From d308e50e1e4accefc239c08f00e554807a1e192e Mon Sep 17 00:00:00 2001
From: ma wei <wma@thoughtworks.com>
Date: Fri, 14 Aug 2015 17:12:28 +0800
Subject: [PATCH 1/3] remove duplicated plugin properties file

---
 .../dependency.check.properties               | 19 -------------------
 1 file changed, 19 deletions(-)
 delete mode 100644 dependency-check-gradle/src/main/resources/META-INF/gradle-plugins/dependency.check.properties

diff --git a/dependency-check-gradle/src/main/resources/META-INF/gradle-plugins/dependency.check.properties b/dependency-check-gradle/src/main/resources/META-INF/gradle-plugins/dependency.check.properties
deleted file mode 100644
index 877c70050..000000000
--- a/dependency-check-gradle/src/main/resources/META-INF/gradle-plugins/dependency.check.properties
+++ /dev/null
@@ -1,19 +0,0 @@
-#
-# This file is part of dependency-check-gradle.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Copyright (c) 2015 Wei Ma. All Rights Reserved.
-#
-
-implementation-class=com.tools.security.plugin.DependencyCheckGradlePlugin
\ No newline at end of file

From 761a5ed3dd67e23ffdbeab0ffb1d6d0e9028fd96 Mon Sep 17 00:00:00 2001
From: ma wei <wma@thoughtworks.com>
Date: Mon, 24 Aug 2015 22:17:16 +0800
Subject: [PATCH 2/3] remove duplicated configuration items in
 DependencyCheckTask

---
 ...groovy => DependencyCheckExtension.groovy} | 18 ++---
 .../plugin/DependencyCheckGradlePlugin.groovy | 22 ++----
 .../security/tasks/DependencyCheckTask.groovy | 73 ++++++++++++-------
 3 files changed, 59 insertions(+), 54 deletions(-)
 rename dependency-check-gradle/src/main/groovy/com/tools/security/extension/{DependencyCheckConfigurationExtension.groovy => DependencyCheckExtension.groovy} (60%)

diff --git a/dependency-check-gradle/src/main/groovy/com/tools/security/extension/DependencyCheckConfigurationExtension.groovy b/dependency-check-gradle/src/main/groovy/com/tools/security/extension/DependencyCheckExtension.groovy
similarity index 60%
rename from dependency-check-gradle/src/main/groovy/com/tools/security/extension/DependencyCheckConfigurationExtension.groovy
rename to dependency-check-gradle/src/main/groovy/com/tools/security/extension/DependencyCheckExtension.groovy
index e86f66e25..a0bc76dfe 100644
--- a/dependency-check-gradle/src/main/groovy/com/tools/security/extension/DependencyCheckConfigurationExtension.groovy
+++ b/dependency-check-gradle/src/main/groovy/com/tools/security/extension/DependencyCheckExtension.groovy
@@ -18,19 +18,19 @@
 
 package com.tools.security.extension
 
-class DependencyCheckConfigurationExtension {
+class DependencyCheckExtension {
     String proxyServer
     Integer proxyPort
-    String proxyUsername = ""
-    String proxyPassword = ""
+    String proxyUsername
+    String proxyPassword
 
-    String cveUrl12Modified = "https://nvd.nist.gov/download/nvdcve-Modified.xml.gz"
-    String cveUrl20Modified = "https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz"
-    Integer cveStartYear = 2002
-    String cveUrl12Base = "https://nvd.nist.gov/download/nvdcve-%d.xml.gz"
-    String cveUrl20Base = "https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml.gz"
+    String cveUrl20Modified
+    String cveUrl12Modified
+    Integer cveStartYear
+    String cveUrl20Base
+    String cveUrl12Base
 
     String outputDirectory = "./reports"
 
