github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 07:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

checkstyle corrections, added javadoc, etc.

Browse Source 
Former-commit-id: 2b806cb8527a627d400644465bcf9f04d687d729
This commit is contained in:
Jeremy Long
2014-08-30 15:19:52 -04:00
parent e13225eee6
commit b6b070584f
3 changed files with 114 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java
View File

@@ -68,7 +68,7 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
/**
* Logger field reference.
*/
private static final Logger logger = Logger.getLogger(DependencyCheckMojo.class.getName());
private static final Logger LOGGER = Logger.getLogger(DependencyCheckMojo.class.getName());
/**
* The properties file location.
*/
@@ -312,7 +312,7 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
* @throws DatabaseException thrown if there is an exception connecting to the database
*/
private Engine executeDependencyCheck(MavenProject project) throws DatabaseException {
Engine localEngine = initializeEngine();
final Engine localEngine = initializeEngine();
final Set<Artifact> artifacts = project.getArtifacts();
for (Artifact a : artifacts) {
@@ -327,6 +327,12 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
return localEngine;
}
/**
* Initializes a new <code>Engine</code> that can be used for scanning.
*
* @return a newly instantiated <code>Engine</code>
* @throws DatabaseException thrown if there is a database exception
*/
private Engine initializeEngine() throws DatabaseException {
populateSettings();
final Engine localEngine = new Engine();
@@ -364,14 +370,14 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
mojoProperties = this.getClass().getClassLoader().getResourceAsStream(PROPERTIES_FILE);
Settings.mergeProperties(mojoProperties);
} catch (IOException ex) {
logger.log(Level.WARNING, "Unable to load the dependency-check ant task.properties file.");
logger.log(Level.FINE, null, ex);
LOGGER.log(Level.WARNING, "Unable to load the dependency-check ant task.properties file.");
LOGGER.log(Level.FINE, null, ex);
} finally {
if (mojoProperties != null) {
try {
mojoProperties.close();
} catch (IOException ex) {
logger.log(Level.FINEST, null, ex);
LOGGER.log(Level.FINEST, null, ex);
}
}
}
@@ -379,7 +385,7 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
if (proxyUrl != null && !proxyUrl.isEmpty()) {
logger.warning("Deprecated configuration detected, proxyUrl will be ignored; use the maven settings to configure the proxy instead");
LOGGER.warning("Deprecated configuration detected, proxyUrl will be ignored; use the maven settings to configure the proxy instead");
}
final Proxy proxy = getMavenProxy();
@@ -485,7 +491,7 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
} else if (proxies.size() == 1) {
return proxies.get(0);
} else {
logger.warning("Multiple proxy defentiions exist in the Maven settings. In the dependency-check "
LOGGER.warning("Multiple proxy defentiions exist in the Maven settings. In the dependency-check "
+ "configuration set the maveSettingsProxyId so that the correct proxy will be used.");
throw new IllegalStateException("Ambiguous proxy definition");
}
@@ -513,9 +519,9 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
checkForFailure(engine.getDependencies());
}
} catch (DatabaseException ex) {
logger.log(Level.SEVERE,
LOGGER.log(Level.SEVERE,
"Unable to connect to the dependency-check database; analysis has stopped");
logger.log(Level.FINE, "", ex);
LOGGER.log(Level.FINE, "", ex);
}
}
@@ -537,6 +543,9 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
}
}
/**
* Calls <code>engine.cleanup()</code> to release resources.
*/
private void cleanupEngine() {
if (engine != null) {
engine.cleanup();
@@ -554,7 +563,7 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
@Override
protected void executeNonAggregateReport(Locale locale) throws MavenReportException {
List<Dependency> deps = readDataFile();
final List<Dependency> deps = readDataFile();
if (deps != null) {
try {
engine = initializeEngine();
@@ -584,14 +593,16 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
engine = initializeEngine();
engine.getDependencies().addAll(deps);
} catch (DatabaseException ex) {
final String msg = String.format("An unrecoverable exception with the dependency-check initialization occured while scanning %s", project.getName());
final String msg = String.format("An unrecoverable exception with the dependency-check initialization occured while scanning %s",
project.getName());
throw new MavenReportException(msg, ex);
}
} else {
try {
engine = executeDependencyCheck(project);
} catch (DatabaseException ex) {
