|
|
|
|
@@ -761,265 +761,290 @@
|
|
|
|
|
<a class="jxr_linenumber" name="L753" href="#L753">753</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> setCveUrl20Base(String cveUrl20Base) {
|
|
|
|
|
<a class="jxr_linenumber" name="L754" href="#L754">754</a> <strong class="jxr_keyword">this</strong>.cveUrl20Base = cveUrl20Base;
|
|
|
|
|
<a class="jxr_linenumber" name="L755" href="#L755">755</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L756" href="#L756">756</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L757" href="#L757">757</a> @Override
|
|
|
|
|
<a class="jxr_linenumber" name="L758" href="#L758">758</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> execute() <strong class="jxr_keyword">throws</strong> BuildException {
|
|
|
|
|
<a class="jxr_linenumber" name="L759" href="#L759">759</a> <strong class="jxr_keyword">final</strong> InputStream in = DependencyCheckTask.<strong class="jxr_keyword">class</strong>.getClassLoader().getResourceAsStream(LOG_PROPERTIES_FILE);
|
|
|
|
|
<a class="jxr_linenumber" name="L760" href="#L760">760</a> LogUtils.prepareLogger(in, logFile);
|
|
|
|
|
<a class="jxr_linenumber" name="L761" href="#L761">761</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L762" href="#L762">762</a> dealWithReferences();
|
|
|
|
|
<a class="jxr_linenumber" name="L763" href="#L763">763</a> validateConfiguration();
|
|
|
|
|
<a class="jxr_linenumber" name="L764" href="#L764">764</a> populateSettings();
|
|
|
|
|
<a class="jxr_linenumber" name="L765" href="#L765">765</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L766" href="#L766">766</a> Engine engine = <strong class="jxr_keyword">null</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L767" href="#L767">767</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L768" href="#L768">768</a> engine = <strong class="jxr_keyword">new</strong> Engine();
|
|
|
|
|
<a class="jxr_linenumber" name="L756" href="#L756">756</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L757" href="#L757">757</a> <em class="jxr_javadoccomment"> * The path to Mono for .NET assembly analysis on non-windows systems.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L758" href="#L758">758</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L759" href="#L759">759</a> <strong class="jxr_keyword">private</strong> String pathToMono;
|
|
|
|
|
<a class="jxr_linenumber" name="L760" href="#L760">760</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L761" href="#L761">761</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L762" href="#L762">762</a> <em class="jxr_javadoccomment"> * Get the value of pathToMono.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L763" href="#L763">763</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L764" href="#L764">764</a> <em class="jxr_javadoccomment"> * @return the value of pathToMono</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L765" href="#L765">765</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L766" href="#L766">766</a> <strong class="jxr_keyword">public</strong> String getPathToMono() {
|
|
|
|
|
<a class="jxr_linenumber" name="L767" href="#L767">767</a> <strong class="jxr_keyword">return</strong> pathToMono;
|
|
|
|
|
<a class="jxr_linenumber" name="L768" href="#L768">768</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L769" href="#L769">769</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L770" href="#L770">770</a> <strong class="jxr_keyword">for</strong> (Resource resource : path) {
|
|
|
|
|
<a class="jxr_linenumber" name="L771" href="#L771">771</a> <strong class="jxr_keyword">final</strong> FileProvider provider = resource.as(FileProvider.<strong class="jxr_keyword">class</strong>);
|
|
|
|
|
<a class="jxr_linenumber" name="L772" href="#L772">772</a> <strong class="jxr_keyword">if</strong> (provider != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L773" href="#L773">773</a> <strong class="jxr_keyword">final</strong> File file = provider.getFile();
|
|
|
|
|
<a class="jxr_linenumber" name="L774" href="#L774">774</a> <strong class="jxr_keyword">if</strong> (file != <strong class="jxr_keyword">null</strong> && file.exists()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L775" href="#L775">775</a> engine.scan(file);
|
|
|
|
|
<a class="jxr_linenumber" name="L776" href="#L776">776</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L777" href="#L777">777</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L778" href="#L778">778</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L779" href="#L779">779</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L780" href="#L780">780</a> engine.analyzeDependencies();
|
|
|
|
|
<a class="jxr_linenumber" name="L781" href="#L781">781</a> DatabaseProperties prop = <strong class="jxr_keyword">null</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L782" href="#L782">782</a> CveDB cve = <strong class="jxr_keyword">null</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L783" href="#L783">783</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L784" href="#L784">784</a> cve = <strong class="jxr_keyword">new</strong> CveDB();
|
|
|
|
|
<a class="jxr_linenumber" name="L785" href="#L785">785</a> cve.open();
|
|
|
|
|
<a class="jxr_linenumber" name="L786" href="#L786">786</a> prop = cve.getDatabaseProperties();
|
|
|
|
|
<a class="jxr_linenumber" name="L787" href="#L787">787</a> } <strong class="jxr_keyword">catch</strong> (DatabaseException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L788" href="#L788">788</a> Logger.getLogger(DependencyCheckTask.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, <span class="jxr_string">"Unable to retrieve DB Properties"</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L789" href="#L789">789</a> } <strong class="jxr_keyword">finally</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L790" href="#L790">790</a> <strong class="jxr_keyword">if</strong> (cve != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L791" href="#L791">791</a> cve.close();
|
|
|
|
|
<a class="jxr_linenumber" name="L792" href="#L792">792</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L793" href="#L793">793</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L794" href="#L794">794</a> <strong class="jxr_keyword">final</strong> ReportGenerator reporter = <strong class="jxr_keyword">new</strong> ReportGenerator(applicationName, engine.getDependencies(), engine.getAnalyzers(), prop);
|
|
|
|
|
<a class="jxr_linenumber" name="L795" href="#L795">795</a> reporter.generateReports(reportOutputDirectory, reportFormat);
|
|
|
|
|
<a class="jxr_linenumber" name="L796" href="#L796">796</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L797" href="#L797">797</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">this</strong>.failBuildOnCVSS <= 10) {
|
|
|
|
|
<a class="jxr_linenumber" name="L798" href="#L798">798</a> checkForFailure(engine.getDependencies());
|
|
|
|
|
<a class="jxr_linenumber" name="L770" href="#L770">770</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L771" href="#L771">771</a> <em class="jxr_javadoccomment"> * Set the value of pathToMono.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L772" href="#L772">772</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L773" href="#L773">773</a> <em class="jxr_javadoccomment"> * @param pathToMono new value of pathToMono</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L774" href="#L774">774</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L775" href="#L775">775</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> setPathToMono(String pathToMono) {
|
|
|
|
|
<a class="jxr_linenumber" name="L776" href="#L776">776</a> <strong class="jxr_keyword">this</strong>.pathToMono = pathToMono;
|
|
|
|
|
<a class="jxr_linenumber" name="L777" href="#L777">777</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L778" href="#L778">778</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L779" href="#L779">779</a> @Override
|
|
|
|
|
<a class="jxr_linenumber" name="L780" href="#L780">780</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> execute() <strong class="jxr_keyword">throws</strong> BuildException {
|
|
|
|
|
<a class="jxr_linenumber" name="L781" href="#L781">781</a> <strong class="jxr_keyword">final</strong> InputStream in = DependencyCheckTask.<strong class="jxr_keyword">class</strong>.getClassLoader().getResourceAsStream(LOG_PROPERTIES_FILE);
|
|
|
|
|
<a class="jxr_linenumber" name="L782" href="#L782">782</a> LogUtils.prepareLogger(in, logFile);
|
|
|
|
|
<a class="jxr_linenumber" name="L783" href="#L783">783</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L784" href="#L784">784</a> dealWithReferences();
