mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-22 00:59:34 +01:00
Merge pull request #322 from wmaintw/master
Remove duplicated configuration items in DependencyCheckTask
This commit is contained in:
Jeremy Long
@@ -18,19 +18,19 @@
|
|||||||
|
|
||||||
package com.tools.security.extension
|
package com.tools.security.extension
|
||||||
|
|
||||||
class DependencyCheckConfigurationExtension {
|
class DependencyCheckExtension {
|
||||||
String proxyServer
|
String proxyServer
|
||||||
Integer proxyPort
|
Integer proxyPort
|
||||||
String proxyUsername = ""
|
String proxyUsername
|
||||||
String proxyPassword = ""
|
String proxyPassword
|
||||||
|
|
||||||
String cveUrl12Modified = "https://nvd.nist.gov/download/nvdcve-Modified.xml.gz"
|
String cveUrl20Modified
|
||||||
String cveUrl20Modified = "https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz"
|
String cveUrl12Modified
|
||||||
Integer cveStartYear = 2002
|
Integer cveStartYear
|
||||||
String cveUrl12Base = "https://nvd.nist.gov/download/nvdcve-%d.xml.gz"
|
String cveUrl20Base
|
||||||
String cveUrl20Base = "https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml.gz"
|
String cveUrl12Base
|
||||||
|
|
||||||
String outputDirectory = "./reports"
|
String outputDirectory = "./reports"
|
||||||
|
|
||||||
Boolean quickQueryTimestamp = true;
|
Boolean quickQueryTimestamp;
|
||||||
}
|
}
|
||||||
@@ -18,13 +18,14 @@
|
|||||||
|
|
||||||
package com.tools.security.plugin
|
package com.tools.security.plugin
|
||||||
|
|
||||||
import com.tools.security.extension.DependencyCheckConfigurationExtension
|
import com.tools.security.extension.DependencyCheckExtension
|
||||||
import com.tools.security.tasks.DependencyCheckTask
|
import com.tools.security.tasks.DependencyCheckTask
|
||||||
import org.gradle.api.Plugin
|
import org.gradle.api.Plugin
|
||||||
import org.gradle.api.Project
|
import org.gradle.api.Project
|
||||||
|
|
||||||
class DependencyCheckGradlePlugin implements Plugin<Project> {
|
class DependencyCheckGradlePlugin implements Plugin<Project> {
|
||||||
static final String EXTENSION_NAME = 'dependencyCheck'
|
private static final String EXTENSION_NAME = 'dependencyCheck'
|
||||||
|
private static final String TASK_NAME = 'dependencyCheck'
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
void apply(Project project) {
|
void apply(Project project) {
|
||||||
@@ -33,23 +34,10 @@ class DependencyCheckGradlePlugin implements Plugin<Project> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
def initializeConfigurations(Project project) {
|
def initializeConfigurations(Project project) {
|
||||||
project.extensions.create(EXTENSION_NAME, DependencyCheckConfigurationExtension)
|
project.extensions.create(EXTENSION_NAME, DependencyCheckExtension)
|
||||||
}
|
}
|
||||||
|
|
||||||
def registerTasks(Project project) {
|
def registerTasks(Project project) {
|
||||||
project.task('dependencyCheck', type: DependencyCheckTask) {
|
project.task(TASK_NAME, type: DependencyCheckTask)
|
||||||
def extension = project.extensions.findByName(EXTENSION_NAME)
|
|
||||||
conventionMapping.proxyServer = { extension.proxyServer }
|
|
||||||
conventionMapping.proxyPort = { extension.proxyPort }
|
|
||||||
conventionMapping.proxyUsername = { extension.proxyUsername }
|
|
||||||
conventionMapping.proxyPassword = { extension.proxyPassword }
|
|
||||||
conventionMapping.cveUrl12Modified = { extension.cveUrl12Modified }
