github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-24 10:01:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master'

Browse Source 
Conflicts:
	dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java
	dependency-check-ant/src/site/markdown/configuration.md
	dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
	dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java
	dependency-check-cli/src/site/markdown/arguments.md
	dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java
	dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
	dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusSearch.java
	dependency-check-core/src/main/resources/dependencycheck-resources.properties
	dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java
	dependency-check-maven/src/site/markdown/configuration.md
	dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java
	dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
	dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java
	dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java
	src/test/resources/data.zip

Former-commit-id: 65443535a6c7cc240eb3999f60ea82044e9fff6a
This commit is contained in:
Steve Springett
2014-06-10 10:57:45 -05:00
parent 6b303410d1 bce226002b
commit b9003a2f02
15 changed files with 251 additions and 198 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java
View File

@@ -285,26 +285,50 @@ public class DependencyCheckTask extends Task {
this.reportFormat = reportFormat.getValue(); this.reportFormat = reportFormat.getValue();
} }
/** /**
* The Proxy URL. * The Proxy Server.
*/ */
private String proxyUrl; private String proxyServer;
/** /**
* Get the value of proxyUrl. * Get the value of proxyServer.
* *
* @return the value of proxyUrl * @return the value of proxyServer
*/ */
public String getProxyUrl() { public String getProxyServer() {
return proxyUrl; return proxyServer;
} }
/** /**
* Set the value of proxyUrl. * Set the value of proxyServer.
* *
* @param proxyUrl new value of proxyUrl * @param server new value of proxyServer
*/ */
public void setProxyServer(String server) {
this.proxyServer = server;
}
/**
* Get the value of proxyServer.
*
* @return the value of proxyServer
* @deprecated use {@link org.owasp.dependencycheck.taskdefs.DependencyCheckTask#getProxyServer()} instead
*/
@Deprecated
public String getProxyUrl() {
return proxyServer;
}
/**
* Set the value of proxyServer.
*
* @param proxyUrl new value of proxyServer
* @deprecated use {@link org.owasp.dependencycheck.taskdefs.DependencyCheckTask#setProxyServer(java.lang.String)}
* instead
*/
@Deprecated
public void setProxyUrl(String proxyUrl) { public void setProxyUrl(String proxyUrl) {
this.proxyUrl = proxyUrl; LOGGER.warning("A deprecated configuration option 'proxyUrl' was detected; use 'proxyServer' instead.");
this.proxyServer = proxyUrl;
} }
/** /**
* The Proxy Port. * The Proxy Port.
@@ -935,7 +959,7 @@ public class DependencyCheckTask extends Task {
/** /**
* Takes the properties supplied and updates the dependency-check settings. Additionally, this sets the system * Takes the properties supplied and updates the dependency-check settings. Additionally, this sets the system
* properties required to change the proxy url, port, and connection timeout. * properties required to change the proxy server, port, and connection timeout.
*/ */
private void populateSettings() { private void populateSettings() {
Settings.initialize(); Settings.initialize();
@@ -967,8 +991,8 @@ public class DependencyCheckTask extends Task {
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
if (proxyUrl != null && !proxyUrl.isEmpty()) { if (proxyServer != null && !proxyServer.isEmpty()) {
Settings.setString(Settings.KEYS.PROXY_URL, proxyUrl); Settings.setString(Settings.KEYS.PROXY_SERVER, proxyServer);
} }
if (proxyPort != null && !proxyPort.isEmpty()) { if (proxyPort != null && !proxyPort.isEmpty()) {
Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort); Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort);

2
dependency-check-ant/src/site/markdown/configuration.md
View File

@@ -32,7 +32,7 @@ failBuildOnCVSS | Specifies if the build should be failed if a CVSS score a
format | The report format to be generated (HTML, XML, VULN, ALL). This configuration option has no affect if using this within the Site plugin unless the externalReport is set to true. | HTML format | The report format to be generated (HTML, XML, VULN, ALL). This configuration option has no affect if using this within the Site plugin unless the externalReport is set to true. | HTML
logFile | The file path to write verbose logging information. |   logFile | The file path to write verbose logging information. |  
suppressionFile | The file path to the XML suppression file \- used to suppress [false positives](../suppression.html) |   suppressionFile | The file path to the XML suppression file \- used to suppress [false positives](../suppression.html) |  
proxyUrl | The Proxy URL. |   proxyServer | The Proxy Server. |  
proxyPort | The Proxy Port. |   proxyPort | The Proxy Port. |  
proxyUsername | Defines the proxy user name. |   proxyUsername | Defines the proxy user name. |  
proxyPassword | Defines the proxy password. |   proxyPassword | Defines the proxy password. |  

6
dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
View File

@@ -161,7 +161,7 @@ public class App {
final boolean autoUpdate = cli.isAutoUpdate(); final boolean autoUpdate = cli.isAutoUpdate();
final String connectionTimeout = cli.getConnectionTimeout(); final String connectionTimeout = cli.getConnectionTimeout();
final String proxyUrl = cli.getProxyUrl(); final String proxyServer = cli.getProxyServer();
final String proxyPort = cli.getProxyPort(); final String proxyPort = cli.getProxyPort();
final String proxyUser = cli.getProxyUsername(); final String proxyUser = cli.getProxyUsername();
final String proxyPass = cli.getProxyPassword(); final String proxyPass = cli.getProxyPassword();
@@ -212,8 +212,8 @@ public class App {
Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath()); Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath());
} }
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
if (proxyUrl != null && !proxyUrl.isEmpty()) { if (proxyServer != null && !proxyServer.isEmpty()) {
Settings.setString(Settings.KEYS.PROXY_URL, proxyUrl); Settings.setString(Settings.KEYS.PROXY_SERVER, proxyServer);
} }
if (proxyPort != null && !proxyPort.isEmpty()) { if (proxyPort != null && !proxyPort.isEmpty()) {
Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort); Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort);