-    Boolean quickQueryTimestamp = true;
+    Boolean quickQueryTimestamp;
 }
diff --git a/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy b/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy
index 2274c9af4..fc9a4df3d 100644
--- a/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy
+++ b/dependency-check-gradle/src/main/groovy/com/tools/security/plugin/DependencyCheckGradlePlugin.groovy
@@ -18,13 +18,14 @@
 
 package com.tools.security.plugin
 
-import com.tools.security.extension.DependencyCheckConfigurationExtension
+import com.tools.security.extension.DependencyCheckExtension
 import com.tools.security.tasks.DependencyCheckTask
 import org.gradle.api.Plugin
 import org.gradle.api.Project
 
 class DependencyCheckGradlePlugin implements Plugin<Project> {
-    static final String EXTENSION_NAME = 'dependencyCheck'
+    private static final String EXTENSION_NAME = 'dependencyCheck'
+    private static final String TASK_NAME = 'dependencyCheck'
 
     @Override
     void apply(Project project) {
@@ -33,23 +34,10 @@ class DependencyCheckGradlePlugin implements Plugin<Project> {
     }
 
     def initializeConfigurations(Project project) {
-        project.extensions.create(EXTENSION_NAME, DependencyCheckConfigurationExtension)
+        project.extensions.create(EXTENSION_NAME, DependencyCheckExtension)
     }
 
     def registerTasks(Project project) {
-        project.task('dependencyCheck', type: DependencyCheckTask) {
-            def extension = project.extensions.findByName(EXTENSION_NAME)
-            conventionMapping.proxyServer = { extension.proxyServer }
-            conventionMapping.proxyPort = { extension.proxyPort }
-            conventionMapping.proxyUsername = { extension.proxyUsername }
-            conventionMapping.proxyPassword = { extension.proxyPassword }
-            conventionMapping.cveUrl12Modified = { extension.cveUrl12Modified }
-            conventionMapping.cveUrl20Modified = { extension.cveUrl20Modified }
-            conventionMapping.cveStartYear = { extension.cveStartYear }
-            conventionMapping.cveUrl12Base = { extension.cveUrl12Base }
-            conventionMapping.cveUrl20Base = { extension.cveUrl20Base }
-            conventionMapping.outputDirectory = { extension.outputDirectory }
-            conventionMapping.quickQueryTimestamp = { extension.quickQueryTimestamp }
-        }
+        project.task(TASK_NAME, type: DependencyCheckTask)
     }
 }
\ No newline at end of file
diff --git a/dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy b/dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy
index 3e371ec81..6c869657c 100644
--- a/dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy
+++ b/dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy
@@ -28,27 +28,23 @@ import org.owasp.dependencycheck.dependency.Dependency
 import org.owasp.dependencycheck.reporting.ReportGenerator
 import org.owasp.dependencycheck.utils.Settings
 
+import static org.owasp.dependencycheck.utils.Settings.KEYS.CVE_MODIFIED_12_URL
+import static org.owasp.dependencycheck.utils.Settings.KEYS.CVE_MODIFIED_20_URL
+import static org.owasp.dependencycheck.utils.Settings.KEYS.CVE_SCHEMA_1_2
+import static org.owasp.dependencycheck.utils.Settings.KEYS.CVE_SCHEMA_2_0
+import static org.owasp.dependencycheck.utils.Settings.KEYS.CVE_START_YEAR
+import static org.owasp.dependencycheck.utils.Settings.KEYS.DOWNLOADER_QUICK_QUERY_TIMESTAMP
+import static org.owasp.dependencycheck.utils.Settings.KEYS.PROXY_PASSWORD
+import static org.owasp.dependencycheck.utils.Settings.KEYS.PROXY_PORT
+import static org.owasp.dependencycheck.utils.Settings.KEYS.PROXY_SERVER
+import static org.owasp.dependencycheck.utils.Settings.KEYS.PROXY_USERNAME
 import static org.owasp.dependencycheck.utils.Settings.setBoolean
 import static org.owasp.dependencycheck.utils.Settings.setString
 
 class DependencyCheckTask extends DefaultTask {
 
     def currentProjectName = project.getName()
-
-    String proxyServer
-    Integer proxyPort
-    String proxyUsername = ""
-    String proxyPassword = ""
-
-    String cveUrl12Modified = "https://nvd.nist.gov/download/nvdcve-Modified.xml.gz"
-    String cveUrl20Modified = "https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz"
-    Integer cveStartYear = 2002
-    String cveUrl12Base = "https://nvd.nist.gov/download/nvdcve-%d.xml.gz"
-    String cveUrl20Base = "https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml.gz"
-
-    String outputDirectory = "./reports"
-
-    Boolean quickQueryTimestamp = true;
+    def config = project.dependencyCheck
 
