github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 08:13:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

general updates

Browse Source
This commit is contained in:
Jeremy Long
2012-09-16 10:15:42 -04:00
parent c089ac330a
commit aadb29c668
14 changed files with 276 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/org/codesecure/dependencycheck/data/LuceneUtils.java
View File

@@ -67,7 +67,7 @@ public final class LuceneUtils {
case '*':
case '?':
case ':':
case '\\':
case '\\': //it is supposed to fall through here
buf.append('\\');
default:
buf.append(c);

7
src/main/java/org/codesecure/dependencycheck/data/cpe/CPEQuery.java
View File

@@ -381,7 +381,12 @@ public class CPEQuery {
sb.append("^0.2 ");
}
} else {
LuceneUtils.appendEscapedLuceneQuery(sb, version);
//LuceneUtils.appendEscapedLuceneQuery(sb, version);
//if we have a weighting on something else, reduce the weighting on the version a lot
for (String v : version.split(" ")) {
LuceneUtils.appendEscapedLuceneQuery(sb, v);
sb.append("^0.7 ");
}
}
sb.append(")");

10
src/main/java/org/codesecure/dependencycheck/reporting/ReportGenerator.java
View File

@@ -27,6 +27,8 @@ import java.io.InputStreamReader;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.velocity.app.VelocityEngine;
import org.apache.velocity.context.Context;
import org.apache.velocity.runtime.RuntimeConstants;
@@ -82,9 +84,7 @@ public class ReportGenerator {
Context context = manager.createContext();
EasyFactoryConfiguration config = new EasyFactoryConfiguration();
config.addDefaultTools();
config.toolbox("application")
.tool("esc", "org.apache.velocity.tools.generic.EscapeTool")
.tool("org.apache.velocity.tools.generic.DateTool");
config.toolbox("application").tool("esc", "org.apache.velocity.tools.generic.EscapeTool").tool("org.apache.velocity.tools.generic.DateTool");
manager.configure(config);
@@ -119,12 +119,12 @@ public class ReportGenerator {
try {
writer.close();
} catch (Exception ex) {
//ignore this error.
Logger.getLogger(ReportGenerator.class.getName()).log(Level.FINEST, null, ex);
}
try {
reader.close();
} catch (Exception ex) {
//ignore this error.
Logger.getLogger(ReportGenerator.class.getName()).log(Level.FINEST, null, ex);
}
}
}

63
src/main/java/org/codesecure/dependencycheck/utils/CliParser.java
View File

@@ -145,26 +145,26 @@ public final class CliParser {
@SuppressWarnings("static-access")
private Options createCommandLineOptions() {
Option help = new Option(ArgumentName.HELP_SHORT, ArgumentName.HELP, false,
"print this message");
"print this message.");
Option advancedHelp = new Option(ArgumentName.ADVANCED_HELP_SHORT, ArgumentName.ADVANCED_HELP, false,
"shows additional help regarding properties file.");
Option version = new Option(ArgumentName.VERSION_SHORT, ArgumentName.VERSION,
false, "print the version information and exit");
false, "print the version information.");
Option noupdate = new Option(ArgumentName.DISABLE_AUTO_UPDATE_SHORT, ArgumentName.DISABLE_AUTO_UPDATE,
false, "disables the automatic updating of the CPE data.");
Option appname = OptionBuilder.withArgName("name").hasArg().withLongOpt(ArgumentName.APPNAME)
.withDescription("the name of the application being scanned").create(ArgumentName.APPNAME_SHORT);
Option appname = OptionBuilder.withArgName("name").hasArg().withLongOpt(ArgumentName.APPNAME).withDescription("the name of the application being scanned.").create(ArgumentName.APPNAME_SHORT);
Option path = OptionBuilder.withArgName("path").hasArg().withLongOpt(ArgumentName.SCAN)
.withDescription("the path to scan - this option can be specified multiple times.")
.create(ArgumentName.SCAN_SHORT);
Option path = OptionBuilder.withArgName("path").hasArg().withLongOpt(ArgumentName.SCAN).withDescription("the path to scan - this option can be specified multiple times.").create(ArgumentName.SCAN_SHORT);
Option load = OptionBuilder.withArgName("file").hasArg().withLongOpt(ArgumentName.CPE)
.withDescription("load the CPE xml file").create(ArgumentName.CPE_SHORT);
Option load = OptionBuilder.withArgName("file").hasArg().withLongOpt(ArgumentName.CPE).withDescription("load the CPE xml file.").create(ArgumentName.CPE_SHORT);
Option out = OptionBuilder.withArgName("folder").hasArg().withLongOpt(ArgumentName.OUT)
.withDescription("the folder to write reports to.").create(ArgumentName.OUT_SHORT);
Option props = OptionBuilder.withArgName("file").hasArg().withLongOpt(ArgumentName.PROP).withDescription("a property file to load.").create(ArgumentName.PROP_SHORT);
Option out = OptionBuilder.withArgName("folder").hasArg().withLongOpt(ArgumentName.OUT).withDescription("the folder to write reports to.").create(ArgumentName.OUT_SHORT);
//TODO add the ability to load a properties file to override the defaults...
@@ -179,7 +179,8 @@ public final class CliParser {
opts.addOption(version);
opts.addOption(help);
opts.addOption(noupdate);
opts.addOption(props);
opts.addOption(advancedHelp);
return opts;
}
@@ -224,12 +225,28 @@ public final class CliParser {
*/
public void printHelp() {
HelpFormatter formatter = new HelpFormatter();
String nl = System.getProperty("line.separator");
String advancedHelp = null;
if (line.hasOption(ArgumentName.ADVANCED_HELP)) {
advancedHelp = nl + nl
+ "Additionally, the following properties are supported and can be specified either"
+ "using the -p <file> argument or by passing them in as system properties." + nl
+ nl + " " + Settings.KEYS.PROXY_URL + "\t\t the proxy URL to use when downloading resources."
+ nl + " " + Settings.KEYS.PROXY_PORT + "\t\t the proxy port to use when downloading resources."
+ nl + " " + Settings.KEYS.CONNECTION_TIMEOUT + "\t the cconnection timeout (in milliseconds) to use" + nl + "\t\t\t when downloading resources.";
}
formatter.printHelp(Settings.getString("application.name", "DependencyCheck"),
"\n" + Settings.getString("application.name", "DependencyCheck")
nl + Settings.getString("application.name", "DependencyCheck")
+ " can be used to identify if there are any known CVE vulnerabilities in libraries utillized by an application. "
+ Settings.getString("application.name", "DependencyCheck")
+ " will automatically update required data from the Internet, such as the CVE and CPE data files from nvd.nist.gov.\n",
options, "", true);
+ " will automatically update required data from the Internet, such as the CVE and CPE data files from nvd.nist.gov." + nl + nl,
options,
"",
true);
if (advancedHelp != null) {
System.out.println(advancedHelp);
}
}
/**
@@ -351,5 +368,21 @@ public final class CliParser {
* The short CLI argument name asking for the version.
*/
public static final String VERSION = "version";
/**
* The CLI argument name asking for advanced help.
*/
public static final String ADVANCED_HELP_SHORT = "ah";
/**
* The short CLI argument name asking for advanced help.
*/
public static final String ADVANCED_HELP = "advancedhelp";
/**
* The short CLI argument name for setting the location of an additional properties file.
*/
public static final String PROP_SHORT = "p";
/**
* The CLI argument name for setting the location of an additional properties file.
*/
public static final String PROP = "propertyfile";
}
}

