenerator.html">ReportGenerator</a> r = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/reporting/ReportGenerator.html">ReportGenerator</a>(<strong class="jxr_keyword">this</strong>.applicationName, engine.getDependencies(), engine.getAnalyzers(), prop);
<a class="jxr_linenumber" name="L870" href="#L870">870</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L871" href="#L871">871</a> r.generateReports(outDirectory.getCanonicalPath(), <strong class="jxr_keyword">this</strong>.reportFormat.name());
<a class="jxr_linenumber" name="L872" href="#L872">872</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L873" href="#L873">873</a> LOGGER.error(
<a class="jxr_linenumber" name="L874" href="#L874">874</a> <span class="jxr_string">"Unexpected exception occurred during analysis; please see the verbose error log for more details."</span>);
<a class="jxr_linenumber" name="L875" href="#L875">875</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
<a class="jxr_linenumber" name="L876" href="#L876">876</a> } <strong class="jxr_keyword">catch</strong> (Throwable ex) {
<a class="jxr_linenumber" name="L877" href="#L877">877</a> LOGGER.error(
<a class="jxr_linenumber" name="L878" href="#L878">878</a> <span class="jxr_string">"Unexpected exception occurred during analysis; please see the verbose error log for more details."</span>);
<a class="jxr_linenumber" name="L879" href="#L879">879</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
<a class="jxr_linenumber" name="L880" href="#L880">880</a> }
<a class="jxr_linenumber" name="L881" href="#L881">881</a> }
<a class="jxr_linenumber" name="L882" href="#L882">882</a>
<a class="jxr_linenumber" name="L883" href="#L883">883</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L884" href="#L884">884</a> <em class="jxr_javadoccomment"> * Takes the properties supplied and updates the dependency-check settings. Additionally, this sets the system properties</em>
<a class="jxr_linenumber" name="L885" href="#L885">885</a> <em class="jxr_javadoccomment"> * required to change the proxy server, port, and connection timeout.</em>
<a class="jxr_linenumber" name="L886" href="#L886">886</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L887" href="#L887">887</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> populateSettings() {
<a class="jxr_linenumber" name="L888" href="#L888">888</a> Settings.initialize();
<a class="jxr_linenumber" name="L889" href="#L889">889</a> <strong class="jxr_keyword">if</strong> (dataDirectory != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L890" href="#L890">890</a> Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDirectory);
<a class="jxr_linenumber" name="L891" href="#L891">891</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L892" href="#L892">892</a> <strong class="jxr_keyword">final</strong> File jarPath = <strong class="jxr_keyword">new</strong> File(DependencyCheckScanAgent.<strong class="jxr_keyword">class</strong>.getProtectionDomain().getCodeSource().getLocation().getPath());
<a class="jxr_linenumber" name="L893" href="#L893">893</a> <strong class="jxr_keyword">final</strong> File base = jarPath.getParentFile();
<a class="jxr_linenumber" name="L894" href="#L894">894</a> <strong class="jxr_keyword">final</strong> String sub = Settings.getString(Settings.KEYS.DATA_DIRECTORY);
<a class="jxr_linenumber" name="L895" href="#L895">895</a> <strong class="jxr_keyword">final</strong> File dataDir = <strong class="jxr_keyword">new</strong> File(base, sub);
<a class="jxr_linenumber" name="L896" href="#L896">896</a> Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath());
<a class="jxr_linenumber" name="L897" href="#L897">897</a> }
<a class="jxr_linenumber" name="L898" href="#L898">898</a>
<a class="jxr_linenumber" name="L899" href="#L899">899</a> Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
<a class="jxr_linenumber" name="L900" href="#L900">900</a> Settings.setStringIfNotEmpty(Settings.KEYS.PROXY_SERVER, proxyServer);