|
|
|
|
|
<a class="jxr_linenumber" name="L785" href="#L785">785</a> validateConfiguration();
|
|
|
|
|
<a class="jxr_linenumber" name="L786" href="#L786">786</a> populateSettings();
|
|
|
|
|
<a class="jxr_linenumber" name="L787" href="#L787">787</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L788" href="#L788">788</a> Engine engine = <strong class="jxr_keyword">null</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L789" href="#L789">789</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L790" href="#L790">790</a> engine = <strong class="jxr_keyword">new</strong> Engine();
|
|
|
|
|
<a class="jxr_linenumber" name="L791" href="#L791">791</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L792" href="#L792">792</a> <strong class="jxr_keyword">for</strong> (Resource resource : path) {
|
|
|
|
|
<a class="jxr_linenumber" name="L793" href="#L793">793</a> <strong class="jxr_keyword">final</strong> FileProvider provider = resource.as(FileProvider.<strong class="jxr_keyword">class</strong>);
|
|
|
|
|
<a class="jxr_linenumber" name="L794" href="#L794">794</a> <strong class="jxr_keyword">if</strong> (provider != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L795" href="#L795">795</a> <strong class="jxr_keyword">final</strong> File file = provider.getFile();
|
|
|
|
|
<a class="jxr_linenumber" name="L796" href="#L796">796</a> <strong class="jxr_keyword">if</strong> (file != <strong class="jxr_keyword">null</strong> && file.exists()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L797" href="#L797">797</a> engine.scan(file);
|
|
|
|
|
<a class="jxr_linenumber" name="L798" href="#L798">798</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L799" href="#L799">799</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L800" href="#L800">800</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">this</strong>.showSummary) {
|
|
|
|
|
<a class="jxr_linenumber" name="L801" href="#L801">801</a> showSummary(engine.getDependencies());
|
|
|
|
|
<a class="jxr_linenumber" name="L802" href="#L802">802</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L803" href="#L803">803</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L804" href="#L804">804</a> Logger.getLogger(DependencyCheckTask.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE,
|
|
|
|
|
<a class="jxr_linenumber" name="L805" href="#L805">805</a> <span class="jxr_string">"Unable to generate dependency-check report"</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L806" href="#L806">806</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> BuildException(<span class="jxr_string">"Unable to generate dependency-check report"</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L807" href="#L807">807</a> } <strong class="jxr_keyword">catch</strong> (Exception ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L808" href="#L808">808</a> Logger.getLogger(DependencyCheckTask.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE,
|
|
|
|
|
<a class="jxr_linenumber" name="L809" href="#L809">809</a> <span class="jxr_string">"An exception occurred; unable to continue task"</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L810" href="#L810">810</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> BuildException(<span class="jxr_string">"An exception occurred; unable to continue task"</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L811" href="#L811">811</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L812" href="#L812">812</a> } <strong class="jxr_keyword">catch</strong> (DatabaseException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L813" href="#L813">813</a> Logger.getLogger(DependencyCheckTask.<strong class="jxr_keyword">class</strong>.getName()).log(Level.SEVERE,
|
|
|
|
|
<a class="jxr_linenumber" name="L814" href="#L814">814</a> <span class="jxr_string">"Unable to connect to the dependency-check database; analysis has stopped"</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L815" href="#L815">815</a> Logger.getLogger(DependencyCheckTask.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, <span class="jxr_string">""</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L816" href="#L816">816</a> } <strong class="jxr_keyword">finally</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L817" href="#L817">817</a> <strong class="jxr_keyword">if</strong> (engine != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L818" href="#L818">818</a> engine.cleanup();
|
|
|
|
|
<a class="jxr_linenumber" name="L819" href="#L819">819</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L820" href="#L820">820</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L821" href="#L821">821</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L822" href="#L822">822</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L823" href="#L823">823</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L824" href="#L824">824</a> <em class="jxr_javadoccomment"> * Validate the configuration to ensure the parameters have been properly configured/initialized.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L825" href="#L825">825</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L826" href="#L826">826</a> <em class="jxr_javadoccomment"> * @throws BuildException if the task was not configured correctly.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L827" href="#L827">827</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L828" href="#L828">828</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> validateConfiguration() <strong class="jxr_keyword">throws</strong> BuildException {
|
|
|
|
|
<a class="jxr_linenumber" name="L829" href="#L829">829</a> <strong class="jxr_keyword">if</strong> (path == <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L830" href="#L830">830</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> BuildException(<span class="jxr_string">"No project dependencies have been defined to analyze."</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L831" href="#L831">831</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L832" href="#L832">832</a> <strong class="jxr_keyword">if</strong> (failBuildOnCVSS < 0 || failBuildOnCVSS > 11) {
|
|
|
|
|
<a class="jxr_linenumber" name="L833" href="#L833">833</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> BuildException(<span class="jxr_string">"Invalid configuration, failBuildOnCVSS must be between 0 and 11."</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L834" href="#L834">834</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L835" href="#L835">835</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L836" href="#L836">836</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L837" href="#L837">837</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L838" href="#L838">838</a> <em class="jxr_javadoccomment"> * Takes the properties supplied and updates the dependency-check settings. Additionally, this sets the system</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L839" href="#L839">839</a> <em class="jxr_javadoccomment"> * properties required to change the proxy url, port, and connection timeout.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L840" href="#L840">840</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L841" href="#L841">841</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> populateSettings() {
|
|
|
|
|
<a class="jxr_linenumber" name="L842" href="#L842">842</a> InputStream taskProperties = <strong class="jxr_keyword">null</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L843" href="#L843">843</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L844" href="#L844">844</a> taskProperties = <strong class="jxr_keyword">this</strong>.getClass().getClassLoader().getResourceAsStream(PROPERTIES_FILE);
|
|
|
|
|
<a class="jxr_linenumber" name="L845" href="#L845">845</a> Settings.mergeProperties(taskProperties);
|
|
|
|
|
<a class="jxr_linenumber" name="L846" href="#L846">846</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L847" href="#L847">847</a> Logger.getLogger(DependencyCheckTask.<strong class="jxr_keyword">class</strong>.getName()).log(Level.WARNING, <span class="jxr_string">"Unable to load the dependency-check ant task.properties file."</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L848" href="#L848">848</a> Logger.getLogger(DependencyCheckTask.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L849" href="#L849">849</a> } <strong class="jxr_keyword">finally</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L850" href="#L850">850</a> <strong class="jxr_keyword">if</strong> (taskProperties != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L851" href="#L851">851</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L852" href="#L852">852</a> taskProperties.close();