217
dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java
View File

@@ -19,6 +19,7 @@ package org.owasp.dependencycheck.cli;
import java.io.File; import java.io.File;
import java.io.FileNotFoundException; import java.io.FileNotFoundException;
import java.util.logging.Logger;
import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.CommandLineParser; import org.apache.commons.cli.CommandLineParser;
import org.apache.commons.cli.HelpFormatter; import org.apache.commons.cli.HelpFormatter;
@@ -39,6 +40,10 @@ import org.owasp.dependencycheck.utils.Settings;
*/ */
public final class CliParser { public final class CliParser {
/**
* The logger.
*/
private static final Logger LOGGER = Logger.getLogger(CliParser.class.getName());
/** /**
* The command line. * The command line.
*/ */
@@ -85,16 +90,16 @@ public final class CliParser {
*/ */
private void validateArgs() throws FileNotFoundException, ParseException { private void validateArgs() throws FileNotFoundException, ParseException {
if (isRunScan()) { if (isRunScan()) {
validatePathExists(getScanFiles(), ArgumentName.SCAN); validatePathExists(getScanFiles(), ARGUMENT.SCAN);
validatePathExists(getReportDirectory(), ArgumentName.OUT); validatePathExists(getReportDirectory(), ARGUMENT.OUT);
if (getPathToMono() != null) { if (getPathToMono() != null) {
validatePathExists(getPathToMono(), ArgumentName.PATH_TO_MONO); validatePathExists(getPathToMono(), ARGUMENT.PATH_TO_MONO);
} }
if (!line.hasOption(ArgumentName.APP_NAME)) { if (!line.hasOption(ARGUMENT.APP_NAME)) {
throw new ParseException("Missing 'app' argument; the scan cannot be run without the an application name."); throw new ParseException("Missing 'app' argument; the scan cannot be run without the an application name.");
} }
if (line.hasOption(ArgumentName.OUTPUT_FORMAT)) { if (line.hasOption(ARGUMENT.OUTPUT_FORMAT)) {
final String format = line.getOptionValue(ArgumentName.OUTPUT_FORMAT); final String format = line.getOptionValue(ARGUMENT.OUTPUT_FORMAT);
try { try {
Format.valueOf(format); Format.valueOf(format);
} catch (IllegalArgumentException ex) { } catch (IllegalArgumentException ex) {
@@ -150,7 +155,7 @@ public final class CliParser {
final Options options = new Options(); final Options options = new Options();
addStandardOptions(options); addStandardOptions(options);
addAdvancedOptions(options); addAdvancedOptions(options);
addDeprecatedOptions(options);
return options; return options;
} }
@@ -162,44 +167,44 @@ public final class CliParser {
*/ */
@SuppressWarnings("static-access") @SuppressWarnings("static-access")
private void addStandardOptions(final Options options) throws IllegalArgumentException { private void addStandardOptions(final Options options) throws IllegalArgumentException {
final Option help = new Option(ArgumentName.HELP_SHORT, ArgumentName.HELP, false, final Option help = new Option(ARGUMENT.HELP_SHORT, ARGUMENT.HELP, false,
"Print this message."); "Print this message.");
final Option advancedHelp = OptionBuilder.withLongOpt(ArgumentName.ADVANCED_HELP) final Option advancedHelp = OptionBuilder.withLongOpt(ARGUMENT.ADVANCED_HELP)
.withDescription("Print the advanced help message.").create(); .withDescription("Print the advanced help message.").create();
final Option version = new Option(ArgumentName.VERSION_SHORT, ArgumentName.VERSION, final Option version = new Option(ARGUMENT.VERSION_SHORT, ARGUMENT.VERSION,
false, "Print the version information."); false, "Print the version information.");
final Option noUpdate = new Option(ArgumentName.DISABLE_AUTO_UPDATE_SHORT, ArgumentName.DISABLE_AUTO_UPDATE, final Option noUpdate = new Option(ARGUMENT.DISABLE_AUTO_UPDATE_SHORT, ARGUMENT.DISABLE_AUTO_UPDATE,
false, "Disables the automatic updating of the CPE data."); false, "Disables the automatic updating of the CPE data.");
final Option appName = OptionBuilder.withArgName("name").hasArg().withLongOpt(ArgumentName.APP_NAME) final Option appName = OptionBuilder.withArgName("name").hasArg().withLongOpt(ARGUMENT.APP_NAME)
.withDescription("The name of the application being scanned. This is a required argument.") .withDescription("The name of the application being scanned. This is a required argument.")
.create(ArgumentName.APP_NAME_SHORT); .create(ARGUMENT.APP_NAME_SHORT);
final Option path = OptionBuilder.withArgName("path").hasArg().withLongOpt(ArgumentName.SCAN) final Option path = OptionBuilder.withArgName("path").hasArg().withLongOpt(ARGUMENT.SCAN)
.withDescription("The path to scan - this option can be specified multiple times. To limit the scan" .withDescription("The path to scan - this option can be specified multiple times. To limit the scan"
+ " to specific file types *.[ext] can be added to the end of the path.") + " to specific file types *.[ext] can be added to the end of the path.")
.create(ArgumentName.SCAN_SHORT); .create(ARGUMENT.SCAN_SHORT);
final Option props = OptionBuilder.withArgName("file").hasArg().withLongOpt(ArgumentName.PROP) final Option props = OptionBuilder.withArgName("file").hasArg().withLongOpt(ARGUMENT.PROP)
.withDescription("A property file to load.") .withDescription("A property file to load.")
.create(ArgumentName.PROP_SHORT); .create(ARGUMENT.PROP_SHORT);
final Option out = OptionBuilder.withArgName("folder").hasArg().withLongOpt(ArgumentName.OUT) final Option out = OptionBuilder.withArgName("folder").hasArg().withLongOpt(ARGUMENT.OUT)
.withDescription("The folder to write reports to. This defaults to the current directory.") .withDescription("The folder to write reports to. This defaults to the current directory.")
.create(ArgumentName.OUT_SHORT); .create(ARGUMENT.OUT_SHORT);
final Option outputFormat = OptionBuilder.withArgName("format").hasArg().withLongOpt(ArgumentName.OUTPUT_FORMAT) final Option outputFormat = OptionBuilder.withArgName("format").hasArg().withLongOpt(ARGUMENT.OUTPUT_FORMAT)
.withDescription("The output format to write to (XML, HTML, VULN, ALL). The default is HTML.") .withDescription("The output format to write to (XML, HTML, VULN, ALL). The default is HTML.")
.create(ArgumentName.OUTPUT_FORMAT_SHORT); .create(ARGUMENT.OUTPUT_FORMAT_SHORT);
final Option verboseLog = OptionBuilder.withArgName("file").hasArg().withLongOpt(ArgumentName.VERBOSE_LOG) final Option verboseLog = OptionBuilder.withArgName("file").hasArg().withLongOpt(ARGUMENT.VERBOSE_LOG)
.withDescription("The file path to write verbose logging information.") .withDescription("The file path to write verbose logging information.")
.create(ArgumentName.VERBOSE_LOG_SHORT); .create(ARGUMENT.VERBOSE_LOG_SHORT);
final Option suppressionFile = OptionBuilder.withArgName("file").hasArg().withLongOpt(ArgumentName.SUPPRESSION_FILE) final Option suppressionFile = OptionBuilder.withArgName("file").hasArg().withLongOpt(ARGUMENT.SUPPRESSION_FILE)
.withDescription("The file path to the suppression XML file.") .withDescription("The file path to the suppression XML file.")
.create(); .create();
@@ -230,87 +235,87 @@ public final class CliParser {
@SuppressWarnings("static-access") @SuppressWarnings("static-access")
private void addAdvancedOptions(final Options options) throws IllegalArgumentException { private void addAdvancedOptions(final Options options) throws IllegalArgumentException {
final Option data = OptionBuilder.withArgName("path").hasArg().withLongOpt(ArgumentName.DATA_DIRECTORY) final Option data = OptionBuilder.withArgName("path").hasArg().withLongOpt(ARGUMENT.DATA_DIRECTORY)
.withDescription("The location of the H2 Database file. This option should generally not be set.") .withDescription("The location of the H2 Database file. This option should generally not be set.")
.create(ArgumentName.DATA_DIRECTORY_SHORT); .create(ARGUMENT.DATA_DIRECTORY_SHORT);