     DependencyCheckTask() {
         group = 'Dependency Check'
@@ -111,22 +107,22 @@ class DependencyCheckTask extends DefaultTask {
     }
 
     def generateReportDirectory(String currentProjectName) {
-        "${getOutputDirectory()}/${currentProjectName}"
+        "${config.outputDirectory}/${currentProjectName}"
     }
 
     def overrideProxySetting() {
         if (isProxySettingExist()) {
-            logger.lifecycle("Using proxy ${getProxyServer()}:${getProxyPort()}")
+            logger.lifecycle("Using proxy ${config.proxyServer}:${config.proxyPort}")
 
-            setString(Settings.KEYS.PROXY_SERVER, getProxyServer())
-            setString(Settings.KEYS.PROXY_PORT, "${getProxyPort()}")
-            setString(Settings.KEYS.PROXY_USERNAME, getProxyUsername())
-            setString(Settings.KEYS.PROXY_PASSWORD, getProxyPassword())
+            overrideStringBasedSettingWhenProvided(PROXY_SERVER, config.proxyServer)
+            overrideStringBasedSettingWhenProvided(PROXY_PORT, "${config.proxyPort}")
+            overrideStringBasedSettingWhenProvided(PROXY_USERNAME, config.proxyUsername)
+            overrideStringBasedSettingWhenProvided(PROXY_PASSWORD, config.proxyPassword)
         }
     }
 
     def isProxySettingExist() {
-        getProxyServer() != null && getProxyPort() != null
+        config.proxyServer != null && config.proxyPort != null
     }
 
     def getAllDependencies(project) {
@@ -138,14 +134,35 @@ class DependencyCheckTask extends DefaultTask {
     }
 
     def overrideCveUrlSetting() {
-        setString(Settings.KEYS.CVE_MODIFIED_20_URL, getCveUrl20Modified())
-        setString(Settings.KEYS.CVE_MODIFIED_12_URL, getCveUrl12Modified())
-        setString(Settings.KEYS.CVE_START_YEAR, "${getCveStartYear()}")
-        setString(Settings.KEYS.CVE_SCHEMA_2_0, getCveUrl20Base())
-        setString(Settings.KEYS.CVE_SCHEMA_1_2, getCveUrl12Base())
+        overrideStringBasedSettingWhenProvided(CVE_MODIFIED_20_URL, config.cveUrl20Modified)
+        overrideStringBasedSettingWhenProvided(CVE_MODIFIED_12_URL, config.cveUrl12Modified)
+        overrideIntegerBasedSettingWhenProvided(CVE_START_YEAR, config.cveStartYear)
+        overrideStringBasedSettingWhenProvided(CVE_SCHEMA_2_0, config.cveUrl20Base)
+        overrideStringBasedSettingWhenProvided(CVE_SCHEMA_1_2, config.cveUrl12Base)
     }
 
     def overrideDownloaderSetting() {
-        setBoolean(Settings.KEYS.DOWNLOADER_QUICK_QUERY_TIMESTAMP, getQuickQueryTimestamp())
+        overrideBooleanBasedSettingWhenProvided(DOWNLOADER_QUICK_QUERY_TIMESTAMP, config.quickQueryTimestamp)
+    }
+
+    private overrideStringBasedSettingWhenProvided(String key, String providedValue) {
+        if (providedValue != null) {
+            logger.lifecycle("Setting [${key}] overrided with value [${providedValue}]")
+            setString(key, providedValue)
+        }
+    }
+
+    private overrideIntegerBasedSettingWhenProvided(String key, Integer providedValue) {
+        if (providedValue != null) {
+            logger.lifecycle("Setting [${key}] overrided with value [${providedValue}]")
+            setString(key, "${providedValue}")
+        }
+    }
+
+    private overrideBooleanBasedSettingWhenProvided(String key, Boolean providedValue) {
+        if (providedValue != null) {
+            logger.lifecycle("Setting [${key}] overrided with value [${providedValue}]")
+            setBoolean(key, providedValue)
+        }
     }
 }

