diff --git a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java index 106c098e8..47e83bc10 100644 --- a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java +++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java @@ -285,26 +285,50 @@ public class DependencyCheckTask extends Task { this.reportFormat = reportFormat.getValue(); } /** - * The Proxy URL. + * The Proxy Server. */ - private String proxyUrl; + private String proxyServer; /** - * Get the value of proxyUrl. + * Get the value of proxyServer. * - * @return the value of proxyUrl + * @return the value of proxyServer */ - public String getProxyUrl() { - return proxyUrl; + public String getProxyServer() { + return proxyServer; } /** - * Set the value of proxyUrl. + * Set the value of proxyServer. * - * @param proxyUrl new value of proxyUrl + * @param server new value of proxyServer */ + public void setProxyServer(String server) { + this.proxyServer = server; + } + + /** + * Get the value of proxyServer. + * + * @return the value of proxyServer + * @deprecated use {@link org.owasp.dependencycheck.taskdefs.DependencyCheckTask#getProxyServer()} instead + */ + @Deprecated + public String getProxyUrl() { + return proxyServer; + } + + /** + * Set the value of proxyServer. + * + * @param proxyUrl new value of proxyServer + * @deprecated use {@link org.owasp.dependencycheck.taskdefs.DependencyCheckTask#setProxyServer(java.lang.String)} + * instead + */ + @Deprecated public void setProxyUrl(String proxyUrl) { - this.proxyUrl = proxyUrl; + LOGGER.warning("A deprecated configuration option 'proxyUrl' was detected; use 'proxyServer' instead."); + this.proxyServer = proxyUrl; } /** * The Proxy Port. @@ -935,7 +959,7 @@ public class DependencyCheckTask extends Task { /** * Takes the properties supplied and updates the dependency-check settings. Additionally, this sets the system - * properties required to change the proxy url, port, and connection timeout. + * properties required to change the proxy server, port, and connection timeout. */ private void populateSettings() { Settings.initialize(); @@ -967,8 +991,8 @@ public class DependencyCheckTask extends Task { Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate); - if (proxyUrl != null && !proxyUrl.isEmpty()) { - Settings.setString(Settings.KEYS.PROXY_URL, proxyUrl); + if (proxyServer != null && !proxyServer.isEmpty()) { + Settings.setString(Settings.KEYS.PROXY_SERVER, proxyServer); } if (proxyPort != null && !proxyPort.isEmpty()) { Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort); diff --git a/dependency-check-ant/src/site/markdown/configuration.md b/dependency-check-ant/src/site/markdown/configuration.md index bb7997a0b..d09ea5334 100644 --- a/dependency-check-ant/src/site/markdown/configuration.md +++ b/dependency-check-ant/src/site/markdown/configuration.md @@ -32,7 +32,7 @@ failBuildOnCVSS | Specifies if the build should be failed if a CVSS score a format | The report format to be generated (HTML, XML, VULN, ALL). This configuration option has no affect if using this within the Site plugin unless the externalReport is set to true. | HTML logFile | The file path to write verbose logging information. |   suppressionFile | The file path to the XML suppression file \- used to suppress [false positives](../suppression.html) |   -proxyUrl | The Proxy URL. |   +proxyServer | The Proxy Server. |   proxyPort | The Proxy Port. |   proxyUsername | Defines the proxy user name. |   proxyPassword | Defines the proxy password. |   diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java index 15b2df2b2..25748e970 100644 --- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java +++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java @@ -161,7 +161,7 @@ public class App { final boolean autoUpdate = cli.isAutoUpdate(); final String connectionTimeout = cli.getConnectionTimeout(); - final String proxyUrl = cli.getProxyUrl(); + final String proxyServer = cli.getProxyServer(); final String proxyPort = cli.getProxyPort(); final String proxyUser = cli.getProxyUsername(); final String proxyPass = cli.getProxyPassword(); @@ -212,8 +212,8 @@ public class App { Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath()); } Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate); - if (proxyUrl != null && !proxyUrl.isEmpty()) { - Settings.setString(Settings.KEYS.PROXY_URL, proxyUrl); + if (proxyServer != null && !proxyServer.isEmpty()) { + Settings.setString(Settings.KEYS.PROXY_SERVER, proxyServer); } if (proxyPort != null && !proxyPort.isEmpty()) { Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort); diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java index 2705125db..b3069ab6d 100644 --- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java +++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java @@ -19,6 +19,7 @@ package org.owasp.dependencycheck.cli; import java.io.File; import java.io.FileNotFoundException; +import java.util.logging.Logger; import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLineParser; import org.apache.commons.cli.HelpFormatter; @@ -39,6 +40,10 @@ import org.owasp.dependencycheck.utils.Settings; */ public final class CliParser { + /** + * The logger. + */ + private static final Logger LOGGER = Logger.getLogger(CliParser.class.getName()); /** * The command line. */ @@ -85,16 +90,16 @@ public final class CliParser { */ private void validateArgs() throws FileNotFoundException, ParseException { if (isRunScan()) { - validatePathExists(getScanFiles(), ArgumentName.SCAN); - validatePathExists(getReportDirectory(), ArgumentName.OUT); + validatePathExists(getScanFiles(), ARGUMENT.SCAN); + validatePathExists(getReportDirectory(), ARGUMENT.OUT); if (getPathToMono() != null) { - validatePathExists(getPathToMono(), ArgumentName.PATH_TO_MONO); + validatePathExists(getPathToMono(), ARGUMENT.PATH_TO_MONO); } - if (!line.hasOption(ArgumentName.APP_NAME)) { + if (!line.hasOption(ARGUMENT.APP_NAME)) { throw new ParseException("Missing 'app' argument; the scan cannot be run without the an application name."); } - if (line.hasOption(ArgumentName.OUTPUT_FORMAT)) { - final String format = line.getOptionValue(ArgumentName.OUTPUT_FORMAT); + if (line.hasOption(ARGUMENT.OUTPUT_FORMAT)) { + final String format = line.getOptionValue(ARGUMENT.OUTPUT_FORMAT); try { Format.valueOf(format); } catch (IllegalArgumentException ex) { @@ -150,7 +155,7 @@ public final class CliParser { final Options options = new Options(); addStandardOptions(options); addAdvancedOptions(options); - + addDeprecatedOptions(options); return options; } @@ -162,44 +167,44 @@ public final class CliParser { */ @SuppressWarnings("static-access") private void addStandardOptions(final Options options) throws IllegalArgumentException { - final Option help = new Option(ArgumentName.HELP_SHORT, ArgumentName.HELP, false, + final Option help = new Option(ARGUMENT.HELP_SHORT, ARGUMENT.HELP, false, "Print this message."); - final Option advancedHelp = OptionBuilder.withLongOpt(ArgumentName.ADVANCED_HELP) + final Option advancedHelp = OptionBuilder.withLongOpt(ARGUMENT.ADVANCED_HELP) .withDescription("Print the advanced help message.").create(); - final Option version = new Option(ArgumentName.VERSION_SHORT, ArgumentName.VERSION, + final Option version = new Option(ARGUMENT.VERSION_SHORT, ARGUMENT.VERSION, false, "Print the version information."); - final Option noUpdate = new Option(ArgumentName.DISABLE_AUTO_UPDATE_SHORT, ArgumentName.DISABLE_AUTO_UPDATE, + final Option noUpdate = new Option(ARGUMENT.DISABLE_AUTO_UPDATE_SHORT, ARGUMENT.DISABLE_AUTO_UPDATE, false, "Disables the automatic updating of the CPE data."); - final Option appName = OptionBuilder.withArgName("name").hasArg().withLongOpt(ArgumentName.APP_NAME) + final Option appName = OptionBuilder.withArgName("name").hasArg().withLongOpt(ARGUMENT.APP_NAME) .withDescription("The name of the application being scanned. This is a required argument.") - .create(ArgumentName.APP_NAME_SHORT); + .create(ARGUMENT.APP_NAME_SHORT); - final Option path = OptionBuilder.withArgName("path").hasArg().withLongOpt(ArgumentName.SCAN) + final Option path = OptionBuilder.withArgName("path").hasArg().withLongOpt(ARGUMENT.SCAN) .withDescription("The path to scan - this option can be specified multiple times. To limit the scan" + " to specific file types *.[ext] can be added to the end of the path.") - .create(ArgumentName.SCAN_SHORT); + .create(ARGUMENT.SCAN_SHORT); - final Option props = OptionBuilder.withArgName("file").hasArg().withLongOpt(ArgumentName.PROP) + final Option props = OptionBuilder.withArgName("file").hasArg().withLongOpt(ARGUMENT.PROP) .withDescription("A property file to load.") - .create(ArgumentName.PROP_SHORT); + .create(ARGUMENT.PROP_SHORT); - final Option out = OptionBuilder.withArgName("folder").hasArg().withLongOpt(ArgumentName.OUT) + final Option out = OptionBuilder.withArgName("folder").hasArg().withLongOpt(ARGUMENT.OUT) .withDescription("The folder to write reports to. This defaults to the current directory.") - .create(ArgumentName.OUT_SHORT); + .create(ARGUMENT.OUT_SHORT); - final Option outputFormat = OptionBuilder.withArgName("format").hasArg().withLongOpt(ArgumentName.OUTPUT_FORMAT) + final Option outputFormat = OptionBuilder.withArgName("format").hasArg().withLongOpt(ARGUMENT.OUTPUT_FORMAT) .withDescription("The output format to write to (XML, HTML, VULN, ALL). The default is HTML.") - .create(ArgumentName.OUTPUT_FORMAT_SHORT); + .create(ARGUMENT.OUTPUT_FORMAT_SHORT); - final Option verboseLog = OptionBuilder.withArgName("file").hasArg().withLongOpt(ArgumentName.VERBOSE_LOG) + final Option verboseLog = OptionBuilder.withArgName("file").hasArg().withLongOpt(ARGUMENT.VERBOSE_LOG) .withDescription("The file path to write verbose logging information.") - .create(ArgumentName.VERBOSE_LOG_SHORT); + .create(ARGUMENT.VERBOSE_LOG_SHORT); - final Option suppressionFile = OptionBuilder.withArgName("file").hasArg().withLongOpt(ArgumentName.SUPPRESSION_FILE) + final Option suppressionFile = OptionBuilder.withArgName("file").hasArg().withLongOpt(ARGUMENT.SUPPRESSION_FILE) .withDescription("The file path to the suppression XML file.") .create(); @@ -230,87 +235,87 @@ public final class CliParser { @SuppressWarnings("static-access") private void addAdvancedOptions(final Options options) throws IllegalArgumentException { - final Option data = OptionBuilder.withArgName("path").hasArg().withLongOpt(ArgumentName.DATA_DIRECTORY) + final Option data = OptionBuilder.withArgName("path").hasArg().withLongOpt(ARGUMENT.DATA_DIRECTORY) .withDescription("The location of the H2 Database file. This option should generally not be set.") - .create(ArgumentName.DATA_DIRECTORY_SHORT); + .create(ARGUMENT.DATA_DIRECTORY_SHORT); - final Option connectionTimeout = OptionBuilder.withArgName("timeout").hasArg().withLongOpt(ArgumentName.CONNECTION_TIMEOUT) + final Option connectionTimeout = OptionBuilder.withArgName("timeout").hasArg().withLongOpt(ARGUMENT.CONNECTION_TIMEOUT) .withDescription("The connection timeout (in milliseconds) to use when downloading resources.") - .create(ArgumentName.CONNECTION_TIMEOUT_SHORT); + .create(ARGUMENT.CONNECTION_TIMEOUT_SHORT); - final Option proxyUrl = OptionBuilder.withArgName("url").hasArg().withLongOpt(ArgumentName.PROXY_URL) - .withDescription("The proxy url to use when downloading resources.") - .create(ArgumentName.PROXY_URL_SHORT); + final Option proxyServer = OptionBuilder.withArgName("server").hasArg().withLongOpt(ARGUMENT.PROXY_SERVER) + .withDescription("The proxy server to use when downloading resources.") + .create(); - final Option proxyPort = OptionBuilder.withArgName("port").hasArg().withLongOpt(ArgumentName.PROXY_PORT) + final Option proxyPort = OptionBuilder.withArgName("port").hasArg().withLongOpt(ARGUMENT.PROXY_PORT) .withDescription("The proxy port to use when downloading resources.") - .create(ArgumentName.PROXY_PORT_SHORT); + .create(); - final Option proxyUsername = OptionBuilder.withArgName("user").hasArg().withLongOpt(ArgumentName.PROXY_USERNAME) + final Option proxyUsername = OptionBuilder.withArgName("user").hasArg().withLongOpt(ARGUMENT.PROXY_USERNAME) .withDescription("The proxy username to use when downloading resources.") .create(); - final Option proxyPassword = OptionBuilder.withArgName("pass").hasArg().withLongOpt(ArgumentName.PROXY_PASSWORD) + final Option proxyPassword = OptionBuilder.withArgName("pass").hasArg().withLongOpt(ARGUMENT.PROXY_PASSWORD) .withDescription("The proxy password to use when downloading resources.") .create(); - final Option connectionString = OptionBuilder.withArgName("connStr").hasArg().withLongOpt(ArgumentName.CONNECTION_STRING) + final Option connectionString = OptionBuilder.withArgName("connStr").hasArg().withLongOpt(ARGUMENT.CONNECTION_STRING) .withDescription("The connection string to the database.") .create(); - final Option dbUser = OptionBuilder.withArgName("user").hasArg().withLongOpt(ArgumentName.DB_NAME) + final Option dbUser = OptionBuilder.withArgName("user").hasArg().withLongOpt(ARGUMENT.DB_NAME) .withDescription("The username used to connect to the database.") .create(); - final Option dbPassword = OptionBuilder.withArgName("password").hasArg().withLongOpt(ArgumentName.DB_PASSWORD) + final Option dbPassword = OptionBuilder.withArgName("password").hasArg().withLongOpt(ARGUMENT.DB_PASSWORD) .withDescription("The password for connecting to the database.") .create(); - final Option dbDriver = OptionBuilder.withArgName("driver").hasArg().withLongOpt(ArgumentName.DB_DRIVER) + final Option dbDriver = OptionBuilder.withArgName("driver").hasArg().withLongOpt(ARGUMENT.DB_DRIVER) .withDescription("The database driver name.") .create(); - final Option dbDriverPath = OptionBuilder.withArgName("path").hasArg().withLongOpt(ArgumentName.DB_DRIVER_PATH) + final Option dbDriverPath = OptionBuilder.withArgName("path").hasArg().withLongOpt(ARGUMENT.DB_DRIVER_PATH) .withDescription("The path to the database driver; note, this does not need to be set unless the JAR is outside of the classpath.") .create(); - final Option disableJarAnalyzer = OptionBuilder.withLongOpt(ArgumentName.DISABLE_JAR) + final Option disableJarAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_JAR) .withDescription("Disable the Jar Analyzer.") .create(); - final Option disableArchiveAnalyzer = OptionBuilder.withLongOpt(ArgumentName.DISABLE_ARCHIVE) + final Option disableArchiveAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_ARCHIVE) .withDescription("Disable the Archive Analyzer.") .create(); - final Option disableNuspecAnalyzer = OptionBuilder.withLongOpt(ArgumentName.DISABLE_NUSPEC) + final Option disableNuspecAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_NUSPEC) .withDescription("Disable the Nuspec Analyzer.") .create(); - final Option disableAssemblyAnalyzer = OptionBuilder.withLongOpt(ArgumentName.DISABLE_ASSEMBLY) + final Option disableAssemblyAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_ASSEMBLY) .withDescription("Disable the .NET Assembly Analyzer.") .create(); - final Option disableNexusAnalyzer = OptionBuilder.withLongOpt(ArgumentName.DISABLE_NEXUS) + final Option disableNexusAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_NEXUS) .withDescription("Disable the Nexus Analyzer.") .create(); - final Option nexusUrl = OptionBuilder.withArgName("url").hasArg().withLongOpt(ArgumentName.NEXUS_URL) + final Option nexusUrl = OptionBuilder.withArgName("url").hasArg().withLongOpt(ARGUMENT.NEXUS_URL) .withDescription("The url to the Nexus Server.") .create(); - final Option nexusUsesProxy = OptionBuilder.withArgName("true/false").hasArg().withLongOpt(ArgumentName.NEXUS_USES_PROXY) + final Option nexusUsesProxy = OptionBuilder.withArgName("true/false").hasArg().withLongOpt(ARGUMENT.NEXUS_USES_PROXY) .withDescription("Whether or not the configured proxy should be used when connecting to Nexus.") .create(); final Option additionalZipExtensions = OptionBuilder.withArgName("extensions").hasArg() - .withLongOpt(ArgumentName.ADDITIONAL_ZIP_EXTENSIONS) + .withLongOpt(ARGUMENT.ADDITIONAL_ZIP_EXTENSIONS) .withDescription("A comma separated list of additional extensions to be scanned as ZIP files " + "(ZIP, EAR, WAR are already treated as zip files)") .create(); - final Option pathToMono = OptionBuilder.withArgName("path").hasArg().withLongOpt(ArgumentName.PATH_TO_MONO) + final Option pathToMono = OptionBuilder.withArgName("path").hasArg().withLongOpt(ARGUMENT.PATH_TO_MONO) .withDescription("The path to Mono for .NET Assembly analysis on non-windows systems.") .create(); options.addOption(proxyPort) - .addOption(proxyUrl) + .addOption(proxyServer) .addOption(proxyUsername) .addOption(proxyPassword) .addOption(connectionTimeout) @@ -331,13 +336,30 @@ public final class CliParser { .addOption(pathToMono); } + /** + * Adds the deprecated command line