final Option connectionTimeout = OptionBuilder.withArgName("timeout").hasArg().withLongOpt(ArgumentName.CONNECTION_TIMEOUT) final Option connectionTimeout = OptionBuilder.withArgName("timeout").hasArg().withLongOpt(ARGUMENT.CONNECTION_TIMEOUT)
.withDescription("The connection timeout (in milliseconds) to use when downloading resources.") .withDescription("The connection timeout (in milliseconds) to use when downloading resources.")
.create(ArgumentName.CONNECTION_TIMEOUT_SHORT); .create(ARGUMENT.CONNECTION_TIMEOUT_SHORT);
final Option proxyUrl = OptionBuilder.withArgName("url").hasArg().withLongOpt(ArgumentName.PROXY_URL) final Option proxyServer = OptionBuilder.withArgName("server").hasArg().withLongOpt(ARGUMENT.PROXY_SERVER)
.withDescription("The proxy url to use when downloading resources.") .withDescription("The proxy server to use when downloading resources.")
.create(ArgumentName.PROXY_URL_SHORT); .create();
final Option proxyPort = OptionBuilder.withArgName("port").hasArg().withLongOpt(ArgumentName.PROXY_PORT) final Option proxyPort = OptionBuilder.withArgName("port").hasArg().withLongOpt(ARGUMENT.PROXY_PORT)
.withDescription("The proxy port to use when downloading resources.") .withDescription("The proxy port to use when downloading resources.")
.create(ArgumentName.PROXY_PORT_SHORT); .create();
final Option proxyUsername = OptionBuilder.withArgName("user").hasArg().withLongOpt(ArgumentName.PROXY_USERNAME) final Option proxyUsername = OptionBuilder.withArgName("user").hasArg().withLongOpt(ARGUMENT.PROXY_USERNAME)
.withDescription("The proxy username to use when downloading resources.") .withDescription("The proxy username to use when downloading resources.")
.create(); .create();
final Option proxyPassword = OptionBuilder.withArgName("pass").hasArg().withLongOpt(ArgumentName.PROXY_PASSWORD) final Option proxyPassword = OptionBuilder.withArgName("pass").hasArg().withLongOpt(ARGUMENT.PROXY_PASSWORD)
.withDescription("The proxy password to use when downloading resources.") .withDescription("The proxy password to use when downloading resources.")
.create(); .create();
final Option connectionString = OptionBuilder.withArgName("connStr").hasArg().withLongOpt(ArgumentName.CONNECTION_STRING) final Option connectionString = OptionBuilder.withArgName("connStr").hasArg().withLongOpt(ARGUMENT.CONNECTION_STRING)
.withDescription("The connection string to the database.") .withDescription("The connection string to the database.")
.create(); .create();
final Option dbUser = OptionBuilder.withArgName("user").hasArg().withLongOpt(ArgumentName.DB_NAME) final Option dbUser = OptionBuilder.withArgName("user").hasArg().withLongOpt(ARGUMENT.DB_NAME)
.withDescription("The username used to connect to the database.") .withDescription("The username used to connect to the database.")
.create(); .create();
final Option dbPassword = OptionBuilder.withArgName("password").hasArg().withLongOpt(ArgumentName.DB_PASSWORD) final Option dbPassword = OptionBuilder.withArgName("password").hasArg().withLongOpt(ARGUMENT.DB_PASSWORD)
.withDescription("The password for connecting to the database.") .withDescription("The password for connecting to the database.")
.create(); .create();
final Option dbDriver = OptionBuilder.withArgName("driver").hasArg().withLongOpt(ArgumentName.DB_DRIVER) final Option dbDriver = OptionBuilder.withArgName("driver").hasArg().withLongOpt(ARGUMENT.DB_DRIVER)
.withDescription("The database driver name.") .withDescription("The database driver name.")
.create(); .create();
final Option dbDriverPath = OptionBuilder.withArgName("path").hasArg().withLongOpt(ArgumentName.DB_DRIVER_PATH) final Option dbDriverPath = OptionBuilder.withArgName("path").hasArg().withLongOpt(ARGUMENT.DB_DRIVER_PATH)
.withDescription("The path to the database driver; note, this does not need to be set unless the JAR is outside of the classpath.") .withDescription("The path to the database driver; note, this does not need to be set unless the JAR is outside of the classpath.")
.create(); .create();
final Option disableJarAnalyzer = OptionBuilder.withLongOpt(ArgumentName.DISABLE_JAR) final Option disableJarAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_JAR)
.withDescription("Disable the Jar Analyzer.") .withDescription("Disable the Jar Analyzer.")
.create(); .create();
final Option disableArchiveAnalyzer = OptionBuilder.withLongOpt(ArgumentName.DISABLE_ARCHIVE) final Option disableArchiveAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_ARCHIVE)
.withDescription("Disable the Archive Analyzer.") .withDescription("Disable the Archive Analyzer.")
.create(); .create();
final Option disableNuspecAnalyzer = OptionBuilder.withLongOpt(ArgumentName.DISABLE_NUSPEC) final Option disableNuspecAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_NUSPEC)
.withDescription("Disable the Nuspec Analyzer.") .withDescription("Disable the Nuspec Analyzer.")
.create(); .create();
final Option disableAssemblyAnalyzer = OptionBuilder.withLongOpt(ArgumentName.DISABLE_ASSEMBLY) final Option disableAssemblyAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_ASSEMBLY)
.withDescription("Disable the .NET Assembly Analyzer.") .withDescription("Disable the .NET Assembly Analyzer.")
.create(); .create();
final Option disableNexusAnalyzer = OptionBuilder.withLongOpt(ArgumentName.DISABLE_NEXUS) final Option disableNexusAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_NEXUS)
.withDescription("Disable the Nexus Analyzer.") .withDescription("Disable the Nexus Analyzer.")
.create(); .create();
final Option nexusUrl = OptionBuilder.withArgName("url").hasArg().withLongOpt(ArgumentName.NEXUS_URL) final Option nexusUrl = OptionBuilder.withArgName("url").hasArg().withLongOpt(ARGUMENT.NEXUS_URL)
.withDescription("The url to the Nexus Server.") .withDescription("The url to the Nexus Server.")
.create(); .create();
final Option nexusUsesProxy = OptionBuilder.withArgName("true/false").hasArg().withLongOpt(ArgumentName.NEXUS_USES_PROXY) final Option nexusUsesProxy = OptionBuilder.withArgName("true/false").hasArg().withLongOpt(ARGUMENT.NEXUS_USES_PROXY)
.withDescription("Whether or not the configured proxy should be used when connecting to Nexus.") .withDescription("Whether or not the configured proxy should be used when connecting to Nexus.")
.create(); .create();
final Option additionalZipExtensions = OptionBuilder.withArgName("extensions").hasArg() final Option additionalZipExtensions = OptionBuilder.withArgName("extensions").hasArg()
.withLongOpt(ArgumentName.ADDITIONAL_ZIP_EXTENSIONS) .withLongOpt(ARGUMENT.ADDITIONAL_ZIP_EXTENSIONS)
.withDescription("A comma separated list of additional extensions to be scanned as ZIP files " .withDescription("A comma separated list of additional extensions to be scanned as ZIP files "
+ "(ZIP, EAR, WAR are already treated as zip files)") + "(ZIP, EAR, WAR are already treated as zip files)")
.create(); .create();
final Option pathToMono = OptionBuilder.withArgName("path").hasArg().withLongOpt(ArgumentName.PATH_TO_MONO) final Option pathToMono = OptionBuilder.withArgName("path").hasArg().withLongOpt(ARGUMENT.PATH_TO_MONO)
.withDescription("The path to Mono for .NET Assembly analysis on non-windows systems.") .withDescription("The path to Mono for .NET Assembly analysis on non-windows systems.")
.create(); .create();
options.addOption(proxyPort) options.addOption(proxyPort)
.addOption(proxyUrl) .addOption(proxyServer)
.addOption(proxyUsername) .addOption(proxyUsername)
.addOption(proxyPassword) .addOption(proxyPassword)
.addOption(connectionTimeout) .addOption(connectionTimeout)
@@ -331,13 +336,30 @@ public final class CliParser {
.addOption(pathToMono); .addOption(pathToMono);
} }
/**
* Adds the deprecated command line options to the given options collection. These are split out for purposes of not