|
|
|
|
|
<a class="jxr_linenumber" name="L853" href="#L853">853</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L854" href="#L854">854</a> Logger.getLogger(DependencyCheckTask.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L855" href="#L855">855</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L856" href="#L856">856</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L857" href="#L857">857</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L858" href="#L858">858</a> <strong class="jxr_keyword">if</strong> (dataDirectory != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L859" href="#L859">859</a> Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDirectory);
|
|
|
|
|
<a class="jxr_linenumber" name="L860" href="#L860">860</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L861" href="#L861">861</a> <strong class="jxr_keyword">final</strong> File jarPath = <strong class="jxr_keyword">new</strong> File(DependencyCheckTask.<strong class="jxr_keyword">class</strong>.getProtectionDomain().getCodeSource().getLocation().getPath());
|
|
|
|
|
<a class="jxr_linenumber" name="L862" href="#L862">862</a> <strong class="jxr_keyword">final</strong> File base = jarPath.getParentFile();
|
|
|
|
|
<a class="jxr_linenumber" name="L863" href="#L863">863</a> <strong class="jxr_keyword">final</strong> String sub = Settings.getString(Settings.KEYS.DATA_DIRECTORY);
|
|
|
|
|
<a class="jxr_linenumber" name="L864" href="#L864">864</a> <strong class="jxr_keyword">final</strong> File dataDir = <strong class="jxr_keyword">new</strong> File(base, sub);
|
|
|
|
|
<a class="jxr_linenumber" name="L865" href="#L865">865</a> Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath());
|
|
|
|
|
<a class="jxr_linenumber" name="L866" href="#L866">866</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L867" href="#L867">867</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L868" href="#L868">868</a> Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
|
|
|
|
|
<a class="jxr_linenumber" name="L869" href="#L869">869</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L870" href="#L870">870</a> <strong class="jxr_keyword">if</strong> (proxyUrl != <strong class="jxr_keyword">null</strong> && !proxyUrl.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L871" href="#L871">871</a> Settings.setString(Settings.KEYS.PROXY_URL, proxyUrl);
|
|
|
|
|
<a class="jxr_linenumber" name="L872" href="#L872">872</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L873" href="#L873">873</a> <strong class="jxr_keyword">if</strong> (proxyPort != <strong class="jxr_keyword">null</strong> && !proxyPort.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L874" href="#L874">874</a> Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort);
|
|
|
|
|
<a class="jxr_linenumber" name="L875" href="#L875">875</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L876" href="#L876">876</a> <strong class="jxr_keyword">if</strong> (proxyUsername != <strong class="jxr_keyword">null</strong> && !proxyUsername.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L877" href="#L877">877</a> Settings.setString(Settings.KEYS.PROXY_USERNAME, proxyUsername);
|
|
|
|
|
<a class="jxr_linenumber" name="L878" href="#L878">878</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L879" href="#L879">879</a> <strong class="jxr_keyword">if</strong> (proxyPassword != <strong class="jxr_keyword">null</strong> && !proxyPassword.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L880" href="#L880">880</a> Settings.setString(Settings.KEYS.PROXY_PASSWORD, proxyPassword);
|
|
|
|
|
<a class="jxr_linenumber" name="L881" href="#L881">881</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L882" href="#L882">882</a> <strong class="jxr_keyword">if</strong> (connectionTimeout != <strong class="jxr_keyword">null</strong> && !connectionTimeout.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L883" href="#L883">883</a> Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout);
|
|
|
|
|
<a class="jxr_linenumber" name="L884" href="#L884">884</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L885" href="#L885">885</a> <strong class="jxr_keyword">if</strong> (suppressionFile != <strong class="jxr_keyword">null</strong> && !suppressionFile.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L886" href="#L886">886</a> Settings.setString(Settings.KEYS.SUPPRESSION_FILE, suppressionFile);
|
|
|
|
|
<a class="jxr_linenumber" name="L887" href="#L887">887</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L888" href="#L888">888</a> Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, nexusAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L889" href="#L889">889</a> <strong class="jxr_keyword">if</strong> (nexusUrl != <strong class="jxr_keyword">null</strong> && !nexusUrl.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L890" href="#L890">890</a> Settings.setString(Settings.KEYS.ANALYZER_NEXUS_URL, nexusUrl);
|
|
|
|
|
<a class="jxr_linenumber" name="L891" href="#L891">891</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L892" href="#L892">892</a> Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_PROXY, nexusUsesProxy);
|
|
|
|
|
<a class="jxr_linenumber" name="L893" href="#L893">893</a> <strong class="jxr_keyword">if</strong> (databaseDriverName != <strong class="jxr_keyword">null</strong> && !databaseDriverName.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L894" href="#L894">894</a> Settings.setString(Settings.KEYS.DB_DRIVER_NAME, databaseDriverName);
|
|
|
|
|
<a class="jxr_linenumber" name="L895" href="#L895">895</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L896" href="#L896">896</a> <strong class="jxr_keyword">if</strong> (databaseDriverPath != <strong class="jxr_keyword">null</strong> && !databaseDriverPath.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L897" href="#L897">897</a> Settings.setString(Settings.KEYS.DB_DRIVER_PATH, databaseDriverPath);
|
|
|
|
|
<a class="jxr_linenumber" name="L898" href="#L898">898</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L899" href="#L899">899</a> <strong class="jxr_keyword">if</strong> (connectionString != <strong class="jxr_keyword">null</strong> && !connectionString.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L900" href="#L900">900</a> Settings.setString(Settings.KEYS.DB_CONNECTION_STRING, connectionString);
|
|
|
|
|
<a class="jxr_linenumber" name="L901" href="#L901">901</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L902" href="#L902">902</a> <strong class="jxr_keyword">if</strong> (databaseUser != <strong class="jxr_keyword">null</strong> && !databaseUser.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L903" href="#L903">903</a> Settings.setString(Settings.KEYS.DB_USER, databaseUser);
|
|
|
|
|
<a class="jxr_linenumber" name="L904" href="#L904">904</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L905" href="#L905">905</a> <strong class="jxr_keyword">if</strong> (databasePassword != <strong class="jxr_keyword">null</strong> && !databasePassword.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L906" href="#L906">906</a> Settings.setString(Settings.KEYS.DB_PASSWORD, databasePassword);
|
|
|
|
|
<a class="jxr_linenumber" name="L907" href="#L907">907</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L908" href="#L908">908</a> <strong class="jxr_keyword">if</strong> (zipExtensions != <strong class="jxr_keyword">null</strong> && !zipExtensions.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L909" href="#L909">909</a> Settings.setString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, zipExtensions);
|
|
|
|
|
<a class="jxr_linenumber" name="L910" href="#L910">910</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L911" href="#L911">911</a> <strong class="jxr_keyword">if</strong> (cveUrl12Modified != <strong class="jxr_keyword">null</strong> && !cveUrl12Modified.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L912" href="#L912">912</a> Settings.setString(Settings.KEYS.CVE_MODIFIED_12_URL, cveUrl12Modified);
|
|
|
|
|
<a class="jxr_linenumber" name="L800" href="#L800">800</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L801" href="#L801">801</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L802" href="#L802">802</a> engine.analyzeDependencies();
|
|
|
|
|
