Merge pull request #322 from wmaintw/master

Remove duplicated configuration items in DependencyCheckTask
2026-01-13 23:33:37 +01:00 · 2015-08-25 05:28:34 -04:00
parent 4bdfbcc916 519198bb61
commit b36c4f65e5
5 changed files with 81 additions and 96 deletions
--- a/dependency-check-gradle/src/main/groovy/com/tools/security/extension/DependencyCheckConfigurationExtension.groovy
+++ b/dependency-check-gradle/src/main/groovy/com/tools/security/extension/DependencyCheckConfigurationExtension.groovy
@@ -18,19 +18,19 @@

 package com.tools.security.extension

-class DependencyCheckConfigurationExtension {
+class DependencyCheckExtension {
    String proxyServer
    Integer proxyPort
-    String proxyUsername = ""
-    String proxyPassword = ""
+    String proxyUsername
+    String proxyPassword

-    String cveUrl12Modified = "https://nvd.nist.gov/download/nvdcve-Modified.xml.gz"
-    String cveUrl20Modified = "https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz"
-    Integer cveStartYear = 2002
-    String cveUrl12Base = "https://nvd.nist.gov/download/nvdcve-%d.xml.gz"
-    String cveUrl20Base = "https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml.gz"
+    String cveUrl20Modified
+    String cveUrl12Modified
+    Integer cveStartYear
+    String cveUrl20Base
+    String cveUrl12Base

    String outputDirectory = "./reports"

-    Boolean quickQueryTimestamp = true;
+    Boolean quickQueryTimestamp;
 }
--- a/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy
+++ b/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy
@@ -18,13 +18,14 @@

 package com.tools.security.plugin

-import com.tools.security.extension.DependencyCheckConfigurationExtension
+import com.tools.security.extension.DependencyCheckExtension
 import com.tools.security.tasks.DependencyCheckTask
 import org.gradle.api.Plugin
 import org.gradle.api.Project

 class DependencyCheckGradlePlugin implements Plugin<Project> {
-    static final String EXTENSION_NAME = 'dependencyCheck'
+    private static final String EXTENSION_NAME = 'dependencyCheck'
+    private static final String TASK_NAME = 'dependencyCheck'

    @Override
    void apply(Project project) {
@@ -33,23 +34,10 @@ class DependencyCheckGradlePlugin implements Plugin<Project> {
    }

    def initializeConfigurations(Project project) {
-        project.extensions.create(EXTENSION_NAME, DependencyCheckConfigurationExtension)
+        project.extensions.create(EXTENSION_NAME, DependencyCheckExtension)
    }

    def registerTasks(Project project) {
-        project.task('dependencyCheck', type: DependencyCheckTask) {
-            def extension = project.extensions.findByName(EXTENSION_NAME)
-            conventionMapping.proxyServer = { extension.proxyServer }
-            conventionMapping.proxyPort = { extension.proxyPort }
-            conventionMapping.proxyUsername = { extension.proxyUsername }
-            conventionMapping.proxyPassword = { extension.proxyPassword }
-            conventionMapping.cveUrl12Modified = { extension.cveUrl12Modified }
-            conventionMapping.cveUrl20Modified = { extension.cveUrl20Modified }
-            conventionMapping.cveStartYear = { extension.cveStartYear }
-            conventionMapping.cveUrl12Base = { extension.cveUrl12Base }
-            conventionMapping.cveUrl20Base = { extension.cveUrl20Base }
-            conventionMapping.outputDirectory = { extension.outputDirectory }
-            conventionMapping.quickQueryTimestamp = { extension.quickQueryTimestamp }
-        }
+        project.task(TASK_NAME, type: DependencyCheckTask)
    }
 }
--- a/dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy
+++ b/dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy
@@ -28,27 +28,23 @@ import org.owasp.dependencycheck.dependency.Dependency
 import org.owasp.dependencycheck.reporting.ReportGenerator
 import org.owasp.dependencycheck.utils.Settings