<a class="jxr_linenumber" name="L901" href="#L901">901</a> Settings.setStringIfNotEmpty(Settings.KEYS.PROXY_PORT, proxyPort);
<a class="jxr_linenumber" name="L902" href="#L902">902</a> Settings.setStringIfNotEmpty(Settings.KEYS.PROXY_USERNAME, proxyUsername);
<a class="jxr_linenumber" name="L903" href="#L903">903</a> Settings.setStringIfNotEmpty(Settings.KEYS.PROXY_PASSWORD, proxyPassword);
<a class="jxr_linenumber" name="L904" href="#L904">904</a> Settings.setStringIfNotEmpty(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout);
<a class="jxr_linenumber" name="L905" href="#L905">905</a> Settings.setStringIfNotEmpty(Settings.KEYS.SUPPRESSION_FILE, suppressionFile);
<a class="jxr_linenumber" name="L906" href="#L906">906</a> Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, centralAnalyzerEnabled);
<a class="jxr_linenumber" name="L907" href="#L907">907</a> Settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_CENTRAL_URL, centralUrl);
<a class="jxr_linenumber" name="L908" href="#L908">908</a> Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, nexusAnalyzerEnabled);
<a class="jxr_linenumber" name="L909" href="#L909">909</a> Settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_NEXUS_URL, nexusUrl);
<a class="jxr_linenumber" name="L910" href="#L910">910</a> Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_USES_PROXY, nexusUsesProxy);
<a class="jxr_linenumber" name="L911" href="#L911">911</a> Settings.setStringIfNotEmpty(Settings.KEYS.DB_DRIVER_NAME, databaseDriverName);
<a class="jxr_linenumber" name="L912" href="#L912">912</a> Settings.setStringIfNotEmpty(Settings.KEYS.DB_DRIVER_PATH, databaseDriverPath);
<a class="jxr_linenumber" name="L913" href="#L913">913</a> Settings.setStringIfNotEmpty(Settings.KEYS.DB_CONNECTION_STRING, connectionString);
<a class="jxr_linenumber" name="L914" href="#L914">914</a> Settings.setStringIfNotEmpty(Settings.KEYS.DB_USER, databaseUser);
<a class="jxr_linenumber" name="L915" href="#L915">915</a> Settings.setStringIfNotEmpty(Settings.KEYS.DB_PASSWORD, databasePassword);
<a class="jxr_linenumber" name="L916" href="#L916">916</a> Settings.setStringIfNotEmpty(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, zipExtensions);
<a class="jxr_linenumber" name="L917" href="#L917">917</a> Settings.setStringIfNotEmpty(Settings.KEYS.CVE_MODIFIED_12_URL, cveUrl12Modified);
<a class="jxr_linenumber" name="L918" href="#L918">918</a> Settings.setStringIfNotEmpty(Settings.KEYS.CVE_MODIFIED_20_URL, cveUrl20Modified);
<a class="jxr_linenumber" name="L919" href="#L919">919</a> Settings.setStringIfNotEmpty(Settings.KEYS.CVE_SCHEMA_1_2, cveUrl12Base);
<a class="jxr_linenumber" name="L920" href="#L920">920</a> Settings.setStringIfNotEmpty(Settings.KEYS.CVE_SCHEMA_2_0, cveUrl20Base);
<a class="jxr_linenumber" name="L921" href="#L921">921</a> Settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, pathToMono);
<a class="jxr_linenumber" name="L922" href="#L922">922</a> }
<a class="jxr_linenumber" name="L923" href="#L923">923</a>
<a class="jxr_linenumber" name="L924" href="#L924">924</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L925" href="#L925">925</a> <em class="jxr_javadoccomment"> * Executes the dependency-check and generates the report.</em>
<a class="jxr_linenumber" name="L926" href="#L926">926</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L927" href="#L927">927</a> <em class="jxr_javadoccomment"> * @return a reference to the engine used to perform the scan.</em>
<a class="jxr_linenumber" name="L928" href="#L928">928</a> <em class="jxr_javadoccomment"> * @throws org.owasp.dependencycheck.exception.ScanAgentException thrown if there is an exception executing the scan.</em>
<a class="jxr_linenumber" name="L929" href="#L929">929</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L930" href="#L930">930</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> execute() <strong class="jxr_keyword">throws</strong> ScanAgentException {