* including them in the help message. We need to add the deprecated options so as not to break existing scripts.
*
* @param options a collection of command line arguments
* @throws IllegalArgumentException thrown if there is an exception
*/
@SuppressWarnings("static-access")
private void addDeprecatedOptions(final Options options) throws IllegalArgumentException {
final Option proxyServer = OptionBuilder.withArgName("url").hasArg().withLongOpt(ARGUMENT.PROXY_URL)
.withDescription("The proxy url argument is deprecated, use proxyserver instead.")
.create();
options.addOption(proxyServer);
}
/** /**
* Determines if the 'version' command line argument was passed in. * Determines if the 'version' command line argument was passed in.
* *
* @return whether or not the 'version' command line argument was passed in * @return whether or not the 'version' command line argument was passed in
*/ */
public boolean isGetVersion() { public boolean isGetVersion() {
return (line != null) && line.hasOption(ArgumentName.VERSION); return (line != null) && line.hasOption(ARGUMENT.VERSION);
} }
/** /**
@@ -346,7 +368,7 @@ public final class CliParser {
* @return whether or not the 'help' command line argument was passed in * @return whether or not the 'help' command line argument was passed in
*/ */
public boolean isGetHelp() { public boolean isGetHelp() {
return (line != null) && line.hasOption(ArgumentName.HELP); return (line != null) && line.hasOption(ARGUMENT.HELP);
} }
/** /**
@@ -355,7 +377,7 @@ public final class CliParser {
* @return whether or not the 'scan' command line argument was passed in * @return whether or not the 'scan' command line argument was passed in
*/ */
public boolean isRunScan() { public boolean isRunScan() {
return (line != null) && isValid && line.hasOption(ArgumentName.SCAN); return (line != null) && isValid && line.hasOption(ARGUMENT.SCAN);
} }
/** /**
@@ -364,7 +386,7 @@ public final class CliParser {
* @return true if the disableJar command line argument was specified; otherwise false * @return true if the disableJar command line argument was specified; otherwise false
*/ */
public boolean isJarDisabled() { public boolean isJarDisabled() {
return (line != null) && line.hasOption(ArgumentName.DISABLE_JAR); return (line != null) && line.hasOption(ARGUMENT.DISABLE_JAR);
} }
/** /**
@@ -373,7 +395,7 @@ public final class CliParser {
* @return true if the disableArchive command line argument was specified; otherwise false * @return true if the disableArchive command line argument was specified; otherwise false
*/ */
public boolean isArchiveDisabled() { public boolean isArchiveDisabled() {
return (line != null) && line.hasOption(ArgumentName.DISABLE_ARCHIVE); return (line != null) && line.hasOption(ARGUMENT.DISABLE_ARCHIVE);
} }
/** /**
@@ -382,7 +404,7 @@ public final class CliParser {
* @return true if the disableNuspec command line argument was specified; otherwise false * @return true if the disableNuspec command line argument was specified; otherwise false
*/ */
public boolean isNuspecDisabled() { public boolean isNuspecDisabled() {
return (line != null) && line.hasOption(ArgumentName.DISABLE_NUSPEC); return (line != null) && line.hasOption(ARGUMENT.DISABLE_NUSPEC);
} }
/** /**
@@ -391,7 +413,7 @@ public final class CliParser {
* @return true if the disableAssembly command line argument was specified; otherwise false * @return true if the disableAssembly command line argument was specified; otherwise false
*/ */
public boolean isAssemblyDisabled() { public boolean isAssemblyDisabled() {
return (line != null) && line.hasOption(ArgumentName.DISABLE_ASSEMBLY); return (line != null) && line.hasOption(ARGUMENT.DISABLE_ASSEMBLY);
} }
/** /**
@@ -400,7 +422,7 @@ public final class CliParser {
* @return true if the disableNexus command line argument was specified; otherwise false * @return true if the disableNexus command line argument was specified; otherwise false
*/ */
public boolean isNexusDisabled() { public boolean isNexusDisabled() {
return (line != null) && line.hasOption(ArgumentName.DISABLE_NEXUS); return (line != null) && line.hasOption(ARGUMENT.DISABLE_NEXUS);
} }
/** /**
@@ -409,10 +431,10 @@ public final class CliParser {
* @return the url to the nexus server; if none was specified this will return null; * @return the url to the nexus server; if none was specified this will return null;
*/ */
public String getNexusUrl() { public String getNexusUrl() {
if (line == null || !line.hasOption(ArgumentName.NEXUS_URL)) { if (line == null || !line.hasOption(ARGUMENT.NEXUS_URL)) {
return null; return null;
} else { } else {
return line.getOptionValue(ArgumentName.NEXUS_URL); return line.getOptionValue(ARGUMENT.NEXUS_URL);
} }
} }
@@ -425,14 +447,14 @@ public final class CliParser {
public boolean isNexusUsesProxy() { public boolean isNexusUsesProxy() {
// If they didn't specify whether Nexus needs to use the proxy, we should // If they didn't specify whether Nexus needs to use the proxy, we should
// still honor the property if it's set. // still honor the property if it's set.
if (line == null || !line.hasOption(ArgumentName.NEXUS_USES_PROXY)) { if (line == null || !line.hasOption(ARGUMENT.NEXUS_USES_PROXY)) {
try { try {
return Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_PROXY); return Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_PROXY);
} catch (InvalidSettingException ise) { } catch (InvalidSettingException ise) {
return true; return true;
} }
} else { } else {
return Boolean.parseBoolean(line.getOptionValue(ArgumentName.NEXUS_USES_PROXY)); return Boolean.parseBoolean(line.getOptionValue(ARGUMENT.NEXUS_USES_PROXY));
} }
} }
@@ -443,7 +465,7 @@ public final class CliParser {
final HelpFormatter formatter = new HelpFormatter(); final HelpFormatter formatter = new HelpFormatter();
final Options options = new Options(); final Options options = new Options();
addStandardOptions(options); addStandardOptions(options);
if (line != null && line.hasOption(ArgumentName.ADVANCED_HELP)) { if (line != null && line.hasOption(ARGUMENT.ADVANCED_HELP)) {
addAdvancedOptions(options); addAdvancedOptions(options);
} }
final String helpMsg = String.format("%n%s" final String helpMsg = String.format("%n%s"
@@ -466,7 +488,7 @@ public final class CliParser {
* @return the file paths specified on the command line for scan * @return the file paths specified on the command line for scan
*/ */
public String[] getScanFiles() { public String[] getScanFiles() {
return line.getOptionValues(ArgumentName.SCAN); return line.getOptionValues(ARGUMENT.SCAN);
} }
/** /**
@@ -475,7 +497,7 @@ public final class CliParser {
* @return the path to the reports directory. * @return the path to the reports directory.
*/ */
public String getReportDirectory() { public String getReportDirectory() {
return line.getOptionValue(ArgumentName.OUT, "."); return line.getOptionValue(ARGUMENT.OUT, ".");
} }
/** /**
@@ -484,7 +506,7 @@ public final class CliParser {
* @return the path to Mono * @return the path to Mono
*/ */
public String getPathToMono() { public String getPathToMono() {
return line.getOptionValue(ArgumentName.PATH_TO_MONO); return line.getOptionValue(ARGUMENT.PATH_TO_MONO);
} }
/** /**
@@ -493,7 +515,7 @@ public final class CliParser {
* @return the output format name. * @return the output format name.
*/ */
public String getReportFormat() { public String getReportFormat() {
return line.getOptionValue(ArgumentName.OUTPUT_FORMAT, "HTML"); return line.getOptionValue(ARGUMENT.OUTPUT_FORMAT, "HTML");
} }
/** /**
@@ -502,7 +524,7 @@ public final class CliParser {
* @return the application name. * @return the application name.
*/ */
public String getApplicationName() { public String getApplicationName() {