options to the given options collection. These are split out for purposes of not + * including them in the help message. We need to add the deprecated options so as not to break existing scripts. + * + * @param options a collection of command line arguments + * @throws IllegalArgumentException thrown if there is an exception + */ + @SuppressWarnings("static-access") + private void addDeprecatedOptions(final Options options) throws IllegalArgumentException { + + final Option proxyServer = OptionBuilder.withArgName("url").hasArg().withLongOpt(ARGUMENT.PROXY_URL) + .withDescription("The proxy url argument is deprecated, use proxyserver instead.") + .create(); + + options.addOption(proxyServer); + } + /** * Determines if the 'version' command line argument was passed in. * * @return whether or not the 'version' command line argument was passed in */ public boolean isGetVersion() { - return (line != null) && line.hasOption(ArgumentName.VERSION); + return (line != null) && line.hasOption(ARGUMENT.VERSION); } /** @@ -346,7 +368,7 @@ public final class CliParser { * @return whether or not the 'help' command line argument was passed in */ public boolean isGetHelp() { - return (line != null) && line.hasOption(ArgumentName.HELP); + return (line != null) && line.hasOption(ARGUMENT.HELP); } /** @@ -355,7 +377,7 @@ public final class CliParser { * @return whether or not the 'scan' command line argument was passed in */ public boolean isRunScan() { - return (line != null) && isValid && line.hasOption(ArgumentName.SCAN); + return (line != null) && isValid && line.hasOption(ARGUMENT.SCAN); } /** @@ -364,7 +386,7 @@ public final class CliParser { * @return true if the disableJar command line argument was specified; otherwise false */ public boolean isJarDisabled() { - return (line != null) && line.hasOption(ArgumentName.DISABLE_JAR); + return (line != null) && line.hasOption(ARGUMENT.DISABLE_JAR); } /** @@ -373,7 +395,7 @@ public final class CliParser { * @return true if the disableArchive command line argument was specified; otherwise false */ public boolean isArchiveDisabled() { - return (line != null) && line.hasOption(ArgumentName.DISABLE_ARCHIVE); + return (line != null) && line.hasOption(ARGUMENT.DISABLE_ARCHIVE); } /** @@ -382,7 +404,7 @@ public final class CliParser { * @return true if the disableNuspec command line argument was specified; otherwise false */ public boolean isNuspecDisabled() { - return (line != null) && line.hasOption(ArgumentName.DISABLE_NUSPEC); + return (line != null) && line.hasOption(ARGUMENT.DISABLE_NUSPEC); } /** @@ -391,7 +413,7 @@ public final class CliParser { * @return true if the disableAssembly command line argument was specified; otherwise false */ public boolean isAssemblyDisabled() { - return (line != null) && line.hasOption(ArgumentName.DISABLE_ASSEMBLY); + return (line != null) && line.hasOption(ARGUMENT.DISABLE_ASSEMBLY); } /** @@ -400,7 +422,7 @@ public final class CliParser { * @return true if the disableNexus command line argument was specified; otherwise false */ public boolean isNexusDisabled() { - return (line != null) && line.hasOption(ArgumentName.DISABLE_NEXUS); + return (line != null) && line.hasOption(ARGUMENT.DISABLE_NEXUS); } /** @@ -409,10 +431,10 @@ public final class CliParser { * @return the url to the nexus server; if none was specified this will return null; */ public String getNexusUrl() { - if (line == null || !line.hasOption(ArgumentName.NEXUS_URL)) { + if (line == null || !line.hasOption(ARGUMENT.NEXUS_URL)) { return null; } else { - return line.getOptionValue(ArgumentName.NEXUS_URL); + return line.getOptionValue(ARGUMENT.NEXUS_URL); } } @@ -425,14 +447,14 @@ public final class CliParser { public boolean isNexusUsesProxy() { // If they didn't specify whether Nexus needs to use the proxy, we should // still honor the property if it's set. - if (line == null || !line.hasOption(ArgumentName.NEXUS_USES_PROXY)) { + if (line == null || !line.hasOption(ARGUMENT.NEXUS_USES_PROXY)) { try { return Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_PROXY); } catch (InvalidSettingException ise) { return true; } } else { - return Boolean.parseBoolean(line.getOptionValue(ArgumentName.NEXUS_USES_PROXY)); + return Boolean.parseBoolean(line.getOptionValue(ARGUMENT.NEXUS_USES_PROXY)); } } @@ -443,7 +465,7 @@ public final class CliParser { final HelpFormatter formatter = new HelpFormatter(); final Options options = new Options(); addStandardOptions(options); - if (line != null && line.hasOption(ArgumentName.ADVANCED_HELP)) { + if (line != null && line.hasOption(ARGUMENT.ADVANCED_HELP)) { addAdvancedOptions(options); } final String helpMsg = String.format("%n%s" @@ -466,7 +488,7 @@ public final class CliParser { * @return the file paths specified on the command line for scan */ public String[] getScanFiles() { - return line.getOptionValues(ArgumentName.SCAN); + return line.getOptionValues(ARGUMENT.SCAN); } /** @@ -475,7 +497,7 @@ public final class CliParser { * @return the path to the reports directory. */ public String getReportDirectory() { - return line.getOptionValue(ArgumentName.OUT, "."); + return line.getOptionValue(ARGUMENT.OUT, "."); } /** @@ -484,7 +506,7 @@ public final class CliParser { * @return the path to Mono */ public String getPathToMono() { - return line.getOptionValue(ArgumentName.PATH_TO_MONO); + return line.getOptionValue(ARGUMENT.PATH_TO_MONO); } /** @@ -493,7 +515,7 @@ public final class CliParser { * @return the output format name. */ public String getReportFormat() { - return line.getOptionValue(ArgumentName.OUTPUT_FORMAT, "HTML"); + return