+import static org.owasp.dependencycheck.utils.Settings.KEYS.CVE_MODIFIED_12_URL
+import static org.owasp.dependencycheck.utils.Settings.KEYS.CVE_MODIFIED_20_URL
+import static org.owasp.dependencycheck.utils.Settings.KEYS.CVE_SCHEMA_1_2
+import static org.owasp.dependencycheck.utils.Settings.KEYS.CVE_SCHEMA_2_0
+import static org.owasp.dependencycheck.utils.Settings.KEYS.CVE_START_YEAR
+import static org.owasp.dependencycheck.utils.Settings.KEYS.DOWNLOADER_QUICK_QUERY_TIMESTAMP
+import static org.owasp.dependencycheck.utils.Settings.KEYS.PROXY_PASSWORD
+import static org.owasp.dependencycheck.utils.Settings.KEYS.PROXY_PORT
+import static org.owasp.dependencycheck.utils.Settings.KEYS.PROXY_SERVER
+import static org.owasp.dependencycheck.utils.Settings.KEYS.PROXY_USERNAME
 import static org.owasp.dependencycheck.utils.Settings.setBoolean
 import static org.owasp.dependencycheck.utils.Settings.setString

 class DependencyCheckTask extends DefaultTask {

    def currentProjectName = project.getName()
-
-    String proxyServer
-    Integer proxyPort
-    String proxyUsername = ""
-    String proxyPassword = ""
-
-    String cveUrl12Modified = "https://nvd.nist.gov/download/nvdcve-Modified.xml.gz"
-    String cveUrl20Modified = "https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz"
-    Integer cveStartYear = 2002
-    String cveUrl12Base = "https://nvd.nist.gov/download/nvdcve-%d.xml.gz"
-    String cveUrl20Base = "https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml.gz"
-
-    String outputDirectory = "./reports"
-
-    Boolean quickQueryTimestamp = true;
+    def config = project.dependencyCheck

    DependencyCheckTask() {
        group = 'Dependency Check'
@@ -111,22 +107,22 @@ class DependencyCheckTask extends DefaultTask {
    }

    def generateReportDirectory(String currentProjectName) {
-        "${getOutputDirectory()}/${currentProjectName}"
+        "${config.outputDirectory}/${currentProjectName}"
    }

    def overrideProxySetting() {
        if (isProxySettingExist()) {
-            logger.lifecycle("Using proxy ${getProxyServer()}:${getProxyPort()}")
+            logger.lifecycle("Using proxy ${config.proxyServer}:${config.proxyPort}")

-            setString(Settings.KEYS.PROXY_SERVER, getProxyServer())
-            setString(Settings.KEYS.PROXY_PORT, "${getProxyPort()}")
-            setString(Settings.KEYS.PROXY_USERNAME, getProxyUsername())
-            setString(Settings.KEYS.PROXY_PASSWORD, getProxyPassword())
+            overrideStringBasedSettingWhenProvided(PROXY_SERVER, config.proxyServer)
+            overrideStringBasedSettingWhenProvided(PROXY_PORT, "${config.proxyPort}")
+            overrideStringBasedSettingWhenProvided(PROXY_USERNAME, config.proxyUsername)
+            overrideStringBasedSettingWhenProvided(PROXY_PASSWORD, config.proxyPassword)
        }
    }

    def isProxySettingExist() {
-        getProxyServer() != null && getProxyPort() != null
+        config.proxyServer != null && config.proxyPort != null
    }

    def getAllDependencies(project) {
@@ -138,14 +134,35 @@ class DependencyCheckTask extends DefaultTask {
    }

    def overrideCveUrlSetting() {
-        setString(Settings.KEYS.CVE_MODIFIED_20_URL, getCveUrl20Modified())
-        setString(Settings.KEYS.CVE_MODIFIED_12_URL, getCveUrl12Modified())
-        setString(Settings.KEYS.CVE_START_YEAR, "${getCveStartYear()}")
-        setString(Settings.KEYS.CVE_SCHEMA_2_0, getCveUrl20Base())
-        setString(Settings.KEYS.CVE_SCHEMA_1_2, getCveUrl12Base())
+        overrideStringBasedSettingWhenProvided(CVE_MODIFIED_20_URL, config.cveUrl20Modified)
+        overrideStringBasedSettingWhenProvided(CVE_MODIFIED_12_URL, config.cveUrl12Modified)
+        overrideIntegerBasedSettingWhenProvided(CVE_START_YEAR, config.cveStartYear)
+        overrideStringBasedSettingWhenProvided(CVE_SCHEMA_2_0, config.cveUrl20Base)
+        overrideStringBasedSettingWhenProvided(CVE_SCHEMA_1_2, config.cveUrl12Base)
    }