<a class="jxr_linenumber" name="L803" href="#L803">803</a> DatabaseProperties prop = <strong class="jxr_keyword">null</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L804" href="#L804">804</a> CveDB cve = <strong class="jxr_keyword">null</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L805" href="#L805">805</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L806" href="#L806">806</a> cve = <strong class="jxr_keyword">new</strong> CveDB();
|
|
|
|
|
<a class="jxr_linenumber" name="L807" href="#L807">807</a> cve.open();
|
|
|
|
|
<a class="jxr_linenumber" name="L808" href="#L808">808</a> prop = cve.getDatabaseProperties();
|
|
|
|
|
<a class="jxr_linenumber" name="L809" href="#L809">809</a> } <strong class="jxr_keyword">catch</strong> (DatabaseException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L810" href="#L810">810</a> Logger.getLogger(DependencyCheckTask.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, <span class="jxr_string">"Unable to retrieve DB Properties"</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L811" href="#L811">811</a> } <strong class="jxr_keyword">finally</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L812" href="#L812">812</a> <strong class="jxr_keyword">if</strong> (cve != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L813" href="#L813">813</a> cve.close();
|
|
|
|
|
<a class="jxr_linenumber" name="L814" href="#L814">814</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L815" href="#L815">815</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L816" href="#L816">816</a> <strong class="jxr_keyword">final</strong> ReportGenerator reporter = <strong class="jxr_keyword">new</strong> ReportGenerator(applicationName, engine.getDependencies(), engine.getAnalyzers(), prop);
|
|
|
|
|
<a class="jxr_linenumber" name="L817" href="#L817">817</a> reporter.generateReports(reportOutputDirectory, reportFormat);
|
|
|
|
|
<a class="jxr_linenumber" name="L818" href="#L818">818</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L819" href="#L819">819</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">this</strong>.failBuildOnCVSS <= 10) {
|
|
|
|
|
<a class="jxr_linenumber" name="L820" href="#L820">820</a> checkForFailure(engine.getDependencies());
|
|
|
|
|
<a class="jxr_linenumber" name="L821" href="#L821">821</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L822" href="#L822">822</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">this</strong>.showSummary) {
|
|
|
|
|
<a class="jxr_linenumber" name="L823" href="#L823">823</a> showSummary(engine.getDependencies());
|
|
|
|
|
<a class="jxr_linenumber" name="L824" href="#L824">824</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L825" href="#L825">825</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L826" href="#L826">826</a> Logger.getLogger(DependencyCheckTask.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE,
|
|
|
|
|
<a class="jxr_linenumber" name="L827" href="#L827">827</a> <span class="jxr_string">"Unable to generate dependency-check report"</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L828" href="#L828">828</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> BuildException(<span class="jxr_string">"Unable to generate dependency-check report"</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L829" href="#L829">829</a> } <strong class="jxr_keyword">catch</strong> (Exception ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L830" href="#L830">830</a> Logger.getLogger(DependencyCheckTask.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE,
|
|
|
|
|
<a class="jxr_linenumber" name="L831" href="#L831">831</a> <span class="jxr_string">"An exception occurred; unable to continue task"</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L832" href="#L832">832</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> BuildException(<span class="jxr_string">"An exception occurred; unable to continue task"</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L833" href="#L833">833</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L834" href="#L834">834</a> } <strong class="jxr_keyword">catch</strong> (DatabaseException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L835" href="#L835">835</a> Logger.getLogger(DependencyCheckTask.<strong class="jxr_keyword">class</strong>.getName()).log(Level.SEVERE,
|
|
|
|
|
<a class="jxr_linenumber" name="L836" href="#L836">836</a> <span class="jxr_string">"Unable to connect to the dependency-check database; analysis has stopped"</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L837" href="#L837">837</a> Logger.getLogger(DependencyCheckTask.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, <span class="jxr_string">""</span>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L838" href="#L838">838</a> } <strong class="jxr_keyword">finally</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L839" href="#L839">839</a> <strong class="jxr_keyword">if</strong> (engine != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L840" href="#L840">840</a> engine.cleanup();
|
|
|
|
|
<a class="jxr_linenumber" name="L841" href="#L841">841</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L842" href="#L842">842</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L843" href="#L843">843</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L844" href="#L844">844</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L845" href="#L845">845</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L846" href="#L846">846</a> <em class="jxr_javadoccomment"> * Validate the configuration to ensure the parameters have been properly configured/initialized.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L847" href="#L847">847</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L848" href="#L848">848</a> <em class="jxr_javadoccomment"> * @throws BuildException if the task was not configured correctly.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L849" href="#L849">849</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L850" href="#L850">850</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> validateConfiguration() <strong class="jxr_keyword">throws</strong> BuildException {
|
|
|
|
|
<a class="jxr_linenumber" name="L851" href="#L851">851</a> <strong class="jxr_keyword">if</strong> (path == <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L852" href="#L852">852</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> BuildException(<span class="jxr_string">"No project dependencies have been defined to analyze."</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L853" href="#L853">853</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L854" href="#L854">854</a> <strong class="jxr_keyword">if</strong> (failBuildOnCVSS < 0 || failBuildOnCVSS > 11) {
|
|
|
|
|
<a class="jxr_linenumber" name="L855" href="#L855">855</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> BuildException(<span class="jxr_string">"Invalid configuration, failBuildOnCVSS must be between 0 and 11."</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L856" href="#L856">856</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L857" href="#L857">857</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L858" href="#L858">858</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L859" href="#L859">859</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L860" href="#L860">860</a> <em class="jxr_javadoccomment"> * Takes the properties supplied and updates the dependency-check settings. Additionally, this sets the system</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L861" href="#L861">861</a> <em class="jxr_javadoccomment"> * properties required to change the proxy url, port, and connection timeout.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L862" href="#L862">862</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L863" href="#L863">863</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> populateSettings() {
|
|
|
|
|
<a class="jxr_linenumber" name="L864" href="#L864">864</a> InputStream taskProperties = <strong class="jxr_keyword">null</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L865" href="#L865">865</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L866" href="#L866">866</a> taskProperties = <strong class="jxr_keyword">this</strong>.getClass().getClassLoader().getResourceAsStream(PROPERTIES_FILE);
|
|
|
|
|
<a class="jxr_linenumber" name="L867" href="#L867">867</a> Settings.mergeProperties(taskProperties);
|
|
|
|
|