|
|
||||||
conventionMapping.cveUrl20Modified = { extension.cveUrl20Modified }
|
|
||||||
conventionMapping.cveStartYear = { extension.cveStartYear }
|
|
||||||
conventionMapping.cveUrl12Base = { extension.cveUrl12Base }
|
|
||||||
conventionMapping.cveUrl20Base = { extension.cveUrl20Base }
|
|
||||||
conventionMapping.outputDirectory = { extension.outputDirectory }
|
|
||||||
conventionMapping.quickQueryTimestamp = { extension.quickQueryTimestamp }
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -28,27 +28,23 @@ import org.owasp.dependencycheck.dependency.Dependency
|
|||||||
import org.owasp.dependencycheck.reporting.ReportGenerator
|
import org.owasp.dependencycheck.reporting.ReportGenerator
|
||||||
import org.owasp.dependencycheck.utils.Settings
|
import org.owasp.dependencycheck.utils.Settings
|
||||||
|
|
||||||
|
import static org.owasp.dependencycheck.utils.Settings.KEYS.CVE_MODIFIED_12_URL
|
||||||
|
import static org.owasp.dependencycheck.utils.Settings.KEYS.CVE_MODIFIED_20_URL
|
||||||
|
import static org.owasp.dependencycheck.utils.Settings.KEYS.CVE_SCHEMA_1_2
|
||||||
|
import static org.owasp.dependencycheck.utils.Settings.KEYS.CVE_SCHEMA_2_0
|
||||||
|
import static org.owasp.dependencycheck.utils.Settings.KEYS.CVE_START_YEAR
|
||||||
|
import static org.owasp.dependencycheck.utils.Settings.KEYS.DOWNLOADER_QUICK_QUERY_TIMESTAMP
|
||||||
|
import static org.owasp.dependencycheck.utils.Settings.KEYS.PROXY_PASSWORD
|
||||||
|
import static org.owasp.dependencycheck.utils.Settings.KEYS.PROXY_PORT
|
||||||
|
import static org.owasp.dependencycheck.utils.Settings.KEYS.PROXY_SERVER
|
||||||
|
import static org.owasp.dependencycheck.utils.Settings.KEYS.PROXY_USERNAME
|
||||||
import static org.owasp.dependencycheck.utils.Settings.setBoolean
|
import static org.owasp.dependencycheck.utils.Settings.setBoolean
|
||||||
import static org.owasp.dependencycheck.utils.Settings.setString
|
import static org.owasp.dependencycheck.utils.Settings.setString
|
||||||
|
|
||||||
class DependencyCheckTask extends DefaultTask {
|
class DependencyCheckTask extends DefaultTask {
|
||||||
|
|
||||||
def currentProjectName = project.getName()
|
def currentProjectName = project.getName()
|
||||||
|
def config = project.dependencyCheck
|
||||||
String proxyServer
|
|
||||||
Integer proxyPort
|
|
||||||
String proxyUsername = ""
|
|
||||||
String proxyPassword = ""
|
|
||||||
|
|
||||||
String cveUrl12Modified = "https://nvd.nist.gov/download/nvdcve-Modified.xml.gz"
|
|
||||||
String cveUrl20Modified = "https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz"
|
|
||||||
Integer cveStartYear = 2002
|
|
||||||
String cveUrl12Base = "https://nvd.nist.gov/download/nvdcve-%d.xml.gz"
|
|
||||||
String cveUrl20Base = "https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml.gz"
|
|
||||||
|
|
||||||
String outputDirectory = "./reports"
|
|
||||||
|
|
||||||
Boolean quickQueryTimestamp = true;
|
|
||||||
|
|
||||||
DependencyCheckTask() {
|
DependencyCheckTask() {
|
||||||
group = 'Dependency Check'
|
group = 'Dependency Check'
|
||||||
@@ -111,22 +107,22 @@ class DependencyCheckTask extends DefaultTask {
|
|||||||
}
|
}
|
||||||
|
|
||||||
def generateReportDirectory(String currentProjectName) {
|
def generateReportDirectory(String currentProjectName) {
|
||||||
"${getOutputDirectory()}/${currentProjectName}"
|
"${config.outputDirectory}/${currentProjectName}"
|
||||||
}
|
}
|
||||||