    def overrideDownloaderSetting() {
-        setBoolean(Settings.KEYS.DOWNLOADER_QUICK_QUERY_TIMESTAMP, getQuickQueryTimestamp())
+        overrideBooleanBasedSettingWhenProvided(DOWNLOADER_QUICK_QUERY_TIMESTAMP, config.quickQueryTimestamp)
+    }
+
+    private overrideStringBasedSettingWhenProvided(String key, String providedValue) {
+        if (providedValue != null) {
+            logger.lifecycle("Setting [${key}] overrided with value [${providedValue}]")
+            setString(key, providedValue)
+        }
+    }
+
+    private overrideIntegerBasedSettingWhenProvided(String key, Integer providedValue) {
+        if (providedValue != null) {
+            logger.lifecycle("Setting [${key}] overrided with value [${providedValue}]")
+            setString(key, "${providedValue}")
+        }
+    }
+
+    private overrideBooleanBasedSettingWhenProvided(String key, Boolean providedValue) {
+        if (providedValue != null) {
+            logger.lifecycle("Setting [${key}] overrided with value [${providedValue}]")
+            setBoolean(key, providedValue)
+        }
    }
 }
--- a/dependency-check-gradle/src/main/resources/META-INF/gradle-plugins/dependency.check.properties
+++ b/dependency-check-gradle/src/main/resources/META-INF/gradle-plugins/dependency.check.properties
@@ -1,19 +0,0 @@
-#
-# This file is part of dependency-check-gradle.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Copyright (c) 2015 Wei Ma. All Rights Reserved.
-#
-
-implementation-class=com.tools.security.plugin.DependencyCheckGradlePlugin
--- a/dependency-check-gradle/src/test/groovy/com/tools/security/plugin/DependencyCheckGradlePluginSpec.groovy
+++ b/dependency-check-gradle/src/test/groovy/com/tools/security/plugin/DependencyCheckGradlePluginSpec.groovy
@@ -48,17 +48,17 @@ class DependencyCheckGradlePluginSpec extends PluginProjectSpec {
        expect:
        task.group == 'Dependency Check'
        task.description == 'Produce dependency security report.'
-        task.proxyServer == null
-        task.proxyPort == null
-        task.proxyUsername == ''
-        task.proxyPassword == ''
-        task.cveUrl12Modified == 'https://nvd.nist.gov/download/nvdcve-Modified.xml.gz'
-        task.cveUrl20Modified == 'https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz'
-        task.cveStartYear == 2002
-        task.cveUrl12Base == 'https://nvd.nist.gov/download/nvdcve-%d.xml.gz'
-        task.cveUrl20Base == 'https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml.gz'
-        task.outputDirectory == './reports'
-        task.quickQueryTimestamp == true
+        project.dependencyCheck.proxyServer == null
+        project.dependencyCheck.proxyPort == null
+        project.dependencyCheck.proxyUsername == null
+        project.dependencyCheck.proxyPassword == null
+        project.dependencyCheck.cveUrl12Modified == null
+        project.dependencyCheck.cveUrl20Modified == null
+        project.dependencyCheck.cveStartYear == null
+        project.dependencyCheck.cveUrl12Base == null
+        project.dependencyCheck.cveUrl20Base == null
+        project.dependencyCheck.outputDirectory == './reports'
+        project.dependencyCheck.quickQueryTimestamp == null
    }

    def 'tasks use correct values when extension is used'() {
@@ -78,17 +78,16 @@ class DependencyCheckGradlePluginSpec extends PluginProjectSpec {
        }

        then:
-        Task task = project.tasks.findByName( 'dependencyCheck' )
-        task.proxyServer == '127.0.0.1'
-        task.proxyPort == 3128
-        task.proxyUsername == 'proxyUsername'
-        task.proxyPassword == 'proxyPassword'
-        task.cveUrl12Modified == 'cveUrl12Modified'
-        task.cveUrl20Modified == 'cveUrl20Modified'
-        task.cveStartYear == 2002
-        task.cveUrl12Base == 'cveUrl12Base'
-        task.cveUrl20Base == 'cveUrl20Base'
-        task.outputDirectory == 'outputDirectory'
-        task.quickQueryTimestamp == false
+        project.dependencyCheck.proxyServer == '127.0.0.1'
+        project.dependencyCheck.proxyPort == 3128
+        project.dependencyCheck.proxyUsername == 'proxyUsername'
+        project.dependencyCheck.proxyPassword == 'proxyPassword'
+        project.dependencyCheck.cveUrl12Modified == 'cveUrl12Modified'
+        project.dependencyCheck.cveUrl20Modified == 'cveUrl20Modified'
+        project.dependencyCheck.cveStartYear == 2002
+        project.dependencyCheck.cveUrl12Base == 'cveUrl12Base'
+        project.dependencyCheck.cveUrl20Base == 'cveUrl20Base'
+        project.dependencyCheck.outputDirectory == 'outputDirectory'
+        project.dependencyCheck.quickQueryTimestamp == false
    }
 }