return line.getOptionValue(ArgumentName.APP_NAME); return line.getOptionValue(ARGUMENT.APP_NAME);
} }
/** /**
@@ -511,16 +533,24 @@ public final class CliParser {
* @return the connection timeout * @return the connection timeout
*/ */
public String getConnectionTimeout() { public String getConnectionTimeout() {
return line.getOptionValue(ArgumentName.CONNECTION_TIMEOUT); return line.getOptionValue(ARGUMENT.CONNECTION_TIMEOUT);
} }
/** /**
* Returns the proxy url. * Returns the proxy server.
* *
* @return the proxy url * @return the proxy server
*/ */
public String getProxyUrl() { public String getProxyServer() {
return line.getOptionValue(ArgumentName.PROXY_URL);
String server = line.getOptionValue(ARGUMENT.PROXY_SERVER);
if (server == null) {
server = line.getOptionValue(ARGUMENT.PROXY_URL);
if (server != null) {
LOGGER.warning("An old command line argument 'proxyurl' was detected; use proxyserver instead");
}
}
return server;
} }
/** /**
@@ -529,7 +559,7 @@ public final class CliParser {
* @return the proxy port * @return the proxy port
*/ */
public String getProxyPort() { public String getProxyPort() {
return line.getOptionValue(ArgumentName.PROXY_PORT); return line.getOptionValue(ARGUMENT.PROXY_PORT);
} }
/** /**
@@ -538,7 +568,7 @@ public final class CliParser {
* @return the proxy username * @return the proxy username
*/ */
public String getProxyUsername() { public String getProxyUsername() {
return line.getOptionValue(ArgumentName.PROXY_USERNAME); return line.getOptionValue(ARGUMENT.PROXY_USERNAME);
} }
/** /**
@@ -547,7 +577,7 @@ public final class CliParser {
* @return the proxy password * @return the proxy password
*/ */
public String getProxyPassword() { public String getProxyPassword() {
return line.getOptionValue(ArgumentName.PROXY_PASSWORD); return line.getOptionValue(ARGUMENT.PROXY_PASSWORD);
} }
/** /**
@@ -556,7 +586,7 @@ public final class CliParser {
* @return the value of dataDirectory * @return the value of dataDirectory
*/ */
public String getDataDirectory() { public String getDataDirectory() {
return line.getOptionValue(ArgumentName.DATA_DIRECTORY); return line.getOptionValue(ARGUMENT.DATA_DIRECTORY);
} }
/** /**
@@ -565,7 +595,7 @@ public final class CliParser {
* @return the properties file specified on the command line * @return the properties file specified on the command line
*/ */
public File getPropertiesFile() { public File getPropertiesFile() {
final String path = line.getOptionValue(ArgumentName.PROP); final String path = line.getOptionValue(ARGUMENT.PROP);
if (path != null) { if (path != null) {
return new File(path); return new File(path);
} }
@@ -578,7 +608,7 @@ public final class CliParser {
* @return the path to the verbose log file * @return the path to the verbose log file
*/ */
public String getVerboseLog() { public String getVerboseLog() {
return line.getOptionValue(ArgumentName.VERBOSE_LOG); return line.getOptionValue(ARGUMENT.VERBOSE_LOG);
} }
/** /**
@@ -587,7 +617,7 @@ public final class CliParser {
* @return the path to the suppression file * @return the path to the suppression file
*/ */
public String getSuppressionFile() { public String getSuppressionFile() {
return line.getOptionValue(ArgumentName.SUPPRESSION_FILE); return line.getOptionValue(ARGUMENT.SUPPRESSION_FILE);
} }
/** /**
@@ -610,7 +640,7 @@ public final class CliParser {
* @return if auto-update is allowed. * @return if auto-update is allowed.
*/ */
public boolean isAutoUpdate() { public boolean isAutoUpdate() {
return (line == null) || !line.hasOption(ArgumentName.DISABLE_AUTO_UPDATE); return (line == null) || !line.hasOption(ARGUMENT.DISABLE_AUTO_UPDATE);
} }
/** /**
@@ -619,7 +649,7 @@ public final class CliParser {
* @return the database driver name if specified; otherwise null is returned * @return the database driver name if specified; otherwise null is returned
*/ */
public String getDatabaseDriverName() { public String getDatabaseDriverName() {
return line.getOptionValue(ArgumentName.DB_DRIVER); return line.getOptionValue(ARGUMENT.DB_DRIVER);
} }
/** /**
@@ -628,7 +658,7 @@ public final class CliParser {
* @return the database driver name if specified; otherwise null is returned * @return the database driver name if specified; otherwise null is returned
*/ */
public String getDatabaseDriverPath() { public String getDatabaseDriverPath() {
return line.getOptionValue(ArgumentName.DB_DRIVER_PATH); return line.getOptionValue(ARGUMENT.DB_DRIVER_PATH);
} }
/** /**
@@ -637,7 +667,7 @@ public final class CliParser {
* @return the database connection string if specified; otherwise null is returned * @return the database connection string if specified; otherwise null is returned
*/ */
public String getConnectionString() { public String getConnectionString() {
return line.getOptionValue(ArgumentName.CONNECTION_STRING); return line.getOptionValue(ARGUMENT.CONNECTION_STRING);
} }
/** /**
@@ -646,7 +676,7 @@ public final class CliParser {
* @return the database database user name if specified; otherwise null is returned * @return the database database user name if specified; otherwise null is returned
*/ */
public String getDatabaseUser() { public String getDatabaseUser() {
return line.getOptionValue(ArgumentName.DB_NAME); return line.getOptionValue(ARGUMENT.DB_NAME);
} }
/** /**
@@ -655,7 +685,7 @@ public final class CliParser {
* @return the database database password if specified; otherwise null is returned * @return the database database password if specified; otherwise null is returned
*/ */
public String getDatabasePassword() { public String getDatabasePassword() {
return line.getOptionValue(ArgumentName.DB_PASSWORD); return line.getOptionValue(ARGUMENT.DB_PASSWORD);
} }
/** /**
@@ -664,13 +694,13 @@ public final class CliParser {
* @return the additional Extensions; otherwise null is returned * @return the additional Extensions; otherwise null is returned
*/ */
public String getAdditionalZipExtensions() { public String getAdditionalZipExtensions() {
return line.getOptionValue(ArgumentName.ADDITIONAL_ZIP_EXTENSIONS); return line.getOptionValue(ARGUMENT.ADDITIONAL_ZIP_EXTENSIONS);
} }
/** /**
* A collection of static final strings that represent the possible command line arguments. * A collection of static final strings that represent the possible command line arguments.
*/ */
public static class ArgumentName { public static class ARGUMENT {
/** /**
* The long CLI argument name specifying the directory/file to scan. * The long CLI argument name specifying the directory/file to scan.
@@ -732,21 +762,20 @@ public final class CliParser {
* The short CLI argument name asking for the version. * The short CLI argument name asking for the version.
*/ */
public static final String VERSION = "version"; public static final String VERSION = "version";
/**
* The short CLI argument name indicating the proxy port.
*/
public static final String PROXY_PORT_SHORT = "p";
/** /**
* The CLI argument name indicating the proxy port. * The CLI argument name indicating the proxy port.
*/ */
public static final String PROXY_PORT = "proxyport"; public static final String PROXY_PORT = "proxyport";
/** /**
* The short CLI argument name indicating the proxy url. * The CLI argument name indicating the proxy server.
*/ */
public static final String PROXY_URL_SHORT = "u"; public static final String PROXY_SERVER = "proxyserver";
/** /**
* The CLI argument name indicating the proxy url. * The CLI argument name indicating the proxy url.
*
* @deprecated use {@link org.owasp.dependencycheck.cli.CliParser.ArgumentName#PROXY_SERVER} instead
*/ */
@Deprecated
public static final String PROXY_URL = "proxyurl"; public static final String PROXY_URL = "proxyurl";
/** /**
* The CLI argument name indicating the proxy username. * The CLI argument name indicating the proxy username.