<a class="jxr_linenumber" name="L868" href="#L868">868</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L869" href="#L869">869</a> Logger.getLogger(DependencyCheckTask.<strong class="jxr_keyword">class</strong>.getName()).log(Level.WARNING, <span class="jxr_string">"Unable to load the dependency-check ant task.properties file."</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L870" href="#L870">870</a> Logger.getLogger(DependencyCheckTask.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINE, <strong class="jxr_keyword">null</strong>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L871" href="#L871">871</a> } <strong class="jxr_keyword">finally</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L872" href="#L872">872</a> <strong class="jxr_keyword">if</strong> (taskProperties != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L873" href="#L873">873</a> <strong class="jxr_keyword">try</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L874" href="#L874">874</a> taskProperties.close();
|
|
|
|
|
<a class="jxr_linenumber" name="L875" href="#L875">875</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
|
|
|
|
|
<a class="jxr_linenumber" name="L876" href="#L876">876</a> Logger.getLogger(DependencyCheckTask.<strong class="jxr_keyword">class</strong>.getName()).log(Level.FINEST, <strong class="jxr_keyword">null</strong>, ex);
|
|
|
|
|
<a class="jxr_linenumber" name="L877" href="#L877">877</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L878" href="#L878">878</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L879" href="#L879">879</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L880" href="#L880">880</a> <strong class="jxr_keyword">if</strong> (dataDirectory != <strong class="jxr_keyword">null</strong>) {
|
|
|
|
|
<a class="jxr_linenumber" name="L881" href="#L881">881</a> Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDirectory);
|
|
|
|
|
<a class="jxr_linenumber" name="L882" href="#L882">882</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L883" href="#L883">883</a> <strong class="jxr_keyword">final</strong> File jarPath = <strong class="jxr_keyword">new</strong> File(DependencyCheckTask.<strong class="jxr_keyword">class</strong>.getProtectionDomain().getCodeSource().getLocation().getPath());
|
|
|
|
|
<a class="jxr_linenumber" name="L884" href="#L884">884</a> <strong class="jxr_keyword">final</strong> File base = jarPath.getParentFile();
|
|
|
|
|
<a class="jxr_linenumber" name="L885" href="#L885">885</a> <strong class="jxr_keyword">final</strong> String sub = Settings.getString(Settings.KEYS.DATA_DIRECTORY);
|
|
|
|
|
<a class="jxr_linenumber" name="L886" href="#L886">886</a> <strong class="jxr_keyword">final</strong> File dataDir = <strong class="jxr_keyword">new</strong> File(base, sub);
|
|
|
|
|
<a class="jxr_linenumber" name="L887" href="#L887">887</a> Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath());
|
|
|
|
|
<a class="jxr_linenumber" name="L888" href="#L888">888</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L889" href="#L889">889</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L890" href="#L890">890</a> Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
|
|
|
|
|
<a class="jxr_linenumber" name="L891" href="#L891">891</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L892" href="#L892">892</a> <strong class="jxr_keyword">if</strong> (proxyUrl != <strong class="jxr_keyword">null</strong> && !proxyUrl.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L893" href="#L893">893</a> Settings.setString(Settings.KEYS.PROXY_URL, proxyUrl);
|
|
|
|
|
<a class="jxr_linenumber" name="L894" href="#L894">894</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L895" href="#L895">895</a> <strong class="jxr_keyword">if</strong> (proxyPort != <strong class="jxr_keyword">null</strong> && !proxyPort.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L896" href="#L896">896</a> Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort);
|
|
|
|
|
<a class="jxr_linenumber" name="L897" href="#L897">897</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L898" href="#L898">898</a> <strong class="jxr_keyword">if</strong> (proxyUsername != <strong class="jxr_keyword">null</strong> && !proxyUsername.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L899" href="#L899">899</a> Settings.setString(Settings.KEYS.PROXY_USERNAME, proxyUsername);
|
|
|
|
|
<a class="jxr_linenumber" name="L900" href="#L900">900</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L901" href="#L901">901</a> <strong class="jxr_keyword">if</strong> (proxyPassword != <strong class="jxr_keyword">null</strong> && !proxyPassword.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L902" href="#L902">902</a> Settings.setString(Settings.KEYS.PROXY_PASSWORD, proxyPassword);
|
|
|
|
|
<a class="jxr_linenumber" name="L903" href="#L903">903</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L904" href="#L904">904</a> <strong class="jxr_keyword">if</strong> (connectionTimeout != <strong class="jxr_keyword">null</strong> && !connectionTimeout.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L905" href="#L905">905</a> Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout);
|
|
|
|
|
<a class="jxr_linenumber" name="L906" href="#L906">906</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L907" href="#L907">907</a> <strong class="jxr_keyword">if</strong> (suppressionFile != <strong class="jxr_keyword">null</strong> && !suppressionFile.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L908" href="#L908">908</a> Settings.setString(Settings.KEYS.SUPPRESSION_FILE, suppressionFile);
|
|
|
|
|
<a class="jxr_linenumber" name="L909" href="#L909">909</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L910" href="#L910">910</a> Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, nexusAnalyzerEnabled);
|
|
|
|
|
<a class="jxr_linenumber" name="L911" href="#L911">911</a> <strong class="jxr_keyword">if</strong> (nexusUrl != <strong class="jxr_keyword">null</strong> && !nexusUrl.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L912" href="#L912">912</a> Settings.setString(Settings.KEYS.ANALYZER_NEXUS_URL, nexusUrl);
|
|
|
|
|
<a class="jxr_linenumber" name="L913" href="#L913">913</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L914" href="#L914">914</a> <strong class="jxr_keyword">if</strong> (cveUrl20Modified != <strong class="jxr_keyword">null</strong> && !cveUrl20Modified.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L915" href="#L915">915</a> Settings.setString(Settings.KEYS.CVE_MODIFIED_20_URL, cveUrl20Modified);
|
|
|
|
|
<a class="jxr_linenumber" name="L916" href="#L916">916</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L917" href="#L917">917</a> <strong class="jxr_keyword">if</strong> (cveUrl12Base != <strong class="jxr_keyword">null</strong> && !cveUrl12Base.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L918" href="#L918">918</a> Settings.setString(Settings.KEYS.CVE_SCHEMA_1_2, cveUrl12Base);
|
|
|
|
|
<a class="jxr_linenumber" name="L919" href="#L919">919</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L920" href="#L920">920</a> <strong class="jxr_keyword">if</strong> (cveUrl20Base != <strong class="jxr_keyword">null</strong> && !cveUrl20Base.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L921" href="#L921">921</a> Settings.setString(Settings.KEYS.CVE_SCHEMA_2_0, cveUrl20Base);
|
|
|
|
|
<a class="jxr_linenumber" name="L922" href="#L922">922</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L923" href="#L923">923</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L924" href="#L924">924</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L925" href="#L925">925</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L926" href="#L926">926</a> <em class="jxr_javadoccomment"> * Checks to see if a vulnerability has been identified with a CVSS score that is above the threshold set in the</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L927" href="#L927">927</a> <em class="jxr_javadoccomment"> * configuration.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L928" href="#L928">928</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L929" href="#L929">929</a> <em class="jxr_javadoccomment"> * @param dependencies the list of dependency objects</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L930" href="#L930">930</a> <em class="jxr_javadoccomment"> * @throws BuildException thrown if a CVSS score is found that is higher then the threshold set</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L931" href="#L931">931</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L932" href="#L932">932</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> checkForFailure(List<Dependency> dependencies) <strong class="jxr_keyword">throws</strong> BuildException {
|
|
|
|
|
<a class="jxr_linenumber" name="L933" href="#L933">933</a> <strong class="jxr_keyword">final</strong> StringBuilder ids = <strong class="jxr_keyword">new</strong> StringBuilder();
|
|
|
|
|