<a class="jxr_linenumber" name="L931" href="#L931">931</a> <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L932" href="#L932">932</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L933" href="#L933">933</a> engine = executeDependencyCheck();
<a class="jxr_linenumber" name="L934" href="#L934">934</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">this</strong>.generateReport) {
<a class="jxr_linenumber" name="L935" href="#L935">935</a> generateExternalReports(engine, <strong class="jxr_keyword">new</strong> File(<strong class="jxr_keyword">this</strong>.reportOutputDirectory));
<a class="jxr_linenumber" name="L936" href="#L936">936</a> }
<a class="jxr_linenumber" name="L937" href="#L937">937</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">this</strong>.showSummary) {
<a class="jxr_linenumber" name="L938" href="#L938">938</a> showSummary(engine.getDependencies());
<a class="jxr_linenumber" name="L939" href="#L939">939</a> }
<a class="jxr_linenumber" name="L940" href="#L940">940</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">this</strong>.failBuildOnCVSS &lt;= 10) {
<a class="jxr_linenumber" name="L941" href="#L941">941</a> checkForFailure(engine.getDependencies());
<a class="jxr_linenumber" name="L942" href="#L942">942</a> }
<a class="jxr_linenumber" name="L943" href="#L943">943</a> } <strong class="jxr_keyword">catch</strong> (DatabaseException ex) {
<a class="jxr_linenumber" name="L944" href="#L944">944</a> LOGGER.error(
<a class="jxr_linenumber" name="L945" href="#L945">945</a> <span class="jxr_string">"Unable to connect to the dependency-check database; analysis has stopped"</span>);
<a class="jxr_linenumber" name="L946" href="#L946">946</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
<a class="jxr_linenumber" name="L947" href="#L947">947</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L948" href="#L948">948</a> Settings.cleanup(<strong class="jxr_keyword">true</strong>);
<a class="jxr_linenumber" name="L949" href="#L949">949</a> <strong class="jxr_keyword">if</strong> (engine != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L950" href="#L950">950</a> engine.cleanup();
<a class="jxr_linenumber" name="L951" href="#L951">951</a> }
<a class="jxr_linenumber" name="L952" href="#L952">952</a> }
<a class="jxr_linenumber" name="L953" href="#L953">953</a> <strong class="jxr_keyword">if</strong> (cveUrl12Base != <strong class="jxr_keyword">null</strong> &amp;&amp; !cveUrl12Base.isEmpty()) {
<a class="jxr_linenumber" name="L954" href="#L954">954</a> Settings.setString(Settings.KEYS.CVE_SCHEMA_1_2, cveUrl12Base);
<a class="jxr_linenumber" name="L955" href="#L955">955</a> }
<a class="jxr_linenumber" name="L956" href="#L956">956</a> <strong class="jxr_keyword">if</strong> (cveUrl20Base != <strong class="jxr_keyword">null</strong> &amp;&amp; !cveUrl20Base.isEmpty()) {
<a class="jxr_linenumber" name="L957" href="#L957">957</a> Settings.setString(Settings.KEYS.CVE_SCHEMA_2_0, cveUrl20Base);
<a class="jxr_linenumber" name="L958" href="#L958">958</a> }
<a class="jxr_linenumber" name="L959" href="#L959">959</a> <strong class="jxr_keyword">if</strong> (pathToMono != <strong class="jxr_keyword">null</strong> &amp;&amp; !pathToMono.isEmpty()) {
<a class="jxr_linenumber" name="L960" href="#L960">960</a> Settings.setString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, pathToMono);
<a class="jxr_linenumber" name="L961" href="#L961">961</a> }
<a class="jxr_linenumber" name="L962" href="#L962">962</a> }
<a class="jxr_linenumber" name="L963" href="#L963">963</a>
<a class="jxr_linenumber" name="L964" href="#L964">964</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L965" href="#L965">965</a> <em class="jxr_javadoccomment"> * Executes the dependency-check and generates the report.</em>