6
dependency-check-cli/src/site/markdown/arguments.md
View File

@@ -3,7 +3,7 @@ Command Line Arguments
The following table lists the command line arguments: The following table lists the command line arguments:
Short | Argument Name | Parameter | Description | Requirement Short | Argument Name   | Parameter | Description | Requirement
-------|-----------------------|-----------------|-------------|------------ -------|-----------------------|-----------------|-------------|------------
\-a | \-\-app | \<name\> | The name of the application being scanned. This is a required argument. | Required \-a | \-\-app | \<name\> | The name of the application being scanned. This is a required argument. | Required
\-s | \-\-scan | \<path\> | The path to scan \- this option can be specified multiple times. It is also possible to specify specific file types that should be scanned by supplying a scan path of '[path]/[to]/[scan]/*.zip'. The wild card can only be used to denote any file-name with a specific extension. | Required \-s | \-\-scan | \<path\> | The path to scan \- this option can be specified multiple times. It is also possible to specify specific file types that should be scanned by supplying a scan path of '[path]/[to]/[scan]/*.zip'. The wild card can only be used to denote any file-name with a specific extension. | Required
@@ -18,7 +18,7 @@ Short | Argument Name | Parameter | Description | Requirement
Advanced Options Advanced Options
================ ================
Short | Argument Name | Parameter | Description | Default Value Short | Argument&nbsp;Name&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | Parameter | Description | Default&nbsp;Value
-------|-----------------------|-----------------|-------------|--------------- -------|-----------------------|-----------------|-------------|---------------
| \-\-disableArchive | | Sets whether the Archive Analyzer will be used. | false | \-\-disableArchive | | Sets whether the Archive Analyzer will be used. | false
| \-\-zipExtensions | \<strings\> | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. | &nbsp; | \-\-zipExtensions | \<strings\> | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. | &nbsp;
@@ -30,7 +30,7 @@ Short | Argument Name | Parameter | Description | Default Value
| \-\-disableNuspec | | Sets whether or not the .NET Nuget Nuspec Analyzer will be used. | false | \-\-disableNuspec | | Sets whether or not the .NET Nuget Nuspec Analyzer will be used. | false
| \-\-disableAssembly | | Sets whether or not the .NET Assembly Analyzer should be used. | false | \-\-disableAssembly | | Sets whether or not the .NET Assembly Analyzer should be used. | false
| \-\-pathToMono | \<path\> | The path to Mono for .NET Assembly analysis on non-windows systems. | &nbsp; | \-\-pathToMono | \<path\> | The path to Mono for .NET Assembly analysis on non-windows systems. | &nbsp;
| \-\-proxyurl | \<url\> | The proxy url to use when downloading resources. | &nbsp; | \-\-proxyserver | \<server\> | The proxy server to use when downloading resources. | &nbsp;
| \-\-proxyport | \<port\> | The proxy port to use when downloading resources. | &nbsp; | \-\-proxyport | \<port\> | The proxy port to use when downloading resources. | &nbsp;
| \-\-connectiontimeout | \<timeout\> | The connection timeout (in milliseconds) to use when downloading resources. | &nbsp; | \-\-connectiontimeout | \<timeout\> | The connection timeout (in milliseconds) to use when downloading resources. | &nbsp;
| \-\-proxypass | \<pass\> | The proxy password to use when downloading resources. | &nbsp; | \-\-proxypass | \<pass\> | The proxy password to use when downloading resources. | &nbsp;