<a class="jxr_linenumber" name="L934" href="#L934">934</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencies) {
|
|
|
|
|
<a class="jxr_linenumber" name="L935" href="#L935">935</a> <strong class="jxr_keyword">for</strong> (Vulnerability v : d.getVulnerabilities()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L936" href="#L936">936</a> <strong class="jxr_keyword">if</strong> (v.getCvssScore() >= failBuildOnCVSS) {
|
|
|
|
|
<a class="jxr_linenumber" name="L937" href="#L937">937</a> <strong class="jxr_keyword">if</strong> (ids.length() == 0) {
|
|
|
|
|
<a class="jxr_linenumber" name="L938" href="#L938">938</a> ids.append(v.getName());
|
|
|
|
|
<a class="jxr_linenumber" name="L939" href="#L939">939</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L940" href="#L940">940</a> ids.append(<span class="jxr_string">", "</span>).append(v.getName());
|
|
|
|
|
<a class="jxr_linenumber" name="L941" href="#L941">941</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L942" href="#L942">942</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L943" href="#L943">943</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L914" href="#L914">914</a> Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_PROXY, nexusUsesProxy);
|
|
|
|
|
<a class="jxr_linenumber" name="L915" href="#L915">915</a> <strong class="jxr_keyword">if</strong> (databaseDriverName != <strong class="jxr_keyword">null</strong> && !databaseDriverName.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L916" href="#L916">916</a> Settings.setString(Settings.KEYS.DB_DRIVER_NAME, databaseDriverName);
|
|
|
|
|
<a class="jxr_linenumber" name="L917" href="#L917">917</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L918" href="#L918">918</a> <strong class="jxr_keyword">if</strong> (databaseDriverPath != <strong class="jxr_keyword">null</strong> && !databaseDriverPath.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L919" href="#L919">919</a> Settings.setString(Settings.KEYS.DB_DRIVER_PATH, databaseDriverPath);
|
|
|
|
|
<a class="jxr_linenumber" name="L920" href="#L920">920</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L921" href="#L921">921</a> <strong class="jxr_keyword">if</strong> (connectionString != <strong class="jxr_keyword">null</strong> && !connectionString.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L922" href="#L922">922</a> Settings.setString(Settings.KEYS.DB_CONNECTION_STRING, connectionString);
|
|
|
|
|
<a class="jxr_linenumber" name="L923" href="#L923">923</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L924" href="#L924">924</a> <strong class="jxr_keyword">if</strong> (databaseUser != <strong class="jxr_keyword">null</strong> && !databaseUser.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L925" href="#L925">925</a> Settings.setString(Settings.KEYS.DB_USER, databaseUser);
|
|
|
|
|
<a class="jxr_linenumber" name="L926" href="#L926">926</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L927" href="#L927">927</a> <strong class="jxr_keyword">if</strong> (databasePassword != <strong class="jxr_keyword">null</strong> && !databasePassword.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L928" href="#L928">928</a> Settings.setString(Settings.KEYS.DB_PASSWORD, databasePassword);
|
|
|
|
|
<a class="jxr_linenumber" name="L929" href="#L929">929</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L930" href="#L930">930</a> <strong class="jxr_keyword">if</strong> (zipExtensions != <strong class="jxr_keyword">null</strong> && !zipExtensions.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L931" href="#L931">931</a> Settings.setString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, zipExtensions);
|
|
|
|
|
<a class="jxr_linenumber" name="L932" href="#L932">932</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L933" href="#L933">933</a> <strong class="jxr_keyword">if</strong> (cveUrl12Modified != <strong class="jxr_keyword">null</strong> && !cveUrl12Modified.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L934" href="#L934">934</a> Settings.setString(Settings.KEYS.CVE_MODIFIED_12_URL, cveUrl12Modified);
|
|
|
|
|
<a class="jxr_linenumber" name="L935" href="#L935">935</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L936" href="#L936">936</a> <strong class="jxr_keyword">if</strong> (cveUrl20Modified != <strong class="jxr_keyword">null</strong> && !cveUrl20Modified.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L937" href="#L937">937</a> Settings.setString(Settings.KEYS.CVE_MODIFIED_20_URL, cveUrl20Modified);
|
|
|
|
|
<a class="jxr_linenumber" name="L938" href="#L938">938</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L939" href="#L939">939</a> <strong class="jxr_keyword">if</strong> (cveUrl12Base != <strong class="jxr_keyword">null</strong> && !cveUrl12Base.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L940" href="#L940">940</a> Settings.setString(Settings.KEYS.CVE_SCHEMA_1_2, cveUrl12Base);
|
|
|
|
|
<a class="jxr_linenumber" name="L941" href="#L941">941</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L942" href="#L942">942</a> <strong class="jxr_keyword">if</strong> (cveUrl20Base != <strong class="jxr_keyword">null</strong> && !cveUrl20Base.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L943" href="#L943">943</a> Settings.setString(Settings.KEYS.CVE_SCHEMA_2_0, cveUrl20Base);
|
|
|
|
|
<a class="jxr_linenumber" name="L944" href="#L944">944</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L945" href="#L945">945</a> <strong class="jxr_keyword">if</strong> (ids.length() > 0) {
|
|
|
|
|
<a class="jxr_linenumber" name="L946" href="#L946">946</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"%n%nDependency-Check Failure:%n"</span>
|
|
|
|
|
<a class="jxr_linenumber" name="L947" href="#L947">947</a> + <span class="jxr_string">"One or more dependencies were identified with vulnerabilities that have a CVSS score greater then '%.1f': %s%n"</span>
|
|
|
|
|
<a class="jxr_linenumber" name="L948" href="#L948">948</a> + <span class="jxr_string">"See the dependency-check report for more details.%n%n"</span>, failBuildOnCVSS, ids.toString());
|
|
|
|
|
<a class="jxr_linenumber" name="L949" href="#L949">949</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> BuildException(msg);
|
|
|
|
|
<a class="jxr_linenumber" name="L950" href="#L950">950</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L951" href="#L951">951</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L952" href="#L952">952</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L953" href="#L953">953</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L954" href="#L954">954</a> <em class="jxr_javadoccomment"> * Generates a warning message listing a summary of dependencies and their associated CPE and CVE entries.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L955" href="#L955">955</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L956" href="#L956">956</a> <em class="jxr_javadoccomment"> * @param dependencies a list of dependency objects</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L957" href="#L957">957</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L958" href="#L958">958</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> showSummary(List<Dependency> dependencies) {
|
|
|
|
|
<a class="jxr_linenumber" name="L959" href="#L959">959</a> <strong class="jxr_keyword">final</strong> StringBuilder summary = <strong class="jxr_keyword">new</strong> StringBuilder();
|
|
|
|
|
<a class="jxr_linenumber" name="L960" href="#L960">960</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencies) {
|
|
|
|
|
<a class="jxr_linenumber" name="L961" href="#L961">961</a> <strong class="jxr_keyword">boolean</strong> firstEntry = <strong class="jxr_keyword">true</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L962" href="#L962">962</a> <strong class="jxr_keyword">final</strong> StringBuilder ids = <strong class="jxr_keyword">new</strong> StringBuilder();
|
|
|
|
|
<a class="jxr_linenumber" name="L963" href="#L963">963</a> <strong class="jxr_keyword">for</strong> (Vulnerability v : d.getVulnerabilities()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L964" href="#L964">964</a> <strong class="jxr_keyword">if</strong> (firstEntry) {
|
|
|
|
|
<a class="jxr_linenumber" name="L965" href="#L965">965</a> firstEntry = false;
|
|
|
|
|
<a class="jxr_linenumber" name="L966" href="#L966">966</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L967" href="#L967">967</a> ids.append(<span class="jxr_string">", "</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L968" href="#L968">968</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L969" href="#L969">969</a> ids.append(v.getName());
|