final String msg = String.format("An unrecoverable exception with the dependency-check scan occured while scanning %s", project.getName());
final String msg = String.format("An unrecoverable exception with the dependency-check scan occured while scanning %s",
project.getName());
throw new MavenReportException(msg, ex);
}
}
@@ -599,19 +610,19 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
deps = readDataFile(child);
if (deps == null) {
final String msg = String.format("Unable to include information on %s in the dependency-check aggregate report", child.getName());
logger.severe(msg);
LOGGER.severe(msg);
} else {
engine.getDependencies().addAll(deps);
}
}
DependencyBundlingAnalyzer bundler = new DependencyBundlingAnalyzer();
final DependencyBundlingAnalyzer bundler = new DependencyBundlingAnalyzer();
try {
bundler.analyze(null, engine);
} catch (AnalysisException ex) {
logger.log(Level.WARNING, "An error occured grouping the dependencies; duplicate entries may exist in the report", ex);
logger.log(Level.FINE, "Bundling Exception", ex);
LOGGER.log(Level.WARNING, "An error occured grouping the dependencies; duplicate entries may exist in the report", ex);
LOGGER.log(Level.FINE, "Bundling Exception", ex);
}
File outputDir = getReportOutputDirectory(project);
final File outputDir = getReportOutputDirectory(project);
if (outputDir != null) {
ReportingUtil.generateExternalReports(engine, outputDir, project.getName(), format);
}
@@ -632,7 +643,7 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
} else if ("VULN".equalsIgnoreCase(this.format)) {
return "dependency-check-vulnerability";
} else {
logger.log(Level.WARNING, "Unknown report format used during site generation.");
LOGGER.log(Level.WARNING, "Unknown report format used during site generation.");
return "dependency-check-report";
}
}
@@ -686,7 +697,7 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
} else {
msg = "No project dependencies exist - dependency-check:check is unable to generate a report.";
}
logger.warning(msg);
LOGGER.warning(msg);
}
return false;
@@ -788,7 +799,7 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
final String msg = String.format("%n%n"
+ "One or more dependencies were identified with known vulnerabilities:%n%n%s"
+ "%n%nSee the dependency-check report for more details.%n%n", summary.toString());
logger.log(Level.WARNING, msg);
LOGGER.log(Level.WARNING, msg);
}
}
//</editor-fold>
@@ -805,9 +816,9 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
if (engine != null && getProject().getContextValue(this.getDataFileContextKey()) == null) {
file = new File(getProject().getBuild().getDirectory(), getDataFileName());
try {
OutputStream os = new FileOutputStream(file);
OutputStream bos = new BufferedOutputStream(os);
ObjectOutput out = new ObjectOutputStream(bos);
final OutputStream os = new FileOutputStream(file);
final OutputStream bos = new BufferedOutputStream(os);
final ObjectOutput out = new ObjectOutputStream(bos);
try {
out.writeObject(engine.getDependencies());
out.flush();
@@ -816,9 +827,9 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
}
//getProject().setContextValue(this.getDataFileContextKey(), file.getAbsolutePath());
} catch (IOException ex) {
logger.log(Level.WARNING, "Unable to create data file used for report aggregation; "
LOGGER.log(Level.WARNING, "Unable to create data file used for report aggregation; "
+ "if report aggregation is being used the results may be incomplete.");
logger.log(Level.FINE, ex.getMessage(), ex);
LOGGER.log(Level.FINE, ex.getMessage(), ex);
}
}
return file;
@@ -844,29 +855,29 @@ public class DependencyCheckMojo extends ReportAggregationMojo {
* <code>null</code> is returned
*/
protected List<Dependency> readDataFile(MavenProject project) {
Object oPath = project.getContextValue(this.getDataFileContextKey());
final Object oPath = project.getContextValue(this.getDataFileContextKey());
if (oPath == null) {
return null;
}
List<Dependency> ret = null;
String path = (String) oPath;
final String path = (String) oPath;
ObjectInputStream ois = null;
try {
ois = new ObjectInputStream(new FileInputStream(path));
ret = (List<Dependency>) ois.readObject();
} catch (FileNotFoundException ex) {
//TODO fix logging
logger.log(Level.SEVERE, null, ex);
LOGGER.log(Level.SEVERE, null, ex);
} catch (IOException ex) {
logger.log(Level.SEVERE, null, ex);
LOGGER.log(Level.SEVERE, null, ex);
} catch (ClassNotFoundException ex) {
logger.log(Level.SEVERE, null, ex);
LOGGER.log(Level.SEVERE, null, ex);
} finally {
if (ois != null) {
try {
ois.close();
} catch (IOException ex) {
logger.log(Level.SEVERE, null, ex);
LOGGER.log(Level.SEVERE, null, ex);
}
}
}