From 9a7c342f91bca901c298cda41fa1295415740f5e Mon Sep 17 00:00:00 2001
From: ma wei <wma@thoughtworks.com>
Date: Mon, 24 Aug 2015 22:25:03 +0800
Subject: [PATCH 3/3] modify spec for testing project extension

---
 .../DependencyCheckGradlePluginSpec.groovy    | 45 +++++++++----------
 1 file changed, 22 insertions(+), 23 deletions(-)

diff --git a/dependency-check-gradle/src/test/groovy/com/tools/security/plugin/DependencyCheckGradlePluginSpec.groovy b/dependency-check-gradle/src/test/groovy/com/tools/security/plugin/DependencyCheckGradlePluginSpec.groovy
index 6a9666240..a75db628b 100644
--- a/dependency-check-gradle/src/test/groovy/com/tools/security/plugin/DependencyCheckGradlePluginSpec.groovy
+++ b/dependency-check-gradle/src/test/groovy/com/tools/security/plugin/DependencyCheckGradlePluginSpec.groovy
@@ -48,17 +48,17 @@ class DependencyCheckGradlePluginSpec extends PluginProjectSpec {
         expect:
         task.group == 'Dependency Check'
         task.description == 'Produce dependency security report.'
-        task.proxyServer == null
-        task.proxyPort == null
-        task.proxyUsername == ''
-        task.proxyPassword == ''
-        task.cveUrl12Modified == 'https://nvd.nist.gov/download/nvdcve-Modified.xml.gz'
-        task.cveUrl20Modified == 'https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz'
-        task.cveStartYear == 2002
-        task.cveUrl12Base == 'https://nvd.nist.gov/download/nvdcve-%d.xml.gz'
-        task.cveUrl20Base == 'https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml.gz'
-        task.outputDirectory == './reports'
-        task.quickQueryTimestamp == true
+        project.dependencyCheck.proxyServer == null
+        project.dependencyCheck.proxyPort == null
+        project.dependencyCheck.proxyUsername == null
+        project.dependencyCheck.proxyPassword == null
+        project.dependencyCheck.cveUrl12Modified == null
+        project.dependencyCheck.cveUrl20Modified == null
+        project.dependencyCheck.cveStartYear == null
+        project.dependencyCheck.cveUrl12Base == null
+        project.dependencyCheck.cveUrl20Base == null
+        project.dependencyCheck.outputDirectory == './reports'
+        project.dependencyCheck.quickQueryTimestamp == null
     }
 
     def 'tasks use correct values when extension is used'() {
@@ -78,17 +78,16 @@ class DependencyCheckGradlePluginSpec extends PluginProjectSpec {
         }
 
         then:
-        Task task = project.tasks.findByName( 'dependencyCheck' )
-        task.proxyServer == '127.0.0.1'
-        task.proxyPort == 3128
-        task.proxyUsername == 'proxyUsername'
-        task.proxyPassword == 'proxyPassword'
-        task.cveUrl12Modified == 'cveUrl12Modified'
-        task.cveUrl20Modified == 'cveUrl20Modified'
-        task.cveStartYear == 2002
-        task.cveUrl12Base == 'cveUrl12Base'
-        task.cveUrl20Base == 'cveUrl20Base'
-        task.outputDirectory == 'outputDirectory'
-        task.quickQueryTimestamp == false
+        project.dependencyCheck.proxyServer == '127.0.0.1'
+        project.dependencyCheck.proxyPort == 3128
+        project.dependencyCheck.proxyUsername == 'proxyUsername'
+        project.dependencyCheck.proxyPassword == 'proxyPassword'
+        project.dependencyCheck.cveUrl12Modified == 'cveUrl12Modified'
+        project.dependencyCheck.cveUrl20Modified == 'cveUrl20Modified'
+        project.dependencyCheck.cveStartYear == 2002
+        project.dependencyCheck.cveUrl12Base == 'cveUrl12Base'
+        project.dependencyCheck.cveUrl20Base == 'cveUrl20Base'
+        project.dependencyCheck.outputDirectory == 'outputDirectory'
+        project.dependencyCheck.quickQueryTimestamp == false
     }
 }