github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-21 00:29:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

continued work on threading and code improvement

Browse Source
This commit is contained in:
Jeremy Long
2017-09-03 09:05:55 -04:00
parent 795de6f9ea
commit ab5de24518
158 changed files with 1266 additions and 964 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
View File

@@ -93,22 +93,26 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
/**
* Sets whether or not the external report format should be used.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "metaFileName", defaultValue = "dependency-check.ser", required = true)
private String dataFileName;
/**
* Sets whether or not the external report format should be used.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "failOnError", defaultValue = "true", required = true)
private boolean failOnError;
/**
* The Maven Project Object.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "project", required = true, readonly = true)
private MavenProject project;
/**
* List of Maven project of the current build
*/
@SuppressWarnings("CanBeFinal")
@Parameter(readonly = true, required = true, property = "reactorProjects")
private List<MavenProject> reactorProjects;
/**
@@ -116,18 +120,21 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* artifacts (handles both Maven 3.0 Sonatype and Maven 3.1+ eclipse Aether
* implementations).
*/
@SuppressWarnings("CanBeFinal")
@Component
private ArtifactResolver artifactResolver;
/**
* The Maven Session.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(defaultValue = "${session}", readonly = true, required = true)
private MavenSession session;
/**
* Remote repositories which will be searched for artifacts.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(defaultValue = "${project.remoteArtifactRepositories}", readonly = true, required = true)
private List<ArtifactRepository> remoteRepositories;
@@ -140,6 +147,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
/**
* The output directory. This generally maps to "target".
*/
@SuppressWarnings("CanBeFinal")
@Parameter(defaultValue = "${project.build.directory}", required = true)
private File outputDirectory;
/**
@@ -166,11 +174,13 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not
* recommended that this be turned to false. Default is true.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "autoUpdate")
private Boolean autoUpdate;
/**
* Sets whether Experimental analyzers are enabled. Default is false.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "enableExperimental")
private Boolean enableExperimental;
/**
@@ -192,33 +202,39 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
/**
* The Maven settings.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "mavenSettings", defaultValue = "${settings}", required = false)
private org.apache.maven.settings.Settings mavenSettings;
/**
* The maven settings proxy id.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "mavenSettingsProxyId", required = false)
private String mavenSettingsProxyId;
/**
* The Connection Timeout.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "connectionTimeout", defaultValue = "", required = false)
private String connectionTimeout;
/**
* The paths to the suppression files.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "suppressionFiles", required = false)
private String[] suppressionFiles;
/**
* The paths to the suppression file.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "suppressionFile", required = false)
private String suppressionFile;
/**
* The path to the hints file.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "hintsFile", defaultValue = "", required = false)
private String hintsFile;
@@ -232,18 +248,21 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
/**
* Whether or not the Jar Analyzer is enabled.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "jarAnalyzerEnabled", required = false)
private Boolean jarAnalyzerEnabled;
/**
* Whether or not the Archive Analyzer is enabled.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "archiveAnalyzerEnabled", required = false)
private Boolean archiveAnalyzerEnabled;
/**
* Sets whether the Python Distribution Analyzer will be used.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "pyDistributionAnalyzerEnabled", required = false)
private Boolean pyDistributionAnalyzerEnabled;
/**
@@ -254,21 +273,25 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
/**
* Sets whether the Ruby Gemspec Analyzer will be used.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "rubygemsAnalyzerEnabled", required = false)
private Boolean rubygemsAnalyzerEnabled;
/**
* Sets whether or not the openssl Analyzer should be used.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "opensslAnalyzerEnabled", required = false)
private Boolean opensslAnalyzerEnabled;
/**
* Sets whether or not the CMake Analyzer should be used.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "cmakeAnalyzerEnabled", required = false)
private Boolean cmakeAnalyzerEnabled;
/**
* Sets whether or not the autoconf Analyzer should be used.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "autoconfAnalyzerEnabled", required = false)
private Boolean autoconfAnalyzerEnabled;
/**
@@ -279,11 +302,13 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
/**
* Sets whether or not the Node.js Analyzer should be used.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "nodeAnalyzerEnabled", required = false)
private Boolean nodeAnalyzerEnabled;
/**
* Sets whether or not the Node Security Project Analyzer should be used.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "nspAnalyzerEnabled", required = false)
private Boolean nspAnalyzerEnabled;
@@ -296,18 +321,21 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
/**
* Whether or not the .NET Nuspec Analyzer is enabled.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "nuspecAnalyzerEnabled", required = false)
private Boolean nuspecAnalyzerEnabled;
/**
* Whether or not the Central Analyzer is enabled.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "centralAnalyzerEnabled", required = false)