line.getOptionValue(ARGUMENT.OUTPUT_FORMAT, "HTML"); } /** @@ -502,7 +524,7 @@ public final class CliParser { * @return the application name. */ public String getApplicationName() { - return line.getOptionValue(ArgumentName.APP_NAME); + return line.getOptionValue(ARGUMENT.APP_NAME); } /** @@ -511,16 +533,24 @@ public final class CliParser { * @return the connection timeout */ public String getConnectionTimeout() { - return line.getOptionValue(ArgumentName.CONNECTION_TIMEOUT); + return line.getOptionValue(ARGUMENT.CONNECTION_TIMEOUT); } /** - * Returns the proxy url. + * Returns the proxy server. * - * @return the proxy url + * @return the proxy server */ - public String getProxyUrl() { - return line.getOptionValue(ArgumentName.PROXY_URL); + public String getProxyServer() { + + String server = line.getOptionValue(ARGUMENT.PROXY_SERVER); + if (server == null) { + server = line.getOptionValue(ARGUMENT.PROXY_URL); + if (server != null) { + LOGGER.warning("An old command line argument 'proxyurl' was detected; use proxyserver instead"); + } + } + return server; } /** @@ -529,7 +559,7 @@ public final class CliParser { * @return the proxy port */ public String getProxyPort() { - return line.getOptionValue(ArgumentName.PROXY_PORT); + return line.getOptionValue(ARGUMENT.PROXY_PORT); } /** @@ -538,7 +568,7 @@ public final class CliParser { * @return the proxy username */ public String getProxyUsername() { - return line.getOptionValue(ArgumentName.PROXY_USERNAME); + return line.getOptionValue(ARGUMENT.PROXY_USERNAME); } /** @@ -547,7 +577,7 @@ public final class CliParser { * @return the proxy password */ public String getProxyPassword() { - return line.getOptionValue(ArgumentName.PROXY_PASSWORD); + return line.getOptionValue(ARGUMENT.PROXY_PASSWORD); } /** @@ -556,7 +586,7 @@ public final class CliParser { * @return the value of dataDirectory */ public String getDataDirectory() { - return line.getOptionValue(ArgumentName.DATA_DIRECTORY); + return line.getOptionValue(ARGUMENT.DATA_DIRECTORY); } /** @@ -565,7 +595,7 @@ public final class CliParser { * @return the properties file specified on the command line */ public File getPropertiesFile() { - final String path = line.getOptionValue(ArgumentName.PROP); + final String path = line.getOptionValue(ARGUMENT.PROP); if (path != null) { return new File(path); } @@ -578,7 +608,7 @@ public final class CliParser { * @return the path to the verbose log file */ public String getVerboseLog() { - return line.getOptionValue(ArgumentName.VERBOSE_LOG); + return line.getOptionValue(ARGUMENT.VERBOSE_LOG); } /** @@ -587,7 +617,7 @@ public final class CliParser { * @return the path to the suppression file */ public String getSuppressionFile() { - return line.getOptionValue(ArgumentName.SUPPRESSION_FILE); + return line.getOptionValue(ARGUMENT.SUPPRESSION_FILE); } /** @@ -610,7 +640,7 @@ public final class CliParser { * @return if auto-update is allowed. */ public boolean isAutoUpdate() { - return (line == null) || !line.hasOption(ArgumentName.DISABLE_AUTO_UPDATE); + return (line == null) || !line.hasOption(ARGUMENT.DISABLE_AUTO_UPDATE); } /** @@ -619,7 +649,7 @@ public final class CliParser { * @return the database driver name if specified; otherwise null is returned */ public String getDatabaseDriverName() { - return line.getOptionValue(ArgumentName.DB_DRIVER); + return line.getOptionValue(ARGUMENT.DB_DRIVER); } /** @@ -628,7 +658,7 @@ public final class CliParser { * @return the database driver name if specified; otherwise null is returned */ public String getDatabaseDriverPath() { - return line.getOptionValue(ArgumentName.DB_DRIVER_PATH); + return line.getOptionValue(ARGUMENT.DB_DRIVER_PATH); } /** @@ -637,7 +667,7 @@ public final class CliParser { * @return the database connection string if specified; otherwise null is returned */ public String getConnectionString() { - return line.getOptionValue(ArgumentName.CONNECTION_STRING); + return line.getOptionValue(ARGUMENT.CONNECTION_STRING); } /** @@ -646,7 +676,7 @@ public final class CliParser { * @return the database database user name if specified; otherwise null is returned */ public String getDatabaseUser() { - return line.getOptionValue(ArgumentName.DB_NAME); + return line.getOptionValue(ARGUMENT.DB_NAME); } /** @@ -655,7 +685,7 @@ public final class CliParser { * @return the database database password if specified; otherwise null is returned */ public String getDatabasePassword() { - return line.getOptionValue(ArgumentName.DB_PASSWORD); + return line.getOptionValue(ARGUMENT.DB_PASSWORD); } /** @@ -664,13 +694,13 @@ public final class CliParser { * @return the additional Extensions; otherwise null is returned */ public String getAdditionalZipExtensions() { - return line.getOptionValue(ArgumentName.ADDITIONAL_ZIP_EXTENSIONS); + return line.getOptionValue(ARGUMENT.ADDITIONAL_ZIP_EXTENSIONS); } /** * A collection of static final strings that represent the possible command line arguments. */ - public static class ArgumentName { + public static class ARGUMENT { /** * The long CLI argument name specifying the directory/file to scan. @@ -732,21 +762,20 @@ public final class CliParser { * The short CLI argument name asking for the version. */ public static final String VERSION = "version"; - /** - * The short CLI argument name indicating the proxy port. - */ - public static final String PROXY_PORT_SHORT = "p"; /** * The CLI argument name indicating the proxy port. */ public static final String PROXY_PORT = "proxyport"; /** - * The short CLI argument name indicating the proxy url. + * The CLI argument name indicating the proxy server. */ - public static final String PROXY_URL_SHORT = "u"; + public static final String PROXY_SERVER = "proxyserver"; /** * The CLI argument name indicating the proxy url. + * + * @deprecated use {@link org.owasp.dependencycheck.cli.CliParser.ArgumentName#PROXY_SERVER} instead */ + @Deprecated public static final String PROXY_URL = "proxyurl"; /** * The CLI argument name indicating the proxy username. diff --git a/dependency-check-cli/src/site/markdown/arguments.md b/dependency-check-cli/src/site/markdown/arguments.md index 544cf4b46..fb7455502 100644 --- a/dependency-check-cli/src/site/markdown/arguments.md +++ b/dependency-check-cli/src/site/markdown/arguments.md @@ -3,7 +3,7 @@ Command Line Arguments The following table lists the command line arguments: -Short | Argument Name | Parameter | Description | Requirement +Short | Argument Name   | Parameter | Description | Requirement -------|-----------------------|-----------------|-------------|------------ \-a | \-\-app | \ | The name of the application being scanned. This is a required argument. | Required \-s | \-\-scan | \ | The path to scan \- this option can be specified multiple times. It is also possible to specify specific file types that should be scanned by supplying a scan path of '[path]/[to]/[scan]/*.zip'. The wild card can only be used to denote any file-name with a specific extension. | Required @@ -18,7 +18,7 @@ Short | Argument Name | Parameter | Description | Requirement Advanced Options ================ -Short | Argument Name | Parameter | Description | Default Value +Short | Argument Name        | Parameter | Description | Default Value -------|-----------------------|-----------------|-------------|--------------- | \-\-disableArchive | | Sets whether the Archive Analyzer will be used. | false | \-\-zipExtensions | \ | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. |   @@ -30,7 +30,7 @@ Short | Argument Name | Parameter | Description | Default Value | \-\-disableNuspec | | Sets whether or not the .NET Nuget Nuspec Analyzer will be used. | false | \-\-disableAssembly | | Sets whether or not the .NET Assembly Analyzer should be used. | false | \-\-pathToMono | \ | The path to Mono for .NET Assembly analysis on non-windows systems. |   - | \-\-proxyurl | \ | The proxy url to use when downloading resources. |   + | \-\-proxyserver | \ | The proxy server to use when downloading resources. |   | \-\-proxyport | \ | The proxy port to use when downloading resources. |   | \-\-connectiontimeout | \ | The connection timeout (in milliseconds) to use when downloading resources. |   | \-\-proxypass | \ | The proxy password to use when downloading resources. |   diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java index 56cefcdcf..5f3894aeb 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java @@ -234,26 +234,49 @@ public class DependencyCheckScanAgent { } /** - * The Proxy URL. + * The Proxy Server. */ - private String proxyUrl; + private String proxyServer; /** - * Get the value of proxyUrl. + * Get the value of proxyServer. * - * @return the value of proxyUrl + * @return the value of proxyServer */ - public String getProxyUrl() { - return proxyUrl; + public String getProxyServer() { + return proxyServer; } /** - * Set the value of proxyUrl. + * Set the value of proxyServer. * - * @param proxyUrl new value of proxyUrl + * @param proxyServer new value of proxyServer */ + public void setProxyServer(String proxyServer) { + this.proxyServer = proxyServer; + } + + /** + * Get the value of proxyServer. + * + * @return the value of proxyServer + * @deprecated use {@link org.owasp.dependencycheck.agent.DependencyCheckScanAgent#getProxyServer()} instead + */ + @Deprecated + public String getProxyUrl() { + return proxyServer; + } + + /** + * Set the value of proxyServer. + * + * @param proxyUrl new value of proxyServer + * @deprecated use {@link org.owasp.dependencycheck.agent.DependencyCheckScanAgent#setProxyServer(java.lang.String) + * } instead + */ + @Deprecated public void setProxyUrl(String proxyUrl) { - this.proxyUrl = proxyUrl; + this.proxyServer = proxyUrl; } /** @@ -792,7 +815,7 @@ public class DependencyCheckScanAgent { /** * Takes the properties supplied and updates the dependency-check settings. Additionally, this sets the system - * properties required to change the proxy url, port, and connection timeout. + * properties required to change the proxy server, port, and connection timeout. */ private void populateSettings() { Settings.initialize(); @@ -808,8 +831,8 @@ public class DependencyCheckScanAgent { Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate); - if (proxyUrl != null && !proxyUrl.isEmpty()) { - Settings.setString(Settings.KEYS.PROXY_URL, proxyUrl); + if (proxyServer != null && !proxyServer.isEmpty()) { + Settings.setString(Settings.KEYS.PROXY_SERVER, proxyServer); } if (proxyPort != null && !proxyPort.isEmpty()) { Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java index 4778dc70f..ac18ec90a 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java @@ -205,6 +205,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { grokAssemblyExe.deleteOnExit(); LOGGER.log(Level.FINE, "analyzer.AssemblyAnalyzer.grokassembly.deployed", grokAssemblyExe.getPath()); } catch (IOException ioe) { + this.setEnabled(false); LOGGER.log(Level.WARNING, "analyzer.AssemblyAnalyzer.grokassembly.notdeployed", ioe.getMessage()); throw new AnalysisException("Could not extract GrokAssembly.exe", ioe); } finally { @@ -242,6 +243,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { LOGGER.warning("An error occurred with the .NET AssemblyAnalyzer, please see the log for more details."); LOGGER.fine("GrokAssembly.exe is not working properly"); grokAssemblyExe = null; + this.setEnabled(false); throw new AnalysisException("Could not execute .NET AssemblyAnalyzer"); } } catch (Throwable e) { @@ -250,6 +252,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { } else { LOGGER.warning("analyzer.AssemblyAnalyzer.grokassembly.initialization.failed"); LOGGER.log(Level.FINE, "analyzer.AssemblyAnalyzer.grokassembly.initialization.message", e.getMessage()); + this.setEnabled(false); throw new AnalysisException("An error occured with the .NET AssemblyAnalyzer", e); } } finally { @@ -261,7 +264,6 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { } } } - builder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusSearch.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusSearch.java index 306f540a2..ec406a916 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusSearch.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusSearch.java @@ -64,7 +64,7 @@ public class NexusSearch { public NexusSearch(URL rootURL) { this.rootURL = rootURL; try { - if (null != Settings.getString(Settings.KEYS.PROXY_URL) + if (null != Settings.getString(Settings.KEYS.PROXY_SERVER) && Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_PROXY)) { useProxy = true; LOGGER.fine("Using proxy"); diff --git a/dependency-check-core/src/main/resources/dependencycheck-resources.properties b/dependency-check-core/src/main/resources/dependencycheck-resources.properties index c733817a0..b88bc2bca 100644 --- a/dependency-check-core/src/main/resources/dependencycheck-resources.properties +++ b/dependency-check-core/src/main/resources/dependencycheck-resources.properties @@ -4,7 +4,7 @@ analyzer.AssemblyAnalyzer.notassembly={0} is not a .NET assembly or executable a analyzer.AssemblyAnalyzer.grokassembly.rc=Return code {0} from GrokAssembly analyzer.AssemblyAnalyzer.grokassembly.deployed=Extracted GrokAssembly.exe to {0} analyzer.AssemblyAnalyzer.grokassembly.notdeployed=Could not extract GrokAssembly.exe: {0} -analyzer.AssemblyAnalyzer.grokassembly.initlization.failed=An error occurred with the .NET AssemblyAnalyzer; \ +analyzer.AssemblyAnalyzer.grokassembly.initialization.failed=An error occurred with the .NET AssemblyAnalyzer; \ this can be ignored unless you are scanning .NET DLLs. Please see the log for more details. analyzer.AssemblyAnalyzer.grokassembly.initialization.message=Could not execute GrokAssembly {0} analyzer.AssemblyAnalyzer.grokassembly.notdeleted=Can't delete temporary GrokAssembly.exe \ No newline at end of file diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java index 88335665e..9c87a8bf3 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java @@ -147,15 +147,6 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"}) @Parameter(property = "externalReport", defaultValue = "false", required = true) private boolean externalReport = false; - /** - * The Proxy URL. - * - * @deprecated Please use mavenSettings instead - */ - @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"}) - @Parameter(property = "proxyUrl", defaultValue = "", required = false) - @Deprecated - private String proxyUrl = null; /** * The maven settings. @@ -171,33 +162,6 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR @Parameter(property = "mavenSettingsProxyId", required = false) private String mavenSettingsProxyId; - /** - * The Proxy Port. - * - * @deprecated Please use mavenSettings instead - */ - @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"}) - @Parameter(property = "proxyPort", defaultValue = "", required = false) - @Deprecated - private String proxyPort = null; - /** - * The Proxy username. - * - * @deprecated Please use mavenSettings instead - */ - @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"}) - @Parameter(property = "proxyUsername", defaultValue = "", required = false) - @Deprecated - private String proxyUsername = null; - /** - * The Proxy password. - * - * @deprecated Please use mavenSettings instead - */ - @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"}) - @Parameter(property = "proxyPassword", defaultValue = "", required = false) - @Deprecated - private String proxyPassword = null; /** * The Connection Timeout. */ @@ -348,6 +312,16 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR @Parameter(property = "pathToMono", defaultValue = "", required = false) private String pathToMono; + /** + * The Proxy URL. + * + * @deprecated Please use mavenSettings instead + */ + @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"}) + @Parameter(property = "proxyUrl", defaultValue = "", required = false) + @Deprecated + private String proxyUrl = null; + // /** * Executes the Dependency-Check on the dependent libraries. @@ -777,12 +751,12 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR // /** - * Returns the maven settings proxy url. + * Returns the maven settings proxy server. * * @param proxy the maven proxy * @return the proxy url */ - private String getMavenSettingsProxyUrl(Proxy proxy) { + private String getMavenSettingsProxyServer(Proxy proxy) { return new StringBuilder(proxy.getProtocol()).append("://").append(proxy.getHost()).toString(); } @@ -836,9 +810,13 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate); + if (proxyUrl != null && !proxyUrl.isEmpty()) { + logger.warning("Deprecated configuration detected, proxyUrl will be ignored; use the maven settings to configure the proxy instead"); + } + final Proxy proxy = getMavenProxy(); if (proxy != null) { - Settings.setString(Settings.KEYS.PROXY_URL, getMavenSettingsProxyUrl(proxy)); + Settings.setString(Settings.KEYS.PROXY_SERVER, getMavenSettingsProxyServer(proxy)); Settings.setString(Settings.KEYS.PROXY_PORT, Integer.toString(proxy.getPort())); final