|
|
||||||
def overrideProxySetting() {
|
def overrideProxySetting() {
|
||||||
if (isProxySettingExist()) {
|
if (isProxySettingExist()) {
|
||||||
logger.lifecycle("Using proxy ${getProxyServer()}:${getProxyPort()}")
|
logger.lifecycle("Using proxy ${config.proxyServer}:${config.proxyPort}")
|
||||||
|
|
||||||
setString(Settings.KEYS.PROXY_SERVER, getProxyServer())
|
overrideStringBasedSettingWhenProvided(PROXY_SERVER, config.proxyServer)
|
||||||
setString(Settings.KEYS.PROXY_PORT, "${getProxyPort()}")
|
overrideStringBasedSettingWhenProvided(PROXY_PORT, "${config.proxyPort}")
|
||||||
setString(Settings.KEYS.PROXY_USERNAME, getProxyUsername())
|
overrideStringBasedSettingWhenProvided(PROXY_USERNAME, config.proxyUsername)
|
||||||
setString(Settings.KEYS.PROXY_PASSWORD, getProxyPassword())
|
overrideStringBasedSettingWhenProvided(PROXY_PASSWORD, config.proxyPassword)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
def isProxySettingExist() {
|
def isProxySettingExist() {
|
||||||
getProxyServer() != null && getProxyPort() != null
|
config.proxyServer != null && config.proxyPort != null
|
||||||
}
|
}
|
||||||
|
|
||||||
def getAllDependencies(project) {
|
def getAllDependencies(project) {
|
||||||
@@ -138,14 +134,35 @@ class DependencyCheckTask extends DefaultTask {
|
|||||||
}
|
}
|
||||||
|
|
||||||
def overrideCveUrlSetting() {
|
def overrideCveUrlSetting() {
|
||||||
setString(Settings.KEYS.CVE_MODIFIED_20_URL, getCveUrl20Modified())
|
overrideStringBasedSettingWhenProvided(CVE_MODIFIED_20_URL, config.cveUrl20Modified)
|
||||||
setString(Settings.KEYS.CVE_MODIFIED_12_URL, getCveUrl12Modified())
|
overrideStringBasedSettingWhenProvided(CVE_MODIFIED_12_URL, config.cveUrl12Modified)
|
||||||
setString(Settings.KEYS.CVE_START_YEAR, "${getCveStartYear()}")
|
overrideIntegerBasedSettingWhenProvided(CVE_START_YEAR, config.cveStartYear)
|
||||||
setString(Settings.KEYS.CVE_SCHEMA_2_0, getCveUrl20Base())
|
overrideStringBasedSettingWhenProvided(CVE_SCHEMA_2_0, config.cveUrl20Base)
|
||||||
setString(Settings.KEYS.CVE_SCHEMA_1_2, getCveUrl12Base())
|
overrideStringBasedSettingWhenProvided(CVE_SCHEMA_1_2, config.cveUrl12Base)
|
||||||
}
|
}
|
||||||
|
|
||||||
def overrideDownloaderSetting() {
|
def overrideDownloaderSetting() {
|
||||||
setBoolean(Settings.KEYS.DOWNLOADER_QUICK_QUERY_TIMESTAMP, getQuickQueryTimestamp())
|
overrideBooleanBasedSettingWhenProvided(DOWNLOADER_QUICK_QUERY_TIMESTAMP, config.quickQueryTimestamp)
|
||||||
|
}
|
||||||
|
|
||||||
|
private overrideStringBasedSettingWhenProvided(String key, String providedValue) {
|
||||||
|
if (providedValue != null) {
|
||||||
|
logger.lifecycle("Setting [${key}] overrided with value [${providedValue}]")
|
||||||
|
setString(key, providedValue)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private overrideIntegerBasedSettingWhenProvided(String key, Integer providedValue) {
|
||||||
|
if (providedValue != null) {
|
||||||
|
logger.lifecycle("Setting [${key}] overrided with value [${providedValue}]")
|
||||||
|
setString(key, "${providedValue}")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private overrideBooleanBasedSettingWhenProvided(String key, Boolean providedValue) {
|
||||||
|
if (providedValue != null) {
|
||||||
|
logger.lifecycle("Setting [${key}] overrided with value [${providedValue}]")
|
||||||
|
setBoolean(key, providedValue)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,19 +0,0 @@
