diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java
index 099a566a3..e3d180a3a 100644
--- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java
+++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java
@@ -29,7 +29,6 @@ import org.apache.commons.cli.OptionGroup;
import org.apache.commons.cli.Options;
import org.apache.commons.cli.ParseException;
import org.apache.commons.cli.PosixParser;
-import org.owasp.dependencycheck.reporting.ReportGenerator;
import org.owasp.dependencycheck.reporting.ReportGenerator.Format;
import org.owasp.dependencycheck.utils.Settings;
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/Index.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/Index.java
index 86cd8e27a..9c1563ac3 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/Index.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/Index.java
@@ -66,12 +66,11 @@ public class Index extends AbstractIndex {
* @throws IOException is thrown if an IOException occurs of course...
*/
public File getDataDirectory() throws IOException {
- final String fileName = Settings.getString(Settings.KEYS.CPE_DATA_DIRECTORY);
- final String dataDirectory = Settings.getString(Settings.KEYS.DATA_DIRECTORY);
- //final File path = FileUtils.getDataDirectory(fileName, Index.class);
- final File path = new File(dataDirectory, fileName);
- if (!path.exists() && !path.mkdirs()) {
- throw new IOException("Unable to create CPE Data directory");
+ final File path = Settings.getFile(Settings.KEYS.CPE_DATA_DIRECTORY);
+ if (!path.exists()) {
+ if (!path.mkdirs()) {
+ throw new IOException("Unable to create CPE Data directory");
+ }
}
return path;
}
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
index 7c4502384..cdf85925a 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
@@ -523,9 +523,7 @@ public class CveDB {
* @throws IOException is thrown if an IOException occurs of course...
*/
public static File getDataDirectory() throws IOException {
- final String fileName = Settings.getString(Settings.KEYS.CVE_DATA_DIRECTORY);
- final String dataDirectory = Settings.getString(Settings.KEYS.DATA_DIRECTORY);
- final File path = new File(dataDirectory, fileName);
+ final File path = Settings.getFile(Settings.KEYS.CVE_DATA_DIRECTORY);
if (!path.exists()) {
if (!path.mkdirs()) {
throw new IOException("Unable to create NVD CVE Data directory");
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java
index 79f0a6cf1..893d7466e 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java
@@ -23,6 +23,8 @@ import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -252,16 +254,48 @@ public final class Settings {
* argument - this method will return the value from the system properties
* before the values in the contained configuration file.
*
+ * This method will also replace a leading "[JAR]\" sequence with the path
+ * to the folder containing the JAR file containing this class.
+ *
* @param key the key to lookup within the properties file
* @return the property from the properties file converted to a File object
+ * @throws IOException thrown if the file path to the JAR cannot be found
*/
- public static File getFile(String key) {
+ public static File getFile(String key) throws IOException {
+ final String file = getString(key);
final String baseDir = getString(Settings.KEYS.DATA_DIRECTORY);
- final String tmp = getString(key);
if (baseDir != null) {
- return new File(baseDir, tmp);
+ if (baseDir.startsWith("[JAR]/")) {
+ final File jarPath = getJarPath();
+ final File newBase = new File(jarPath.getCanonicalPath(), baseDir.substring(6));
+ return new File(newBase, file);
+ }
+ return new File(baseDir, file);
+ }
+ return new File(file);
+ }
+
+ /**
+ * Attempts to retrieve the folder containing the Jar file containing the
+ * Settings class.
+ *
+ * @return a File object
+ */
+ private static File getJarPath() {
+ final String jarPath = Settings.class.getProtectionDomain().getCodeSource().getLocation().getPath();
+ String decodedPath = ".";
+ try {
+ decodedPath = URLDecoder.decode(jarPath, "UTF-8");
+ } catch (UnsupportedEncodingException ex) {
+ Logger.getLogger(Settings.class.getName()).log(Level.FINEST, null, ex);
+ }
+
+ final File path = new File(decodedPath);
+ if (path.getName().toLowerCase().endsWith(".jar")) {
+ return path.getParentFile();
+ } else {
+ return new File(".");
}
- return new File(tmp);
}
/**
diff --git a/dependency-check-core/src/main/resources/dependencycheck.properties b/dependency-check-core/src/main/resources/dependencycheck.properties
index f138fb7f7..b56a26bfe 100644
--- a/dependency-check-core/src/main/resources/dependencycheck.properties
+++ b/dependency-check-core/src/main/resources/dependencycheck.properties
@@ -5,8 +5,8 @@ autoupdate=true
#temp.directory defaults to System.getProperty("java.io.tmpdir")
#temp.directory=[path to temp directory]
-# the path to the data directory
-data.directory=data
+# the path to the data directory; if tis
+data.directory=[JAR]/data
# the path to the lucene index to store the cpe data
data.cpe=cpe
# the path to the h2 database to store the nvd cve data
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java
index f19c3dc6c..7677ef523 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java
@@ -67,7 +67,7 @@ public class DownloaderIntegrationTest {
String outputPath = "target/downloaded_cpe.xml";
Downloader.fetchFile(url, outputPath, true);
- url = new URL("http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2010.xml");
+ url = new URL(Settings.getString(Settings.KEYS.CVE_MODIFIED_20_URL));
outputPath = "target/downloaded_cve.xml";
Downloader.fetchFile(url, outputPath, false);
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java
index 2fd1755a7..a574d4029 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java
@@ -67,7 +67,7 @@ public class SettingsTest {
* Test of getFile method, of class Settings.