47
dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java
View File

@@ -234,26 +234,49 @@ public class DependencyCheckScanAgent {
} }
/** /**
* The Proxy URL. * The Proxy Server.
*/ */
private String proxyUrl; private String proxyServer;
/** /**
* Get the value of proxyUrl. * Get the value of proxyServer.
* *
* @return the value of proxyUrl * @return the value of proxyServer
*/ */
public String getProxyUrl() { public String getProxyServer() {
return proxyUrl; return proxyServer;
} }
/** /**
* Set the value of proxyUrl. * Set the value of proxyServer.
* *
* @param proxyUrl new value of proxyUrl * @param proxyServer new value of proxyServer
*/ */
public void setProxyServer(String proxyServer) {
this.proxyServer = proxyServer;
}
/**
* Get the value of proxyServer.
*
* @return the value of proxyServer
* @deprecated use {@link org.owasp.dependencycheck.agent.DependencyCheckScanAgent#getProxyServer()} instead
*/
@Deprecated
public String getProxyUrl() {
return proxyServer;
}
/**
* Set the value of proxyServer.
*
* @param proxyUrl new value of proxyServer
* @deprecated use {@link org.owasp.dependencycheck.agent.DependencyCheckScanAgent#setProxyServer(java.lang.String)
* } instead
*/
@Deprecated
public void setProxyUrl(String proxyUrl) { public void setProxyUrl(String proxyUrl) {
this.proxyUrl = proxyUrl; this.proxyServer = proxyUrl;
} }
/** /**
@@ -792,7 +815,7 @@ public class DependencyCheckScanAgent {
/** /**
* Takes the properties supplied and updates the dependency-check settings. Additionally, this sets the system * Takes the properties supplied and updates the dependency-check settings. Additionally, this sets the system
* properties required to change the proxy url, port, and connection timeout. * properties required to change the proxy server, port, and connection timeout.
*/ */
private void populateSettings() { private void populateSettings() {
Settings.initialize(); Settings.initialize();
@@ -808,8 +831,8 @@ public class DependencyCheckScanAgent {
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
if (proxyUrl != null && !proxyUrl.isEmpty()) { if (proxyServer != null && !proxyServer.isEmpty()) {
Settings.setString(Settings.KEYS.PROXY_URL, proxyUrl); Settings.setString(Settings.KEYS.PROXY_SERVER, proxyServer);
} }
if (proxyPort != null && !proxyPort.isEmpty()) { if (proxyPort != null && !proxyPort.isEmpty()) {
Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort); Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort);

4
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
View File

@@ -205,6 +205,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
grokAssemblyExe.deleteOnExit(); grokAssemblyExe.deleteOnExit();
LOGGER.log(Level.FINE, "analyzer.AssemblyAnalyzer.grokassembly.deployed", grokAssemblyExe.getPath()); LOGGER.log(Level.FINE, "analyzer.AssemblyAnalyzer.grokassembly.deployed", grokAssemblyExe.getPath());
} catch (IOException ioe) { } catch (IOException ioe) {
this.setEnabled(false);
LOGGER.log(Level.WARNING, "analyzer.AssemblyAnalyzer.grokassembly.notdeployed", ioe.getMessage()); LOGGER.log(Level.WARNING, "analyzer.AssemblyAnalyzer.grokassembly.notdeployed", ioe.getMessage());
throw new AnalysisException("Could not extract GrokAssembly.exe", ioe); throw new AnalysisException("Could not extract GrokAssembly.exe", ioe);
} finally { } finally {
@@ -242,6 +243,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
LOGGER.warning("An error occurred with the .NET AssemblyAnalyzer, please see the log for more details."); LOGGER.warning("An error occurred with the .NET AssemblyAnalyzer, please see the log for more details.");
LOGGER.fine("GrokAssembly.exe is not working properly"); LOGGER.fine("GrokAssembly.exe is not working properly");
grokAssemblyExe = null; grokAssemblyExe = null;
this.setEnabled(false);
throw new AnalysisException("Could not execute .NET AssemblyAnalyzer"); throw new AnalysisException("Could not execute .NET AssemblyAnalyzer");
} }
} catch (Throwable e) { } catch (Throwable e) {
@@ -250,6 +252,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
} else { } else {
LOGGER.warning("analyzer.AssemblyAnalyzer.grokassembly.initialization.failed"); LOGGER.warning("analyzer.AssemblyAnalyzer.grokassembly.initialization.failed");
LOGGER.log(Level.FINE, "analyzer.AssemblyAnalyzer.grokassembly.initialization.message", e.getMessage()); LOGGER.log(Level.FINE, "analyzer.AssemblyAnalyzer.grokassembly.initialization.message", e.getMessage());
this.setEnabled(false);
throw new AnalysisException("An error occured with the .NET AssemblyAnalyzer", e); throw new AnalysisException("An error occured with the .NET AssemblyAnalyzer", e);
} }
} finally { } finally {
@@ -261,7 +264,6 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
} }
} }
} }
builder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
} }

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusSearch.java
View File

@@ -64,7 +64,7 @@ public class NexusSearch {
public NexusSearch(URL rootURL) { public NexusSearch(URL rootURL) {
this.rootURL = rootURL; this.rootURL = rootURL;
try { try {
if (null != Settings.getString(Settings.KEYS.PROXY_URL) if (null != Settings.getString(Settings.KEYS.PROXY_SERVER)
&& Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_PROXY)) { && Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_PROXY)) {
useProxy = true; useProxy = true;
LOGGER.fine("Using proxy"); LOGGER.fine("Using proxy");

2
dependency-check-core/src/main/resources/dependencycheck-resources.properties
View File

@@ -4,7 +4,7 @@ analyzer.AssemblyAnalyzer.notassembly={0} is not a .NET assembly or executable a
analyzer.AssemblyAnalyzer.grokassembly.rc=Return code {0} from GrokAssembly analyzer.AssemblyAnalyzer.grokassembly.rc=Return code {0} from GrokAssembly
analyzer.AssemblyAnalyzer.grokassembly.deployed=Extracted GrokAssembly.exe to {0} analyzer.AssemblyAnalyzer.grokassembly.deployed=Extracted GrokAssembly.exe to {0}
analyzer.AssemblyAnalyzer.grokassembly.notdeployed=Could not extract GrokAssembly.exe: {0} analyzer.AssemblyAnalyzer.grokassembly.notdeployed=Could not extract GrokAssembly.exe: {0}
analyzer.AssemblyAnalyzer.grokassembly.initlization.failed=An error occurred with the .NET AssemblyAnalyzer; \ analyzer.AssemblyAnalyzer.grokassembly.initialization.failed=An error occurred with the .NET AssemblyAnalyzer; \
this can be ignored unless you are scanning .NET DLLs. Please see the log for more details. this can be ignored unless you are scanning .NET DLLs. Please see the log for more details.
analyzer.AssemblyAnalyzer.grokassembly.initialization.message=Could not execute GrokAssembly {0} analyzer.AssemblyAnalyzer.grokassembly.initialization.message=Could not execute GrokAssembly {0}
analyzer.AssemblyAnalyzer.grokassembly.notdeleted=Can't delete temporary GrokAssembly.exe analyzer.AssemblyAnalyzer.grokassembly.notdeleted=Can't delete temporary GrokAssembly.exe