<a class="jxr_linenumber" name="L966" href="#L966">966</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L967" href="#L967">967</a> <em class="jxr_javadoccomment"> * @return a reference to the engine used to perform the scan.</em>
<a class="jxr_linenumber" name="L968" href="#L968">968</a> <em class="jxr_javadoccomment"> * @throws org.owasp.dependencycheck.exception.ScanAgentException thrown if there is an exception executing the scan.</em>
<a class="jxr_linenumber" name="L969" href="#L969">969</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L970" href="#L970">970</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> execute() <strong class="jxr_keyword">throws</strong> ScanAgentException {
<a class="jxr_linenumber" name="L971" href="#L971">971</a> <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L972" href="#L972">972</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L973" href="#L973">973</a> engine = executeDependencyCheck();
<a class="jxr_linenumber" name="L974" href="#L974">974</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">this</strong>.generateReport) {
<a class="jxr_linenumber" name="L975" href="#L975">975</a> generateExternalReports(engine, <strong class="jxr_keyword">new</strong> File(<strong class="jxr_keyword">this</strong>.reportOutputDirectory));
<a class="jxr_linenumber" name="L976" href="#L976">976</a> }
<a class="jxr_linenumber" name="L977" href="#L977">977</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">this</strong>.showSummary) {
<a class="jxr_linenumber" name="L978" href="#L978">978</a> showSummary(engine.getDependencies());
<a class="jxr_linenumber" name="L979" href="#L979">979</a> }
<a class="jxr_linenumber" name="L980" href="#L980">980</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">this</strong>.failBuildOnCVSS &lt;= 10) {
<a class="jxr_linenumber" name="L981" href="#L981">981</a> checkForFailure(engine.getDependencies());
<a class="jxr_linenumber" name="L982" href="#L982">982</a> }
<a class="jxr_linenumber" name="L983" href="#L983">983</a> } <strong class="jxr_keyword">catch</strong> (DatabaseException ex) {
<a class="jxr_linenumber" name="L984" href="#L984">984</a> LOGGER.error(
<a class="jxr_linenumber" name="L985" href="#L985">985</a> <span class="jxr_string">"Unable to connect to the dependency-check database; analysis has stopped"</span>);
<a class="jxr_linenumber" name="L986" href="#L986">986</a> LOGGER.debug(<span class="jxr_string">""</span>, ex);
<a class="jxr_linenumber" name="L987" href="#L987">987</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L988" href="#L988">988</a> Settings.cleanup(<strong class="jxr_keyword">true</strong>);
<a class="jxr_linenumber" name="L989" href="#L989">989</a> <strong class="jxr_keyword">if</strong> (engine != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L990" href="#L990">990</a> engine.cleanup();
<a class="jxr_linenumber" name="L991" href="#L991">991</a> }
<a class="jxr_linenumber" name="L992" href="#L992">992</a> }
<a class="jxr_linenumber" name="L993" href="#L993">993</a> <strong class="jxr_keyword">return</strong> engine;
<a class="jxr_linenumber" name="L994" href="#L994">994</a> }
<a class="jxr_linenumber" name="L995" href="#L995">995</a>
<a class="jxr_linenumber" name="L996" href="#L996">996</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L997" href="#L997">997</a> <em class="jxr_javadoccomment"> * Checks to see if a vulnerability has been identified with a CVSS score that is above the threshold set in the</em>
<a class="jxr_linenumber" name="L998" href="#L998">998</a> <em class="jxr_javadoccomment"> * configuration.</em>
<a class="jxr_linenumber" name="L999" href="#L999">999</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L1000" href="#L1000">1000</a> <em class="jxr_javadoccomment"> * @param dependencies the list of dependency objects</em>
<a class="jxr_linenumber" name="L1001" href="#L1001">1001</a> <em class="jxr_javadoccomment"> * @throws org.owasp.dependencycheck.exception.ScanAgentException thrown if there is an exception executing the scan.</em>