|
|
|
|
<a class="jxr_linenumber" name="L970" href="#L970">970</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L971" href="#L971">971</a> <strong class="jxr_keyword">if</strong> (ids.length() > 0) {
|
|
|
|
|
<a class="jxr_linenumber" name="L972" href="#L972">972</a> summary.append(d.getFileName()).append(<span class="jxr_string">" ("</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L973" href="#L973">973</a> firstEntry = <strong class="jxr_keyword">true</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L974" href="#L974">974</a> <strong class="jxr_keyword">for</strong> (Identifier id : d.getIdentifiers()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L975" href="#L975">975</a> <strong class="jxr_keyword">if</strong> (firstEntry) {
|
|
|
|
|
<a class="jxr_linenumber" name="L976" href="#L976">976</a> firstEntry = false;
|
|
|
|
|
<a class="jxr_linenumber" name="L977" href="#L977">977</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L978" href="#L978">978</a> summary.append(<span class="jxr_string">", "</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L979" href="#L979">979</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L980" href="#L980">980</a> summary.append(id.getValue());
|
|
|
|
|
<a class="jxr_linenumber" name="L981" href="#L981">981</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L982" href="#L982">982</a> summary.append(<span class="jxr_string">") : "</span>).append(ids).append(NEW_LINE);
|
|
|
|
|
<a class="jxr_linenumber" name="L983" href="#L983">983</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L984" href="#L984">984</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L985" href="#L985">985</a> <strong class="jxr_keyword">if</strong> (summary.length() > 0) {
|
|
|
|
|
<a class="jxr_linenumber" name="L986" href="#L986">986</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"%n%n"</span>
|
|
|
|
|
<a class="jxr_linenumber" name="L987" href="#L987">987</a> + <span class="jxr_string">"One or more dependencies were identified with known vulnerabilities:%n%n%s"</span>
|
|
|
|
|
<a class="jxr_linenumber" name="L988" href="#L988">988</a> + <span class="jxr_string">"%n%nSee the dependency-check report for more details.%n%n"</span>, summary.toString());
|
|
|
|
|
<a class="jxr_linenumber" name="L989" href="#L989">989</a> Logger.getLogger(DependencyCheckTask.<strong class="jxr_keyword">class</strong>.getName()).log(Level.WARNING, msg);
|
|
|
|
|
<a class="jxr_linenumber" name="L990" href="#L990">990</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L991" href="#L991">991</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L992" href="#L992">992</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L993" href="#L993">993</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L994" href="#L994">994</a> <em class="jxr_javadoccomment"> * An enumeration of supported report formats: "ALL", "HTML", "XML", "VULN", etc..</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L995" href="#L995">995</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L996" href="#L996">996</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/taskdefs/DependencyCheckTask.html">ReportFormats</a> <strong class="jxr_keyword">extends</strong> EnumeratedAttribute {
|
|
|
|
|
<a class="jxr_linenumber" name="L997" href="#L997">997</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L998" href="#L998">998</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L999" href="#L999">999</a> <em class="jxr_javadoccomment"> * Returns the list of values for the report format.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1000" href="#L1000">1000</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1001" href="#L1001">1001</a> <em class="jxr_javadoccomment"> * @return the list of values for the report format</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1002" href="#L1002">1002</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1003" href="#L1003">1003</a> @Override
|
|
|
|
|
<a class="jxr_linenumber" name="L1004" href="#L1004">1004</a> <strong class="jxr_keyword">public</strong> String[] getValues() {
|
|
|
|
|
<a class="jxr_linenumber" name="L1005" href="#L1005">1005</a> <strong class="jxr_keyword">int</strong> i = 0;
|
|
|
|
|
<a class="jxr_linenumber" name="L1006" href="#L1006">1006</a> <strong class="jxr_keyword">final</strong> Format[] formats = Format.values();
|
|
|
|
|
<a class="jxr_linenumber" name="L1007" href="#L1007">1007</a> <strong class="jxr_keyword">final</strong> String[] values = <strong class="jxr_keyword">new</strong> String[formats.length];
|
|
|
|
|
<a class="jxr_linenumber" name="L1008" href="#L1008">1008</a> <strong class="jxr_keyword">for</strong> (Format format : formats) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1009" href="#L1009">1009</a> values[i++] = format.name();
|
|
|
|
|
<a class="jxr_linenumber" name="L1010" href="#L1010">1010</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1011" href="#L1011">1011</a> <strong class="jxr_keyword">return</strong> values;
|
|
|
|
|
<a class="jxr_linenumber" name="L1012" href="#L1012">1012</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1013" href="#L1013">1013</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1014" href="#L1014">1014</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L945" href="#L945">945</a> <strong class="jxr_keyword">if</strong> (pathToMono != <strong class="jxr_keyword">null</strong> && !pathToMono.isEmpty()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L946" href="#L946">946</a> Settings.setString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, pathToMono);
|
|
|
|
|
<a class="jxr_linenumber" name="L947" href="#L947">947</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L948" href="#L948">948</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L949" href="#L949">949</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L950" href="#L950">950</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L951" href="#L951">951</a> <em class="jxr_javadoccomment"> * Checks to see if a vulnerability has been identified with a CVSS score that is above the threshold set in the</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L952" href="#L952">952</a> <em class="jxr_javadoccomment"> * configuration.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L953" href="#L953">953</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L954" href="#L954">954</a> <em class="jxr_javadoccomment"> * @param dependencies the list of dependency objects</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L955" href="#L955">955</a> <em class="jxr_javadoccomment"> * @throws BuildException thrown if a CVSS score is found that is higher then the threshold set</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L956" href="#L956">956</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L957" href="#L957">957</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> checkForFailure(List<Dependency> dependencies) <strong class="jxr_keyword">throws</strong> BuildException {
|
|
|
|
|
<a class="jxr_linenumber" name="L958" href="#L958">958</a> <strong class="jxr_keyword">final</strong> StringBuilder ids = <strong class="jxr_keyword">new</strong> StringBuilder();
|
|
|
|
|
<a class="jxr_linenumber" name="L959" href="#L959">959</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencies) {
|
|
|
|
|
<a class="jxr_linenumber" name="L960" href="#L960">960</a> <strong class="jxr_keyword">for</strong> (Vulnerability v : d.getVulnerabilities()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L961" href="#L961">961</a> <strong class="jxr_keyword">if</strong> (v.getCvssScore() >= failBuildOnCVSS) {
|
|
|
|
|
<a class="jxr_linenumber" name="L962" href="#L962">962</a> <strong class="jxr_keyword">if</strong> (ids.length() == 0) {
|
|
|
|
|
<a class="jxr_linenumber" name="L963" href="#L963">963</a> ids.append(v.getName());
|
|
|
|
|
<a class="jxr_linenumber" name="L964" href="#L964">964</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L965" href="#L965">965</a> ids.append(<span class="jxr_string">", "</span>).append(v.getName());
|
|
|
|
|
<a class="jxr_linenumber" name="L966" href="#L966">966</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L967" href="#L967">967</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L968" href="#L968">968</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L969" href="#L969">969</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L970" href="#L970">970</a> <strong class="jxr_keyword">if</strong> (ids.length() > 0) {
|
|
|
|
|
<a class="jxr_linenumber" name="L971" href="#L971">971</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"%n%nDependency-Check Failure:%n"</span>