String userName = proxy.getUsername(); final String password = proxy.getPassword(); @@ -848,18 +826,6 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR } } - if (proxyUrl != null && !proxyUrl.isEmpty()) { - Settings.setString(Settings.KEYS.PROXY_URL, proxyUrl); - } - if (proxyPort != null && !proxyPort.isEmpty()) { - Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort); - } - if (proxyUsername != null && !proxyUsername.isEmpty()) { - Settings.setString(Settings.KEYS.PROXY_USERNAME, proxyUsername); - } - if (proxyPassword != null && !proxyPassword.isEmpty()) { - Settings.setString(Settings.KEYS.PROXY_PASSWORD, proxyPassword); - } if (connectionTimeout != null && !connectionTimeout.isEmpty()) { Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout); } diff --git a/dependency-check-maven/src/site/markdown/configuration.md b/dependency-check-maven/src/site/markdown/configuration.md index 322c74ebf..672d4c774 100644 --- a/dependency-check-maven/src/site/markdown/configuration.md +++ b/dependency-check-maven/src/site/markdown/configuration.md @@ -55,17 +55,6 @@ databaseUser | The username used when connecting to the database. databasePassword | The password used when connecting to the database. |   -Deprecated Configuration +Proxy Configuration ==================== -The following properties have been deprecated. These can still be set in -the dependency-check-maven plugin's configuration. However, future versions -will remove these properties. Instead using these properties you should -use [Maven's settings](https://maven.apache.org/settings.html#Proxies) to -configure a proxy. - -Property | Description | Default Value ----------------------|------------------------------------|------------------ -proxyUrl | The Proxy URL. |   -proxyPort | The Proxy Port. |   -proxyUsername | Defines the proxy user name. |   -proxyPassword | Defines the proxy password. |   +Use [Maven's settings](https://maven.apache.org/settings.html#Proxies) to configure a proxy server. diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java index 831530772..59fc9ec30 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java @@ -166,7 +166,7 @@ public final class Downloader { try { lastModifiedFile = new File(url.toURI()); } catch (URISyntaxException ex) { - final String msg = String.format("Unable to locate '%s'; is the cve.url-2.0.modified property set correctly?", url.toString()); + final String msg = String.format("Unable to locate '%s'", url.toString()); throw new DownloadFailedException(msg); } timestamp = lastModifiedFile.lastModified(); @@ -176,7 +176,12 @@ public final class Downloader { conn = URLConnectionFactory.createHttpURLConnection(url); conn.setRequestMethod("HEAD"); conn.connect(); - timestamp = conn.getLastModified(); + int t = conn.getResponseCode(); + if (t >= 200 && t < 300) { + timestamp = conn.getLastModified(); + } else { + throw new DownloadFailedException("HEAD request returned a non-200 status code"); + } } catch (URLConnectionFailureException ex) { throw new DownloadFailedException("Error creating URL Connection for HTTP HEAD request.", ex); } catch (IOException ex) { diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java index ac80536e8..813297a09 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -110,9 +110,16 @@ public final class Settings { */ public static final String CVE_SCHEMA_2_0 = "cve.url-2.0.base"; /** - * The properties key for the proxy url. + * The properties key for the proxy server. + * + * @deprecated use {@link org.owasp.dependencycheck.utils.Settings.KEYS#PROXY_SERVER} instead. */ - public static final String PROXY_URL = "proxy.url"; + @Deprecated + public static final String PROXY_URL = "proxy.server"; + /** + * The properties key for the proxy server. + */ + public static final String PROXY_SERVER = "proxy.server"; /** * The properties key for the proxy port - this must be an integer value. */ @@ -257,6 +264,14 @@ public final class Settings { localSettings.set(new Settings(propertiesFilePath)); } + /** + * Cleans up resources to prevent memory leaks. + * + */ + public static void cleanup() { + cleanup(true); + } + /** * Cleans up resources to prevent memory leaks. * diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java index 4176ec720..5ae1b94ef 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java @@ -51,7 +51,7 @@ public final class URLConnectionFactory { public static HttpURLConnection createHttpURLConnection(URL url) throws URLConnectionFailureException { HttpURLConnection conn = null; Proxy proxy = null; - final String proxyUrl = Settings.getString(Settings.KEYS.PROXY_URL); + final String proxyUrl = Settings.getString(Settings.KEYS.PROXY_SERVER); try { if (proxyUrl != null) { final int proxyPort = Settings.getInt(Settings.KEYS.PROXY_PORT); diff --git a/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java index 7feeaeb6a..530a8faae 100644 --- a/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java +++ b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java @@ -38,7 +38,7 @@ public class DownloaderIntegrationTest extends BaseTest { // Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, "1000"); // Settings.setString(Settings.KEYS.PROXY_PORT, "8080"); -// Settings.setString(Settings.KEYS.PROXY_URL, "127.0.0.1"); +// Settings.setString(Settings.KEYS.PROXY_SERVER, "127.0.0.1"); URL url = new URL(Settings.getString(Settings.KEYS.CVE_MODIFIED_20_URL)); File outputPath = new File("target/downloaded_cve.xml"); Downloader.fetchFile(url, outputPath);