<a class="jxr_linenumber" name="L1002" href="#L1002">1002</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L1003" href="#L1003">1003</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> checkForFailure(List&lt;Dependency&gt; dependencies) <strong class="jxr_keyword">throws</strong> ScanAgentException {
<a class="jxr_linenumber" name="L1004" href="#L1004">1004</a> <strong class="jxr_keyword">final</strong> StringBuilder ids = <strong class="jxr_keyword">new</strong> StringBuilder();
<a class="jxr_linenumber" name="L1005" href="#L1005">1005</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencies) {
<a class="jxr_linenumber" name="L1006" href="#L1006">1006</a> <strong class="jxr_keyword">boolean</strong> addName = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L1007" href="#L1007">1007</a> <strong class="jxr_keyword">for</strong> (Vulnerability v : d.getVulnerabilities()) {
<a class="jxr_linenumber" name="L1008" href="#L1008">1008</a> <strong class="jxr_keyword">if</strong> (v.getCvssScore() &gt;= failBuildOnCVSS) {
<a class="jxr_linenumber" name="L1009" href="#L1009">1009</a> <strong class="jxr_keyword">if</strong> (addName) {
<a class="jxr_linenumber" name="L1010" href="#L1010">1010</a> addName = false;
<a class="jxr_linenumber" name="L1011" href="#L1011">1011</a> ids.append(NEW_LINE).append(d.getFileName()).append(<span class="jxr_string">": "</span>);
<a class="jxr_linenumber" name="L1012" href="#L1012">1012</a> ids.append(v.getName());
<a class="jxr_linenumber" name="L1013" href="#L1013">1013</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L1014" href="#L1014">1014</a> ids.append(<span class="jxr_string">", "</span>).append(v.getName());
<a class="jxr_linenumber" name="L1015" href="#L1015">1015</a> }
<a class="jxr_linenumber" name="L953" href="#L953">953</a> <strong class="jxr_keyword">return</strong> engine;
<a class="jxr_linenumber" name="L954" href="#L954">954</a> }
<a class="jxr_linenumber" name="L955" href="#L955">955</a>
<a class="jxr_linenumber" name="L956" href="#L956">956</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L957" href="#L957">957</a> <em class="jxr_javadoccomment"> * Checks to see if a vulnerability has been identified with a CVSS score that is above the threshold set in the</em>
<a class="jxr_linenumber" name="L958" href="#L958">958</a> <em class="jxr_javadoccomment"> * configuration.</em>
<a class="jxr_linenumber" name="L959" href="#L959">959</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L960" href="#L960">960</a> <em class="jxr_javadoccomment"> * @param dependencies the list of dependency objects</em>
<a class="jxr_linenumber" name="L961" href="#L961">961</a> <em class="jxr_javadoccomment"> * @throws org.owasp.dependencycheck.exception.ScanAgentException thrown if there is an exception executing the scan.</em>
<a class="jxr_linenumber" name="L962" href="#L962">962</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L963" href="#L963">963</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> checkForFailure(List&lt;Dependency&gt; dependencies) <strong class="jxr_keyword">throws</strong> ScanAgentException {
<a class="jxr_linenumber" name="L964" href="#L964">964</a> <strong class="jxr_keyword">final</strong> StringBuilder ids = <strong class="jxr_keyword">new</strong> StringBuilder();
<a class="jxr_linenumber" name="L965" href="#L965">965</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencies) {
<a class="jxr_linenumber" name="L966" href="#L966">966</a> <strong class="jxr_keyword">boolean</strong> addName = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L967" href="#L967">967</a> <strong class="jxr_keyword">for</strong> (Vulnerability v : d.getVulnerabilities()) {
<a class="jxr_linenumber" name="L968" href="#L968">968</a> <strong class="jxr_keyword">if</strong> (v.getCvssScore() &gt;= failBuildOnCVSS) {
<a class="jxr_linenumber" name="L969" href="#L969">969</a> <strong class="jxr_keyword">if</strong> (addName) {