|
|
|
|
|
<a class="jxr_linenumber" name="L972" href="#L972">972</a> + <span class="jxr_string">"One or more dependencies were identified with vulnerabilities that have a CVSS score greater then '%.1f': %s%n"</span>
|
|
|
|
|
<a class="jxr_linenumber" name="L973" href="#L973">973</a> + <span class="jxr_string">"See the dependency-check report for more details.%n%n"</span>, failBuildOnCVSS, ids.toString());
|
|
|
|
|
<a class="jxr_linenumber" name="L974" href="#L974">974</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> BuildException(msg);
|
|
|
|
|
<a class="jxr_linenumber" name="L975" href="#L975">975</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L976" href="#L976">976</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L977" href="#L977">977</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L978" href="#L978">978</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L979" href="#L979">979</a> <em class="jxr_javadoccomment"> * Generates a warning message listing a summary of dependencies and their associated CPE and CVE entries.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L980" href="#L980">980</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L981" href="#L981">981</a> <em class="jxr_javadoccomment"> * @param dependencies a list of dependency objects</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L982" href="#L982">982</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L983" href="#L983">983</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> showSummary(List<Dependency> dependencies) {
|
|
|
|
|
<a class="jxr_linenumber" name="L984" href="#L984">984</a> <strong class="jxr_keyword">final</strong> StringBuilder summary = <strong class="jxr_keyword">new</strong> StringBuilder();
|
|
|
|
|
<a class="jxr_linenumber" name="L985" href="#L985">985</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencies) {
|
|
|
|
|
<a class="jxr_linenumber" name="L986" href="#L986">986</a> <strong class="jxr_keyword">boolean</strong> firstEntry = <strong class="jxr_keyword">true</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L987" href="#L987">987</a> <strong class="jxr_keyword">final</strong> StringBuilder ids = <strong class="jxr_keyword">new</strong> StringBuilder();
|
|
|
|
|
<a class="jxr_linenumber" name="L988" href="#L988">988</a> <strong class="jxr_keyword">for</strong> (Vulnerability v : d.getVulnerabilities()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L989" href="#L989">989</a> <strong class="jxr_keyword">if</strong> (firstEntry) {
|
|
|
|
|
<a class="jxr_linenumber" name="L990" href="#L990">990</a> firstEntry = false;
|
|
|
|
|
<a class="jxr_linenumber" name="L991" href="#L991">991</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L992" href="#L992">992</a> ids.append(<span class="jxr_string">", "</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L993" href="#L993">993</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L994" href="#L994">994</a> ids.append(v.getName());
|
|
|
|
|
<a class="jxr_linenumber" name="L995" href="#L995">995</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L996" href="#L996">996</a> <strong class="jxr_keyword">if</strong> (ids.length() > 0) {
|
|
|
|
|
<a class="jxr_linenumber" name="L997" href="#L997">997</a> summary.append(d.getFileName()).append(<span class="jxr_string">" ("</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L998" href="#L998">998</a> firstEntry = <strong class="jxr_keyword">true</strong>;
|
|
|
|
|
<a class="jxr_linenumber" name="L999" href="#L999">999</a> <strong class="jxr_keyword">for</strong> (Identifier id : d.getIdentifiers()) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1000" href="#L1000">1000</a> <strong class="jxr_keyword">if</strong> (firstEntry) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1001" href="#L1001">1001</a> firstEntry = false;
|
|
|
|
|
<a class="jxr_linenumber" name="L1002" href="#L1002">1002</a> } <strong class="jxr_keyword">else</strong> {
|
|
|
|
|
<a class="jxr_linenumber" name="L1003" href="#L1003">1003</a> summary.append(<span class="jxr_string">", "</span>);
|
|
|
|
|
<a class="jxr_linenumber" name="L1004" href="#L1004">1004</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1005" href="#L1005">1005</a> summary.append(id.getValue());
|
|
|
|
|
<a class="jxr_linenumber" name="L1006" href="#L1006">1006</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1007" href="#L1007">1007</a> summary.append(<span class="jxr_string">") : "</span>).append(ids).append(NEW_LINE);
|
|
|
|
|
<a class="jxr_linenumber" name="L1008" href="#L1008">1008</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1009" href="#L1009">1009</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1010" href="#L1010">1010</a> <strong class="jxr_keyword">if</strong> (summary.length() > 0) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1011" href="#L1011">1011</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"%n%n"</span>
|
|
|
|
|
<a class="jxr_linenumber" name="L1012" href="#L1012">1012</a> + <span class="jxr_string">"One or more dependencies were identified with known vulnerabilities:%n%n%s"</span>
|
|
|
|
|
<a class="jxr_linenumber" name="L1013" href="#L1013">1013</a> + <span class="jxr_string">"%n%nSee the dependency-check report for more details.%n%n"</span>, summary.toString());
|
|
|
|
|
<a class="jxr_linenumber" name="L1014" href="#L1014">1014</a> Logger.getLogger(DependencyCheckTask.<strong class="jxr_keyword">class</strong>.getName()).log(Level.WARNING, msg);
|
|
|
|
|
<a class="jxr_linenumber" name="L1015" href="#L1015">1015</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1016" href="#L1016">1016</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1017" href="#L1017">1017</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L1018" href="#L1018">1018</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1019" href="#L1019">1019</a> <em class="jxr_javadoccomment"> * An enumeration of supported report formats: "ALL", "HTML", "XML", "VULN", etc..</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1020" href="#L1020">1020</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1021" href="#L1021">1021</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/taskdefs/DependencyCheckTask.html">ReportFormats</a> <strong class="jxr_keyword">extends</strong> EnumeratedAttribute {
|
|
|
|
|
<a class="jxr_linenumber" name="L1022" href="#L1022">1022</a>
|
|
|
|
|
<a class="jxr_linenumber" name="L1023" href="#L1023">1023</a> <em class="jxr_javadoccomment">/**</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1024" href="#L1024">1024</a> <em class="jxr_javadoccomment"> * Returns the list of values for the report format.</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1025" href="#L1025">1025</a> <em class="jxr_javadoccomment"> *</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1026" href="#L1026">1026</a> <em class="jxr_javadoccomment"> * @return the list of values for the report format</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1027" href="#L1027">1027</a> <em class="jxr_javadoccomment"> */</em>
|
|
|
|
|
<a class="jxr_linenumber" name="L1028" href="#L1028">1028</a> @Override
|
|
|
|
|
<a class="jxr_linenumber" name="L1029" href="#L1029">1029</a> <strong class="jxr_keyword">public</strong> String[] getValues() {
|
|
|
|
|
<a class="jxr_linenumber" name="L1030" href="#L1030">1030</a> <strong class="jxr_keyword">int</strong> i = 0;
|
|
|
|
|
<a class="jxr_linenumber" name="L1031" href="#L1031">1031</a> <strong class="jxr_keyword">final</strong> Format[] formats = Format.values();
|
|
|
|
|
<a class="jxr_linenumber" name="L1032" href="#L1032">1032</a> <strong class="jxr_keyword">final</strong> String[] values = <strong class="jxr_keyword">new</strong> String[formats.length];
|
|
|
|
|
<a class="jxr_linenumber" name="L1033" href="#L1033">1033</a> <strong class="jxr_keyword">for</strong> (Format format : formats) {
|
|
|
|
|
<a class="jxr_linenumber" name="L1034" href="#L1034">1034</a> values[i++] = format.name();
|
|
|
|
|
<a class="jxr_linenumber" name="L1035" href="#L1035">1035</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1036" href="#L1036">1036</a> <strong class="jxr_keyword">return</strong> values;
|
|
|
|
|
<a class="jxr_linenumber" name="L1037" href="#L1037">1037</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1038" href="#L1038">1038</a> }
|
|
|
|
|
<a class="jxr_linenumber" name="L1039" href="#L1039">1039</a> }
|
|
|
|
|
</pre>
|
|
|
|
|
<hr/>
|
|
|
|
|
<div id="footer">Copyright © 2012–2014 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>
|
|
|
|
|
|
Jeremy Long