From a42c586bb23d24e3d3c2a91df0b6b4d0dffa3966 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Thu, 1 Aug 2013 10:57:44 -0400 Subject: [PATCH] fixed issue with data directory and made a few other minor changes Former-commit-id: 46f89f4deb6b0b55f34ee61c61424f87bf0334d8 --- .../owasp/dependencycheck/cli/CliParser.java | 1 - .../owasp/dependencycheck/data/cpe/Index.java | 11 +- .../dependencycheck/data/nvdcve/CveDB.java | 4 +- .../owasp/dependencycheck/utils/Settings.java | 42 ++++- .../main/resources/dependencycheck.properties | 4 +- .../utils/DownloaderIntegrationTest.java | 2 +- .../dependencycheck/utils/SettingsTest.java | 2 +- dependency-check-maven/pom.xml | 5 + .../maven/DependencyCheckMojo.java | 21 +++ .../src/main/resources/mojo.properties | 2 + .../owasp/dependencycheck/maven/MySink.java | 177 ++++++++++++++++++ pom.xml | 18 +- 12 files changed, 269 insertions(+), 20 deletions(-) create mode 100644 dependency-check-maven/src/main/resources/mojo.properties diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java index 099a566a3..e3d180a3a 100644 --- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java +++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java @@ -29,7 +29,6 @@ import org.apache.commons.cli.OptionGroup; import org.apache.commons.cli.Options; import org.apache.commons.cli.ParseException; import org.apache.commons.cli.PosixParser; -import org.owasp.dependencycheck.reporting.ReportGenerator; import org.owasp.dependencycheck.reporting.ReportGenerator.Format; import org.owasp.dependencycheck.utils.Settings; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/Index.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/Index.java index 86cd8e27a..9c1563ac3 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/Index.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/Index.java @@ -66,12 +66,11 @@ public class Index extends AbstractIndex { * @throws IOException is thrown if an IOException occurs of course... */ public File getDataDirectory() throws IOException { - final String fileName = Settings.getString(Settings.KEYS.CPE_DATA_DIRECTORY); - final String dataDirectory = Settings.getString(Settings.KEYS.DATA_DIRECTORY); - //final File path = FileUtils.getDataDirectory(fileName, Index.class); - final File path = new File(dataDirectory, fileName); - if (!path.exists() && !path.mkdirs()) { - throw new IOException("Unable to create CPE Data directory"); + final File path = Settings.getFile(Settings.KEYS.CPE_DATA_DIRECTORY); + if (!path.exists()) { + if (!path.mkdirs()) { + throw new IOException("Unable to create CPE Data directory"); + } } return path; } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java index 7c4502384..cdf85925a 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java @@ -523,9 +523,7 @@ public class CveDB { * @throws IOException is thrown if an IOException occurs of course... */ public static File getDataDirectory() throws IOException { - final String fileName = Settings.getString(Settings.KEYS.CVE_DATA_DIRECTORY); - final String dataDirectory = Settings.getString(Settings.KEYS.DATA_DIRECTORY); - final File path = new File(dataDirectory, fileName); + final File path = Settings.getFile(Settings.KEYS.CVE_DATA_DIRECTORY); if (!path.exists()) { if (!path.mkdirs()) { throw new IOException("Unable to create NVD CVE Data directory"); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java index 79f0a6cf1..893d7466e 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -23,6 +23,8 @@ import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; +import java.io.UnsupportedEncodingException; +import java.net.URLDecoder; import java.util.Properties; import java.util.logging.Level; import java.util.logging.Logger; @@ -252,16 +254,48 @@ public final class Settings { * argument - this method will return the value from the system properties * before the values in the contained configuration file. * + * This method will also replace a leading "[JAR]\" sequence with the path + * to the folder containing the JAR file containing this class. + * * @param key the key to lookup within the properties file * @return the property from the properties file converted to a File object + * @throws IOException thrown if the file path to the JAR cannot be found */ - public static File getFile(String key) { + public static File getFile(String key) throws IOException { + final String file = getString(key); final String baseDir = getString(Settings.KEYS.DATA_DIRECTORY); - final String tmp = getString(key); if (baseDir != null) { - return new File(baseDir, tmp); + if (baseDir.startsWith("[JAR]/")) { + final File jarPath = getJarPath(); + final File newBase = new File(jarPath.getCanonicalPath(), baseDir.substring(6)); + return new File(newBase, file); + } + return new File(baseDir, file); + } + return new File(file); + } + + /** + * Attempts to retrieve the folder containing the Jar file containing the + * Settings class. + * + * @return a File object + */ + private static File getJarPath() { + final String jarPath = Settings.class.getProtectionDomain().getCodeSource().getLocation().getPath(); + String decodedPath = "."; + try { + decodedPath = URLDecoder.decode(jarPath, "UTF-8"); + } catch (UnsupportedEncodingException ex) { + Logger.getLogger(Settings.class.getName()).log(Level.FINEST, null, ex); + } + + final File path = new File(decodedPath); + if (path.getName().toLowerCase().endsWith(".jar")) { + return path.getParentFile(); + } else { + return new File("."); } - return new File(tmp); } /** diff --git a/dependency-check-core/src/main/resources/dependencycheck.properties b/dependency-check-core/src/main/resources/dependencycheck.properties index f138fb7f7..b56a26bfe 100644 --- a/dependency-check-core/src/main/resources/dependencycheck.properties +++ b/dependency-check-core/src/main/resources/dependencycheck.properties @@ -5,8 +5,8 @@ autoupdate=true #temp.directory defaults to System.getProperty("java.io.tmpdir") #temp.directory=[path to temp directory] -# the path to the data directory -data.directory=data +# the path to the data directory; if tis +data.directory=[JAR]/data # the path to the lucene index to store the cpe data data.cpe=cpe # the path to the h2 database to store the nvd cve data diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java index f19c3dc6c..7677ef523 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java @@ -67,7 +67,7 @@ public class DownloaderIntegrationTest { String outputPath = "target/downloaded_cpe.xml"; Downloader.fetchFile(url, outputPath, true); - url = new URL("http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2010.xml"); + url = new