<a class="jxr_linenumber" name="L970" href="#L970">970</a> addName = false;
<a class="jxr_linenumber" name="L971" href="#L971">971</a> ids.append(NEW_LINE).append(d.getFileName()).append(<span class="jxr_string">": "</span>);
<a class="jxr_linenumber" name="L972" href="#L972">972</a> ids.append(v.getName());
<a class="jxr_linenumber" name="L973" href="#L973">973</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L974" href="#L974">974</a> ids.append(<span class="jxr_string">", "</span>).append(v.getName());
<a class="jxr_linenumber" name="L975" href="#L975">975</a> }
<a class="jxr_linenumber" name="L976" href="#L976">976</a> }
<a class="jxr_linenumber" name="L977" href="#L977">977</a> }
<a class="jxr_linenumber" name="L978" href="#L978">978</a> }
<a class="jxr_linenumber" name="L979" href="#L979">979</a> <strong class="jxr_keyword">if</strong> (ids.length() &gt; 0) {
<a class="jxr_linenumber" name="L980" href="#L980">980</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"%n%nDependency-Check Failure:%n"</span>
<a class="jxr_linenumber" name="L981" href="#L981">981</a> + <span class="jxr_string">"One or more dependencies were identified with vulnerabilities that have a CVSS score greater then '%.1f': %s%n"</span>
<a class="jxr_linenumber" name="L982" href="#L982">982</a> + <span class="jxr_string">"See the dependency-check report for more details.%n%n"</span>, failBuildOnCVSS, ids.toString());
<a class="jxr_linenumber" name="L983" href="#L983">983</a>
<a class="jxr_linenumber" name="L984" href="#L984">984</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/ScanAgentException.html">ScanAgentException</a>(msg);
<a class="jxr_linenumber" name="L985" href="#L985">985</a> }
<a class="jxr_linenumber" name="L986" href="#L986">986</a> }
<a class="jxr_linenumber" name="L987" href="#L987">987</a>
<a class="jxr_linenumber" name="L988" href="#L988">988</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L989" href="#L989">989</a> <em class="jxr_javadoccomment"> * Generates a warning message listing a summary of dependencies and their associated CPE and CVE entries.</em>
<a class="jxr_linenumber" name="L990" href="#L990">990</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L991" href="#L991">991</a> <em class="jxr_javadoccomment"> * @param dependencies a list of dependency objects</em>
<a class="jxr_linenumber" name="L992" href="#L992">992</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L993" href="#L993">993</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> showSummary(List&lt;Dependency&gt; dependencies) {
<a class="jxr_linenumber" name="L994" href="#L994">994</a> <strong class="jxr_keyword">final</strong> StringBuilder summary = <strong class="jxr_keyword">new</strong> StringBuilder();
<a class="jxr_linenumber" name="L995" href="#L995">995</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencies) {
<a class="jxr_linenumber" name="L996" href="#L996">996</a> <strong class="jxr_keyword">boolean</strong> firstEntry = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L997" href="#L997">997</a> <strong class="jxr_keyword">final</strong> StringBuilder ids = <strong class="jxr_keyword">new</strong> StringBuilder();
<a class="jxr_linenumber" name="L998" href="#L998">998</a> <strong class="jxr_keyword">for</strong> (Vulnerability v : d.getVulnerabilities()) {
<a class="jxr_linenumber" name="L999" href="#L999">999</a> <strong class="jxr_keyword">if</strong> (firstEntry) {
<a class="jxr_linenumber" name="L1000" href="#L1000">1000</a> firstEntry = false;
<a class="jxr_linenumber" name="L1001" href="#L1001">1001</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L1002" href="#L1002">1002</a> ids.append(<span class="jxr_string">", "</span>);
<a class="jxr_linenumber" name="L1003" href="#L1003">1003</a> }
<a class="jxr_linenumber" name="L1004" href="#L1004">1004</a> ids.append(v.getName());
<a class="jxr_linenumber" name="L1005" href="#L1005">1005</a> }