private Boolean centralAnalyzerEnabled;
/**
* Whether or not the Nexus Analyzer is enabled.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "nexusAnalyzerEnabled", required = false)
private Boolean nexusAnalyzerEnabled;
@@ -320,18 +348,21 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
/**
* Sets the path for the bundle-audit binary.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "bundleAuditPath", defaultValue = "", required = false)
private String bundleAuditPath;
/**
* Whether or not the CocoaPods Analyzer is enabled.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "cocoapodsAnalyzerEnabled", required = false)
private Boolean cocoapodsAnalyzerEnabled;
/**
* Whether or not the Swift package Analyzer is enabled.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "swiftPackageManagerAnalyzerEnabled", required = false)
private Boolean swiftPackageManagerAnalyzerEnabled;
@@ -339,38 +370,45 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* The URL of a Nexus server's REST API end point
* (http://domain/nexus/service/local).
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "nexusUrl", required = false)
private String nexusUrl;
/**
* Whether or not the configured proxy is used to connect to Nexus.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "nexusUsesProxy", required = false)
private Boolean nexusUsesProxy;
/**
* The database connection string.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "connectionString", defaultValue = "", required = false)
private String connectionString;
/**
* The database driver name. An example would be org.h2.Driver.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "databaseDriverName", defaultValue = "", required = false)
private String databaseDriverName;
/**
* The path to the database driver if it is not on the class path.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "databaseDriverPath", defaultValue = "", required = false)
private String databaseDriverPath;
/**
* The server id in the settings.xml; used to retrieve encrypted passwords
* from the settings.xml.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "serverId", defaultValue = "", required = false)
private String serverId;
/**
* A reference to the settings.xml settings.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(defaultValue = "${settings}", readonly = true, required = true)
private org.apache.maven.settings.Settings settingsXml;
/**
@@ -392,6 +430,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* A comma-separated list of file extensions to add to analysis next to jar,
* zip, ....
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "zipExtensions", required = false)
private String zipExtensions;
/**
@@ -437,38 +476,45 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
/**
* The data directory, hold DC SQL DB.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "dataDirectory", defaultValue = "", required = false)
private String dataDirectory;
/**
* Data Mirror URL for CVE 1.2.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "cveUrl12Modified", defaultValue = "", required = false)
private String cveUrl12Modified;
/**
* Data Mirror URL for CVE 2.0.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "cveUrl20Modified", defaultValue = "", required = false)
private String cveUrl20Modified;
/**
* Base Data Mirror URL for CVE 1.2.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "cveUrl12Base", defaultValue = "", required = false)
private String cveUrl12Base;
/**
* Data Mirror URL for CVE 2.0.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "cveUrl20Base", defaultValue = "", required = false)
private String cveUrl20Base;
/**
* Optionally skip excessive CVE update checks for a designated duration in
* hours.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "cveValidForHours", defaultValue = "", required = false)
private Integer cveValidForHours;
/**
* The path to mono for .NET Assembly analysis on non-windows systems.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "pathToMono", defaultValue = "", required = false)
private String pathToMono;
@@ -1183,7 +1229,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* @throws MojoFailureException thrown if a CVSS score is found that is
* higher then the threshold set
*/
protected void checkForFailure(List<Dependency> dependencies) throws MojoFailureException {
protected void checkForFailure(Dependency[] dependencies) throws MojoFailureException {
final StringBuilder ids = new StringBuilder();
for (Dependency d : dependencies) {
boolean addName = true;
@@ -1220,7 +1266,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* @param mp the Maven project for which the summary is shown
* @param dependencies a list of dependency objects
*/
protected void showSummary(MavenProject mp, List<Dependency> dependencies) {
protected void showSummary(MavenProject mp, Dependency[] dependencies) {
if (showSummary) {
final StringBuilder summary = new StringBuilder();
for (Dependency d : dependencies) {

2
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java
View File

@@ -99,7 +99,7 @@ public class CheckMojo extends BaseDependencyCheckMojo {
}
if (engine != null) {
ExceptionCollection exCol = scanArtifacts(getProject(), engine);
if (engine.getDependencies().isEmpty()) {
if (engine.getDependencies().length == 0) {
getLog().info("No dependencies were identified that could be analyzed by dependency-check");
}
try {

4
dependency-check-maven/src/test/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojoTest.java
View File

@@ -95,14 +95,14 @@ public class BaseDependencyCheckMojoTest extends BaseTest {
Engine engine = new Engine(getSettings());
getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
assertTrue(engine.getDependencies().isEmpty());
assertTrue(engine.getDependencies().length == 0);
BaseDependencyCheckMojoImpl instance = new BaseDependencyCheckMojoImpl();
try { //the mock above fails under some JDKs
instance.scanArtifacts(project, engine);
} catch (NullPointerException ex) {
Assume.assumeNoException(ex);
}
assertFalse(engine.getDependencies().isEmpty());
assertFalse(engine.getDependencies().length == 0);
engine.cleanup();
}
}