URL(Settings.getString(Settings.KEYS.CVE_MODIFIED_20_URL)); outputPath = "target/downloaded_cve.xml"; Downloader.fetchFile(url, outputPath, false); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java index 2fd1755a7..a574d4029 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java @@ -67,7 +67,7 @@ public class SettingsTest { * Test of getFile method, of class Settings. */ @Test - public void testGetFile() { + public void testGetFile() throws IOException { String key = Settings.KEYS.CPE_DATA_DIRECTORY; String expResult = "data" + File.separator + "cpe"; File result = Settings.getFile(key); diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml index d5ae8c2ef..93ab60e71 100644 --- a/dependency-check-maven/pom.xml +++ b/dependency-check-maven/pom.xml @@ -279,6 +279,11 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved. maven-core 3.0 + + org.apache.maven.plugins + maven-site-plugin + 3.0 + org.apache.maven.plugin-tools maven-plugin-annotations diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java index a92c25716..688c26629 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java @@ -67,6 +67,10 @@ import org.owasp.dependencycheck.utils.Settings; requiresOnline = true) public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageReport { + /** + * The properties file location. + */ + private static final String PROPERTIES_FILE = "mojo.properties"; /** * Name of the logging properties file. */ @@ -619,6 +623,23 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR * proxy url, port, and connection timeout. */ private void populateSettings() { + InputStream mojoProperties = null; + try { + mojoProperties = this.getClass().getClassLoader().getResourceAsStream(PROPERTIES_FILE); + Settings.mergeProperties(mojoProperties); + } catch (IOException ex) { + Logger.getLogger(DependencyCheckMojo.class.getName()).log(Level.WARNING, "Unable to load the dependency-check ant task.properties file."); + Logger.getLogger(DependencyCheckMojo.class.getName()).log(Level.FINE, null, ex); + } finally { + if (mojoProperties != null) { + try { + mojoProperties.close(); + } catch (IOException ex) { + Logger.getLogger(DependencyCheckMojo.class.getName()).log(Level.FINEST, null, ex); + } + } + } + Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate); if (proxyUrl != null && !proxyUrl.isEmpty()) { diff --git a/dependency-check-maven/src/main/resources/mojo.properties b/dependency-check-maven/src/main/resources/mojo.properties new file mode 100644 index 000000000..eadab9896 --- /dev/null +++ b/dependency-check-maven/src/main/resources/mojo.properties @@ -0,0 +1,2 @@ +# the path to the data directory +data.directory=[JAR]/../../dependency-check-data diff --git a/dependency-check-maven/src/test/java/org/owasp/dependencycheck/maven/MySink.java b/dependency-check-maven/src/test/java/org/owasp/dependencycheck/maven/MySink.java index 30f17e819..c785cf66c 100644 --- a/dependency-check-maven/src/test/java/org/owasp/dependencycheck/maven/MySink.java +++ b/dependency-check-maven/src/test/java/org/owasp/dependencycheck/maven/MySink.java @@ -23,7 +23,9 @@ import java.io.OutputStream; import java.io.OutputStreamWriter; import java.util.logging.Level; import java.util.logging.Logger; +import org.apache.maven.doxia.logging.Log; import org.apache.maven.doxia.sink.Sink; +import org.apache.maven.doxia.sink.SinkEventAttributes; /** * @@ -419,4 +421,179 @@ public class MySink implements Sink { Logger.getLogger(MySink.class.getName()).log(Level.FINEST, null, ex); } } + + @Override + public void head(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void title(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void author(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void date(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void body(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void section(int i, SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void section_(int i) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void sectionTitle(int i, SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void sectionTitle_(int i) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void list(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void listItem(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void numberedList(int i, SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void numberedListItem(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void definitionList(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void definitionListItem(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void definition(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void definedTerm(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void figure(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void figureCaption(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void figureGraphics(String string, SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void table(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void tableRow(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void tableCell(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void tableHeaderCell(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void tableCaption(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void paragraph(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void verbatim(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void horizontalRule(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void anchor(String string, SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void link(String string, SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void lineBreak(SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void text(String string, SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void comment(String string) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void unknown(String string, Object[] os, SinkEventAttributes sea) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } + + @Override + public void enableLogging(Log log) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } } diff --git a/pom.xml b/pom.xml index fcbde9558..ff6b00c9a 100644 --- a/pom.xml +++ b/pom.xml @@ -79,8 +79,8 @@ along with Dependency-Check. If not, see . scm:git:git@github.com:jeremylong/DependencyCheck.git https://github.com/jeremylong/DependencyCheck.git scm:git:git@github.com:jeremylong/DependencyCheck.git - HEAD - + HEAD + github https://github.com/jeremylong/DependencyCheck/issues @@ -209,6 +209,20 @@ along with Dependency-Check. If not, see . + + org.apache.maven.plugins + maven-gpg-plugin + 1.4 + + + sign-artifacts + verify + + sign + + + +