*/
@Test
- public void testGetFile() {
+ public void testGetFile() throws IOException {
String key = Settings.KEYS.CPE_DATA_DIRECTORY;
String expResult = "data" + File.separator + "cpe";
File result = Settings.getFile(key);
diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index d5ae8c2ef..93ab60e71 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -279,6 +279,11 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
maven-core
3.0
+
+ org.apache.maven.plugins
+ maven-site-plugin
+ 3.0
+
org.apache.maven.plugin-tools
maven-plugin-annotations
diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java
index a92c25716..688c26629 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java
@@ -67,6 +67,10 @@ import org.owasp.dependencycheck.utils.Settings;
requiresOnline = true)
public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageReport {
+ /**
+ * The properties file location.
+ */
+ private static final String PROPERTIES_FILE = "mojo.properties";
/**
* Name of the logging properties file.
*/
@@ -619,6 +623,23 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
* proxy url, port, and connection timeout.
*/
private void populateSettings() {
+ InputStream mojoProperties = null;
+ try {
+ mojoProperties = this.getClass().getClassLoader().getResourceAsStream(PROPERTIES_FILE);
+ Settings.mergeProperties(mojoProperties);
+ } catch (IOException ex) {
+ Logger.getLogger(DependencyCheckMojo.class.getName()).log(Level.WARNING, "Unable to load the dependency-check ant task.properties file.");
+ Logger.getLogger(DependencyCheckMojo.class.getName()).log(Level.FINE, null, ex);
+ } finally {
+ if (mojoProperties != null) {
+ try {
+ mojoProperties.close();
+ } catch (IOException ex) {
+ Logger.getLogger(DependencyCheckMojo.class.getName()).log(Level.FINEST, null, ex);
+ }
+ }
+ }
+
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
if (proxyUrl != null && !proxyUrl.isEmpty()) {
diff --git a/dependency-check-maven/src/main/resources/mojo.properties b/dependency-check-maven/src/main/resources/mojo.properties
new file mode 100644
index 000000000..eadab9896
--- /dev/null
+++ b/dependency-check-maven/src/main/resources/mojo.properties
@@ -0,0 +1,2 @@
+# the path to the data directory
+data.directory=[JAR]/../../dependency-check-data
diff --git a/dependency-check-maven/src/test/java/org/owasp/dependencycheck/maven/MySink.java b/dependency-check-maven/src/test/java/org/owasp/dependencycheck/maven/MySink.java
index 30f17e819..c785cf66c 100644
--- a/dependency-check-maven/src/test/java/org/owasp/dependencycheck/maven/MySink.java
+++ b/dependency-check-maven/src/test/java/org/owasp/dependencycheck/maven/MySink.java
@@ -23,7 +23,9 @@ import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.util.logging.Level;
import java.util.logging.Logger;
+import org.apache.maven.doxia.logging.Log;
import org.apache.maven.doxia.sink.Sink;
+import org.apache.maven.doxia.sink.SinkEventAttributes;
/**
*
@@ -419,4 +421,179 @@ public class MySink implements Sink {
Logger.getLogger(MySink.class.getName()).log(Level.FINEST, null, ex);
}
}
+
+ @Override
+ public void head(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void title(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void author(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void date(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void body(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void section(int i, SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void section_(int i) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void sectionTitle(int i, SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void sectionTitle_(int i) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void list(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void listItem(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void numberedList(int i, SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void numberedListItem(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void definitionList(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void definitionListItem(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void definition(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void definedTerm(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void figure(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void figureCaption(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void figureGraphics(String string, SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void table(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void tableRow(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void tableCell(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void tableHeaderCell(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void tableCaption(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void paragraph(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void verbatim(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void horizontalRule(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void anchor(String string, SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void link(String string, SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void lineBreak(SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void text(String string, SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void comment(String string) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void unknown(String string, Object[] os, SinkEventAttributes sea) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
+
+ @Override
+ public void enableLogging(Log log) {
+ throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ }
}
diff --git a/pom.xml b/pom.xml
index fcbde9558..ff6b00c9a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -79,8 +79,8 @@ along with Dependency-Check. If not, see .
scm:git:git@github.com:jeremylong/DependencyCheck.git
https://github.com/jeremylong/DependencyCheck.git
scm:git:git@github.com:jeremylong/DependencyCheck.git
- HEAD
-
+ HEAD
+
github
https://github.com/jeremylong/DependencyCheck/issues
@@ -209,6 +209,20 @@ along with Dependency-Check. If not, see .
+
+ org.apache.maven.plugins
+ maven-gpg-plugin
+ 1.4
+
+
+ sign-artifacts
+ verify
+
+ sign
+
+
+
+