77
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/ReportAggregationMojo.java
View File

@@ -68,7 +68,7 @@ public abstract class ReportAggregationMojo extends AbstractMojo implements Mave
/**
* Logger field reference.
*/
private static final Logger logger = Logger.getLogger(ReportAggregationMojo.class.getName());
private static final Logger LOGGER = Logger.getLogger(ReportAggregationMojo.class.getName());
/**
* List of Maven project of the current build
@@ -114,8 +114,14 @@ public abstract class ReportAggregationMojo extends AbstractMojo implements Mave
return reportOutputDirectory;
}
/**
* Returns the output directory for the given project.
*
* @param project the Maven project to get the output directory for
* @return the output directory for the given project
*/
public File getReportOutputDirectory(MavenProject project) {
Object o = project.getContextValue(getOutputDirectoryContextKey());
final Object o = project.getContextValue(getOutputDirectoryContextKey());
if (o != null && o instanceof File) {
return (File) o;
}
@@ -135,29 +141,67 @@ public abstract class ReportAggregationMojo extends AbstractMojo implements Mave
/**
* The collection of child projects.
*/
private final Map< MavenProject, Set<MavenProject>> projectChildren = new HashMap<MavenProject, Set<MavenProject>>();
private final Map<MavenProject, Set<MavenProject>> projectChildren = new HashMap<MavenProject, Set<MavenProject>>();
/**
* Called before execute; allows for any setup that is needed. If this is overridden you must call
* </code>super.preExecute()</code>.
*
* @throws MojoExecutionException thrown if there is an issue executing the mojo
* @throws MojoFailureException thrown if there is an issue executing the mojo
*/
protected void preExecute() throws MojoExecutionException, MojoFailureException {
buildAggregateInfo();
}
/**
* Called when the mojo is being executed.
*
* @throws MojoExecutionException thrown if there is an issue executing the mojo
* @throws MojoFailureException thrown if there is an issue executing the mojo
*/
protected abstract void performExecute() throws MojoExecutionException, MojoFailureException;
/**
* Runs after the mojo has executed. This implementation will call <code>writeDataFile()</code>. As such, it is
* important that if this method is overriden that <code>super.postExecute()</code> is called.
*
* @throws MojoExecutionException thrown if there is an issue executing the mojo
* @throws MojoFailureException thrown if there is an issue executing the mojo
*/
protected void postExecute() throws MojoExecutionException, MojoFailureException {
File written = writeDataFile();
final File written = writeDataFile();
if (written != null) {
project.setContextValue(getDataFileContextKey(), written.getAbsolutePath());
}
}
/**
* Returns the key used to store the path to the data file that is saved by <code>writeDataFile()</code>. This key
* is used in the <code>MavenProject.(set|get)ContextValue</code>.
*
* @return the key used to store the path to the data file
*/
protected String getDataFileContextKey() {
return "dependency-check-path-" + this.getDataFileName();
}
/**
* Returns the key used to store the path to the output directory. When generating the report in the
* <code>executeAggregateReport()</code> the output directory should be obtained by using this key.
*
* @return the key used to store the path to the output directory
*/
protected String getOutputDirectoryContextKey() {
return "dependency-output-dir-" + this.getDataFileName();
}
/**
* Is called by Maven to execute the mojo.
*
* @throws MojoExecutionException thrown if there is an issue executing the mojo
* @throws MojoFailureException thrown if there is an issue executing the mojo
*/
public final void execute() throws MojoExecutionException, MojoFailureException {
try {
preExecute();
@@ -184,7 +228,7 @@ public abstract class ReportAggregationMojo extends AbstractMojo implements Mave
* @throws MavenReportException if a maven report exception occurs
*/
protected void postGenerate() throws MavenReportException {
File written = writeDataFile();
final File written = writeDataFile();
if (written != null) {
project.setContextValue(getDataFileContextKey(), written.getAbsolutePath());
}
@@ -308,12 +352,12 @@ public abstract class ReportAggregationMojo extends AbstractMojo implements Mave
* @return a list of child projects
*/
protected List<MavenProject> getAllChildren(MavenProject parentProject) {
Set<MavenProject> children = projectChildren.get(parentProject);
final Set<MavenProject> children = projectChildren.get(parentProject);
if (children == null) {
return Collections.emptyList();
}
List<MavenProject> result = new ArrayList<MavenProject>();
final List<MavenProject> result = new ArrayList<MavenProject>();
for (MavenProject child : children) {
if (isMultiModule(child)) {
result.addAll(getAllChildren(child));
@@ -324,8 +368,14 @@ public abstract class ReportAggregationMojo extends AbstractMojo implements Mave
return result;
}
/**
* Returns a list of data files that were produced by the direct children of the given MavenProject.
*
* @param project the Maven project to obtain the child data files from
* @return a list of the data files
*/
protected List<File> getAllChildDataFiles(MavenProject project) {
List<MavenProject> children = getAllChildren(project);
final List<MavenProject> children = getAllChildren(project);
return getDataFiles(children);
}
@@ -336,13 +386,13 @@ public abstract class ReportAggregationMojo extends AbstractMojo implements Mave
* @return a list of output files
*/
protected List<File> getDataFiles(List<MavenProject> projects) {
List<File> files = new ArrayList<File>();
final List<File> files = new ArrayList<File>();
for (MavenProject proj : projects) {
Object path = project.getContextValue(getDataFileContextKey());
final Object path = project.getContextValue(getDataFileContextKey());
if (path == null) {
final String msg = String.format("Unable to aggregate data for '%s' - aggregate data file was not generated",
proj.getName());
logger.warning(msg);
LOGGER.warning(msg);
} else {
File outputFile = new File((String) path);
if (outputFile.exists()) {
@@ -351,7 +401,7 @@ public abstract class ReportAggregationMojo extends AbstractMojo implements Mave
if (!isMultiModule(project)) {
final String msg = String.format("Unable to aggregate data for '%s' - missing data file '%s'",
proj.getName(), outputFile.getPath());
logger.warning(msg);
LOGGER.warning(msg);
}
}
}
@@ -372,7 +422,6 @@ public abstract class ReportAggregationMojo extends AbstractMojo implements Mave
/**
* Test if the current project has pom packaging
*
* @param mavenProject Project to test
* @return <code>true</code> if it has a pom packaging; otherwise <code>false</code>
*/
protected boolean isMultiModule() {
@@ -405,7 +454,7 @@ public abstract class ReportAggregationMojo extends AbstractMojo implements Mave
* defined then the abstract class (i.e. this class) will not have access to the current project (just the way Maven
* works with the binding).
*
* @return
* @return returns a reference to the current project
*/
protected MavenProject getProject() {
return project;