<a class="jxr_linenumber" name="L1006" href="#L1006">1006</a> <strong class="jxr_keyword">if</strong> (ids.length() &gt; 0) {
<a class="jxr_linenumber" name="L1007" href="#L1007">1007</a> summary.append(d.getFileName()).append(<span class="jxr_string">" ("</span>);
<a class="jxr_linenumber" name="L1008" href="#L1008">1008</a> firstEntry = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L1009" href="#L1009">1009</a> <strong class="jxr_keyword">for</strong> (Identifier id : d.getIdentifiers()) {
<a class="jxr_linenumber" name="L1010" href="#L1010">1010</a> <strong class="jxr_keyword">if</strong> (firstEntry) {
<a class="jxr_linenumber" name="L1011" href="#L1011">1011</a> firstEntry = false;
<a class="jxr_linenumber" name="L1012" href="#L1012">1012</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L1013" href="#L1013">1013</a> summary.append(<span class="jxr_string">", "</span>);
<a class="jxr_linenumber" name="L1014" href="#L1014">1014</a> }
<a class="jxr_linenumber" name="L1015" href="#L1015">1015</a> summary.append(id.getValue());
<a class="jxr_linenumber" name="L1016" href="#L1016">1016</a> }
<a class="jxr_linenumber" name="L1017" href="#L1017">1017</a> }
<a class="jxr_linenumber" name="L1018" href="#L1018">1018</a> }
<a class="jxr_linenumber" name="L1019" href="#L1019">1019</a> <strong class="jxr_keyword">if</strong> (ids.length() &gt; 0) {
<a class="jxr_linenumber" name="L1020" href="#L1020">1020</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"%n%nDependency-Check Failure:%n"</span>
<a class="jxr_linenumber" name="L1021" href="#L1021">1021</a> + <span class="jxr_string">"One or more dependencies were identified with vulnerabilities that have a CVSS score greater then '%.1f': %s%n"</span>
<a class="jxr_linenumber" name="L1022" href="#L1022">1022</a> + <span class="jxr_string">"See the dependency-check report for more details.%n%n"</span>, failBuildOnCVSS, ids.toString());
<a class="jxr_linenumber" name="L1023" href="#L1023">1023</a>
<a class="jxr_linenumber" name="L1024" href="#L1024">1024</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/ScanAgentException.html">ScanAgentException</a>(msg);
<a class="jxr_linenumber" name="L1025" href="#L1025">1025</a> }
<a class="jxr_linenumber" name="L1026" href="#L1026">1026</a> }
<a class="jxr_linenumber" name="L1027" href="#L1027">1027</a>
<a class="jxr_linenumber" name="L1028" href="#L1028">1028</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L1029" href="#L1029">1029</a> <em class="jxr_javadoccomment"> * Generates a warning message listing a summary of dependencies and their associated CPE and CVE entries.</em>
<a class="jxr_linenumber" name="L1030" href="#L1030">1030</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L1031" href="#L1031">1031</a> <em class="jxr_javadoccomment"> * @param dependencies a list of dependency objects</em>
<a class="jxr_linenumber" name="L1032" href="#L1032">1032</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L1033" href="#L1033">1033</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> showSummary(List&lt;Dependency&gt; dependencies) {
<a class="jxr_linenumber" name="L1034" href="#L1034">1034</a> <strong class="jxr_keyword">final</strong> StringBuilder summary = <strong class="jxr_keyword">new</strong> StringBuilder();
<a class="jxr_linenumber" name="L1035" href="#L1035">1035</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencies) {
<a class="jxr_linenumber" name="L1036" href="#L1036">1036</a> <strong class="jxr_keyword">boolean</strong> firstEntry = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L1037" href="#L1037">1037</a> <strong class="jxr_keyword">final</strong> StringBuilder ids = <strong class="jxr_keyword">new</strong> StringBuilder();
<a class="jxr_linenumber" name="L1038" href="#L1038">1038</a> <strong class="jxr_keyword">for</strong> (Vulnerability v : d.getVulnerabilities()) {
<a class="jxr_linenumber" name="L1039" href="#L1039">1039</a> <strong class="jxr_keyword">if</strong> (firstEntry) {