|
|||||||
#
|
|
||||||
# This file is part of dependency-check-gradle.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
#
|
|
||||||
# Copyright (c) 2015 Wei Ma. All Rights Reserved.
|
|
||||||
#
|
|
||||||
|
|
||||||
implementation-class=com.tools.security.plugin.DependencyCheckGradlePlugin
|
|
||||||
@@ -48,17 +48,17 @@ class DependencyCheckGradlePluginSpec extends PluginProjectSpec {
|
|||||||
expect:
|
expect:
|
||||||
task.group == 'Dependency Check'
|
task.group == 'Dependency Check'
|
||||||
task.description == 'Produce dependency security report.'
|
task.description == 'Produce dependency security report.'
|
||||||
task.proxyServer == null
|
project.dependencyCheck.proxyServer == null
|
||||||
task.proxyPort == null
|
project.dependencyCheck.proxyPort == null
|
||||||
task.proxyUsername == ''
|
project.dependencyCheck.proxyUsername == null
|
||||||
task.proxyPassword == ''
|
project.dependencyCheck.proxyPassword == null
|
||||||
task.cveUrl12Modified == 'https://nvd.nist.gov/download/nvdcve-Modified.xml.gz'
|
project.dependencyCheck.cveUrl12Modified == null
|
||||||
task.cveUrl20Modified == 'https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz'
|
project.dependencyCheck.cveUrl20Modified == null
|
||||||
task.cveStartYear == 2002
|
project.dependencyCheck.cveStartYear == null
|
||||||
task.cveUrl12Base == 'https://nvd.nist.gov/download/nvdcve-%d.xml.gz'
|
project.dependencyCheck.cveUrl12Base == null
|
||||||
task.cveUrl20Base == 'https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml.gz'
|
project.dependencyCheck.cveUrl20Base == null
|
||||||
task.outputDirectory == './reports'
|
project.dependencyCheck.outputDirectory == './reports'
|
||||||
task.quickQueryTimestamp == true
|
project.dependencyCheck.quickQueryTimestamp == null
|
||||||
}
|
}
|
||||||
|
|
||||||
def 'tasks use correct values when extension is used'() {
|
def 'tasks use correct values when extension is used'() {
|
||||||
@@ -78,17 +78,16 @@ class DependencyCheckGradlePluginSpec extends PluginProjectSpec {
|
|||||||
}
|
}
|
||||||
|
|
||||||
then:
|
then:
|
||||||
Task task = project.tasks.findByName( 'dependencyCheck' )
|
project.dependencyCheck.proxyServer == '127.0.0.1'
|
||||||
task.proxyServer == '127.0.0.1'
|
project.dependencyCheck.proxyPort == 3128
|
||||||
task.proxyPort == 3128
|
project.dependencyCheck.proxyUsername == 'proxyUsername'
|
||||||
task.proxyUsername == 'proxyUsername'
|
project.dependencyCheck.proxyPassword == 'proxyPassword'
|
||||||
task.proxyPassword == 'proxyPassword'
|
project.dependencyCheck.cveUrl12Modified == 'cveUrl12Modified'
|
||||||
task.cveUrl12Modified == 'cveUrl12Modified'
|
project.dependencyCheck.cveUrl20Modified == 'cveUrl20Modified'
|
||||||
task.cveUrl20Modified == 'cveUrl20Modified'
|
project.dependencyCheck.cveStartYear == 2002
|
||||||
task.cveStartYear == 2002
|
project.dependencyCheck.cveUrl12Base == 'cveUrl12Base'
|
||||||
task.cveUrl12Base == 'cveUrl12Base'
|
project.dependencyCheck.cveUrl20Base == 'cveUrl20Base'
|
||||||
task.cveUrl20Base == 'cveUrl20Base'
|
project.dependencyCheck.outputDirectory == 'outputDirectory'
|
||||||
task.outputDirectory == 'outputDirectory'
|
project.dependencyCheck.quickQueryTimestamp == false
|
||||||
task.quickQueryTimestamp == false
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user