15
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/ReportingUtil.java
View File

@@ -50,7 +50,7 @@ final class ReportingUtil {
/**
* Logger field reference.
*/
private static final Logger logger = Logger.getLogger(ReportingUtil.class.getName());
private static final Logger LOGGER = Logger.getLogger(ReportingUtil.class.getName());
/**
* Empty private constructor for this utility class.
@@ -63,6 +63,8 @@ final class ReportingUtil {
*
* @param engine a dependency-check engine
* @param outDirectory the directory to write the reports to
* @param projectName the name of the project that a report is being generated for
* @param format the format of the report to generate
*/
static void generateExternalReports(Engine engine, File outDirectory, String projectName, String format) {
DatabaseProperties prop = null;
@@ -72,7 +74,7 @@ final class ReportingUtil {
cve.open();
prop = cve.getDatabaseProperties();
} catch (DatabaseException ex) {
logger.log(Level.FINE, "Unable to retrieve DB Properties", ex);
LOGGER.log(Level.FINE, "Unable to retrieve DB Properties", ex);
} finally {
if (cve != null) {
cve.close();
@@ -82,13 +84,13 @@ final class ReportingUtil {
try {
r.generateReports(outDirectory.getCanonicalPath(), format);
} catch (IOException ex) {
logger.log(Level.SEVERE,
LOGGER.log(Level.SEVERE,
"Unexpected exception occurred during analysis; please see the verbose error log for more details.");
logger.log(Level.FINE, null, ex);
LOGGER.log(Level.FINE, null, ex);
} catch (Throwable ex) {
logger.log(Level.SEVERE,
LOGGER.log(Level.SEVERE,
"Unexpected exception occurred during analysis; please see the verbose error log for more details.");
logger.log(Level.FINE, null, ex);
LOGGER.log(Level.FINE, null, ex);
}
}
@@ -97,6 +99,7 @@ final class ReportingUtil {
*
* @param engine the engine used to scan the dependencies
* @param sink the sink to write the data to
* @param projectName the name of the project
*/
static void generateMavenSiteReport(final Engine engine, Sink sink, String projectName) {
final List<Dependency> dependencies = engine.getDependencies();