<a class="jxr_linenumber" name="L1040" href="#L1040">1040</a> firstEntry = false;
<a class="jxr_linenumber" name="L1041" href="#L1041">1041</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L1042" href="#L1042">1042</a> ids.append(<span class="jxr_string">", "</span>);
<a class="jxr_linenumber" name="L1043" href="#L1043">1043</a> }
<a class="jxr_linenumber" name="L1044" href="#L1044">1044</a> ids.append(v.getName());
<a class="jxr_linenumber" name="L1045" href="#L1045">1045</a> }
<a class="jxr_linenumber" name="L1046" href="#L1046">1046</a> <strong class="jxr_keyword">if</strong> (ids.length() &gt; 0) {
<a class="jxr_linenumber" name="L1047" href="#L1047">1047</a> summary.append(d.getFileName()).append(<span class="jxr_string">" ("</span>);
<a class="jxr_linenumber" name="L1048" href="#L1048">1048</a> firstEntry = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L1049" href="#L1049">1049</a> <strong class="jxr_keyword">for</strong> (Identifier id : d.getIdentifiers()) {
<a class="jxr_linenumber" name="L1050" href="#L1050">1050</a> <strong class="jxr_keyword">if</strong> (firstEntry) {
<a class="jxr_linenumber" name="L1051" href="#L1051">1051</a> firstEntry = false;
<a class="jxr_linenumber" name="L1052" href="#L1052">1052</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L1053" href="#L1053">1053</a> summary.append(<span class="jxr_string">", "</span>);
<a class="jxr_linenumber" name="L1054" href="#L1054">1054</a> }
<a class="jxr_linenumber" name="L1055" href="#L1055">1055</a> summary.append(id.getValue());
<a class="jxr_linenumber" name="L1056" href="#L1056">1056</a> }
<a class="jxr_linenumber" name="L1057" href="#L1057">1057</a> summary.append(<span class="jxr_string">") : "</span>).append(ids).append(NEW_LINE);
<a class="jxr_linenumber" name="L1058" href="#L1058">1058</a> }
<a class="jxr_linenumber" name="L1059" href="#L1059">1059</a> }
<a class="jxr_linenumber" name="L1060" href="#L1060">1060</a> <strong class="jxr_keyword">if</strong> (summary.length() &gt; 0) {
<a class="jxr_linenumber" name="L1061" href="#L1061">1061</a> LOGGER.warn(<span class="jxr_string">"\n\nOne or more dependencies were identified with known vulnerabilities:\n\n{}\n\n"</span>
<a class="jxr_linenumber" name="L1062" href="#L1062">1062</a> + <span class="jxr_string">"See the dependency-check report for more details.\n\n"</span>,
<a class="jxr_linenumber" name="L1063" href="#L1063">1063</a> summary.toString());
<a class="jxr_linenumber" name="L1064" href="#L1064">1064</a> }
<a class="jxr_linenumber" name="L1065" href="#L1065">1065</a> }
<a class="jxr_linenumber" name="L1066" href="#L1066">1066</a>
<a class="jxr_linenumber" name="L1067" href="#L1067">1067</a> }
<a class="jxr_linenumber" name="L1017" href="#L1017">1017</a> summary.append(<span class="jxr_string">") : "</span>).append(ids).append(NEW_LINE);
<a class="jxr_linenumber" name="L1018" href="#L1018">1018</a> }
<a class="jxr_linenumber" name="L1019" href="#L1019">1019</a> }
<a class="jxr_linenumber" name="L1020" href="#L1020">1020</a> <strong class="jxr_keyword">if</strong> (summary.length() &gt; 0) {
<a class="jxr_linenumber" name="L1021" href="#L1021">1021</a> LOGGER.warn(<span class="jxr_string">"\n\nOne or more dependencies were identified with known vulnerabilities:\n\n{}\n\n"</span>
<a class="jxr_linenumber" name="L1022" href="#L1022">1022</a> + <span class="jxr_string">"See the dependency-check report for more details.\n\n"</span>,
<a class="jxr_linenumber" name="L1023" href="#L1023">1023</a> summary.toString());
<a class="jxr_linenumber" name="L1024" href="#L1024">1024</a> }
<a class="jxr_linenumber" name="L1025" href="#L1025">1025</a> }
<a class="jxr_linenumber" name="L1026" href="#L1026">1026</a>
<a class="jxr_linenumber" name="L1027" href="#L1027">1027</a> }
</pre>
<hr/>
<div id="footer">Copyright &#169; 2012&#x2013;2015 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>