67
src/main/java/org/codesecure/dependencycheck/utils/Settings.java
View File

@@ -18,6 +18,8 @@ package org.codesecure.dependencycheck.utils;
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.util.Properties;
@@ -52,10 +54,6 @@ public class Settings {
* The properties key for the path where the CCE Lucene Index will be stored.
*/
public static final String CVE_INDEX = "cve";
/**
* The properties key for the path where the OSVDB Lucene Index will be stored.
*/
public static final String OSVDB_INDEX = "osvdb";
/**
* The properties key for the proxy url.
*/
@@ -86,6 +84,44 @@ public class Settings {
}
}
/**
* Sets a property value.
* @param key the key for the property.
* @param value the value for the property.
*/
public static void setString(String key, String value) {
INSTANCE.props.setProperty(key, value);
}
/**
* Merges a new properties file into the current properties. This
* method allows for the loading of a user provided properties file.<br/><br/>
* Note: even if using this method - system properties will be loaded before
* properties loaded from files.
*
* @param filePath the path to the properties file to merge.
* @throws FileNotFoundException is thrown when the filePath points to a non-existent file.
* @throws IOException is thrown when there is an exception loading/merging the properties.
*/
public static void mergeProperties(String filePath) throws FileNotFoundException, IOException {
FileInputStream fis = new FileInputStream(filePath);
mergeProperties(fis);
}
/**
* Merges a new properties file into the current properties. This
* method allows for the loading of a user provided properties file.<br/><br/>
* Note: even if using this method - system properties will be loaded before
* properties loaded from files.
*
* @param stream an Input Stream pointing at a properties file to merge.
* @throws IOException is thrown when there is an exception loading/merging the properties
*/
public static void mergeProperties(InputStream stream) throws IOException {
INSTANCE.props.load(stream);
}
/**
* Returns a value from the properties file. If the value was specified as a
* system property or passed in via the -Dprop=value argument - this method
@@ -104,15 +140,6 @@ public class Settings {
return str;
}
/**
* Sets a property value.
* @param key the key for the property.
* @param value the value for the property.
*/
public static void setString(String key, String value) {
INSTANCE.props.setProperty(key, value);
}
/**
* Returns a value from the properties file. If the value was specified as a
* system property or passed in via the -Dprop=value argument - this method
@@ -127,7 +154,7 @@ public class Settings {
}
/**
* Returns a integer value from the properties file. If the value was specified as a
* Returns an int value from the properties file. If the value was specified as a
* system property or passed in via the -Dprop=value argument - this method
* will return the value from the system properties before the values in
* the contained configuration file.
@@ -138,6 +165,18 @@ public class Settings {
public static int getInt(String key) {
return Integer.parseInt(Settings.getString(key));
}
/**
* Returns a long value from the properties file. If the value was specified as a
* system property or passed in via the -Dprop=value argument - this method
* will return the value from the system properties before the values in
* the contained configuration file.
*
* @param key the key to lookup within the properties file.
* @return the property from the properties file.
*/
public static long getLong(String key) {
return Long.parseLong(Settings.getString(key));
}
/**
* Returns a boolean value from the properties file. If the value was specified as a