68
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java
View File

@@ -147,15 +147,6 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
@SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"}) @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"})
@Parameter(property = "externalReport", defaultValue = "false", required = true) @Parameter(property = "externalReport", defaultValue = "false", required = true)
private boolean externalReport = false; private boolean externalReport = false;
/**
* The Proxy URL.
*
* @deprecated Please use mavenSettings instead
*/
@SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"})
@Parameter(property = "proxyUrl", defaultValue = "", required = false)
@Deprecated
private String proxyUrl = null;
/** /**
* The maven settings. * The maven settings.
@@ -171,33 +162,6 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
@Parameter(property = "mavenSettingsProxyId", required = false) @Parameter(property = "mavenSettingsProxyId", required = false)
private String mavenSettingsProxyId; private String mavenSettingsProxyId;
/**
* The Proxy Port.
*
* @deprecated Please use mavenSettings instead
*/
@SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"})
@Parameter(property = "proxyPort", defaultValue = "", required = false)
@Deprecated
private String proxyPort = null;
/**
* The Proxy username.
*
* @deprecated Please use mavenSettings instead
*/
@SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"})
@Parameter(property = "proxyUsername", defaultValue = "", required = false)
@Deprecated
private String proxyUsername = null;
/**
* The Proxy password.
*
* @deprecated Please use mavenSettings instead
*/
@SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"})
@Parameter(property = "proxyPassword", defaultValue = "", required = false)
@Deprecated
private String proxyPassword = null;
/** /**
* The Connection Timeout. * The Connection Timeout.
*/ */
@@ -348,6 +312,16 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
@Parameter(property = "pathToMono", defaultValue = "", required = false) @Parameter(property = "pathToMono", defaultValue = "", required = false)
private String pathToMono; private String pathToMono;
/**
* The Proxy URL.
*
* @deprecated Please use mavenSettings instead
*/
@SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"})
@Parameter(property = "proxyUrl", defaultValue = "", required = false)
@Deprecated
private String proxyUrl = null;
// </editor-fold> // </editor-fold>
/** /**
* Executes the Dependency-Check on the dependent libraries. * Executes the Dependency-Check on the dependent libraries.
@@ -777,12 +751,12 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
// </editor-fold> // </editor-fold>
/** /**
* Returns the maven settings proxy url. * Returns the maven settings proxy server.
* *
* @param proxy the maven proxy * @param proxy the maven proxy
* @return the proxy url * @return the proxy url
*/ */
private String getMavenSettingsProxyUrl(Proxy proxy) { private String getMavenSettingsProxyServer(Proxy proxy) {
return new StringBuilder(proxy.getProtocol()).append("://").append(proxy.getHost()).toString(); return new StringBuilder(proxy.getProtocol()).append("://").append(proxy.getHost()).toString();
} }
@@ -836,9 +810,13 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
if (proxyUrl != null && !proxyUrl.isEmpty()) {
logger.warning("Deprecated configuration detected, proxyUrl will be ignored; use the maven settings to configure the proxy instead");
}
final Proxy proxy = getMavenProxy(); final Proxy proxy = getMavenProxy();
if (proxy != null) { if (proxy != null) {
Settings.setString(Settings.KEYS.PROXY_URL, getMavenSettingsProxyUrl(proxy)); Settings.setString(Settings.KEYS.PROXY_SERVER, getMavenSettingsProxyServer(proxy));
Settings.setString(Settings.KEYS.PROXY_PORT, Integer.toString(proxy.getPort())); Settings.setString(Settings.KEYS.PROXY_PORT, Integer.toString(proxy.getPort()));
final String userName = proxy.getUsername(); final String userName = proxy.getUsername();
final String password = proxy.getPassword(); final String password = proxy.getPassword();
@@ -848,18 +826,6 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
} }
} }
if (proxyUrl != null && !proxyUrl.isEmpty()) {
Settings.setString(Settings.KEYS.PROXY_URL, proxyUrl);
}
if (proxyPort != null && !proxyPort.isEmpty()) {
Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort);
}
if (proxyUsername != null && !proxyUsername.isEmpty()) {
Settings.setString(Settings.KEYS.PROXY_USERNAME, proxyUsername);
}
if (proxyPassword != null && !proxyPassword.isEmpty()) {
Settings.setString(Settings.KEYS.PROXY_PASSWORD, proxyPassword);
}
if (connectionTimeout != null && !connectionTimeout.isEmpty()) { if (connectionTimeout != null && !connectionTimeout.isEmpty()) {
Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout); Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout);
} }

15
dependency-check-maven/src/site/markdown/configuration.md
View File

@@ -55,17 +55,6 @@ databaseUser | The username used when connecting to the database.
databasePassword | The password used when connecting to the database. | &nbsp; databasePassword | The password used when connecting to the database. | &nbsp;
Deprecated Configuration Proxy Configuration
==================== ====================
The following properties have been deprecated. These can still be set in Use [Maven's settings](https://maven.apache.org/settings.html#Proxies) to configure a proxy server.
the dependency-check-maven plugin's configuration. However, future versions
will remove these properties. Instead using these properties you should
use [Maven's settings](https://maven.apache.org/settings.html#Proxies) to
configure a proxy.
Property | Description | Default Value
---------------------|------------------------------------|------------------
proxyUrl | The Proxy URL. | &nbsp;
proxyPort | The Proxy Port. | &nbsp;
proxyUsername | Defines the proxy user name. | &nbsp;
proxyPassword | Defines the proxy password. | &nbsp;

9
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java
View File

@@ -166,7 +166,7 @@ public final class Downloader {
try { try {
lastModifiedFile = new File(url.toURI()); lastModifiedFile = new File(url.toURI());
} catch (URISyntaxException ex) { } catch (URISyntaxException ex) {
final String msg = String.format("Unable to locate '%s'; is the cve.url-2.0.modified property set correctly?", url.toString()); final String msg = String.format("Unable to locate '%s'", url.toString());
throw new DownloadFailedException(msg); throw new DownloadFailedException(msg);
} }
timestamp = lastModifiedFile.lastModified(); timestamp = lastModifiedFile.lastModified();
@@ -176,7 +176,12 @@ public final class Downloader {
conn = URLConnectionFactory.createHttpURLConnection(url); conn = URLConnectionFactory.createHttpURLConnection(url);
conn.setRequestMethod("HEAD"); conn.setRequestMethod("HEAD");
conn.connect(); conn.connect();
timestamp = conn.getLastModified(); int t = conn.getResponseCode();
if (t >= 200 && t < 300) {
timestamp = conn.getLastModified();
} else {
throw new DownloadFailedException("HEAD request returned a non-200 status code");
}
} catch (URLConnectionFailureException ex) { } catch (URLConnectionFailureException ex) {
throw new DownloadFailedException("Error creating URL Connection for HTTP HEAD request.", ex); throw new DownloadFailedException("Error creating URL Connection for HTTP HEAD request.", ex);
} catch (IOException ex) { } catch (IOException ex) {

19
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
View File

@@ -110,9 +110,16 @@ public final class Settings {
*/ */
public static final String CVE_SCHEMA_2_0 = "cve.url-2.0.base"; public static final String CVE_SCHEMA_2_0 = "cve.url-2.0.base";
/** /**
* The properties key for the proxy url. * The properties key for the proxy server.
*
* @deprecated use {@link org.owasp.dependencycheck.utils.Settings.KEYS#PROXY_SERVER} instead.
*/ */
public static final String PROXY_URL = "proxy.url"; @Deprecated
public static final String PROXY_URL = "proxy.server";
/**
* The properties key for the proxy server.
*/
public static final String PROXY_SERVER = "proxy.server";
/** /**
* The properties key for the proxy port - this must be an integer value. * The properties key for the proxy port - this must be an integer value.
*/ */
@@ -257,6 +264,14 @@ public final class Settings {
localSettings.set(new Settings(propertiesFilePath)); localSettings.set(new Settings(propertiesFilePath));
} }
/**
* Cleans up resources to prevent memory leaks.
*
*/
public static void cleanup() {
cleanup(true);
}
/** /**
* Cleans up resources to prevent memory leaks. * Cleans up resources to prevent memory leaks.
* *

2
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java
View File

@@ -51,7 +51,7 @@ public final class URLConnectionFactory {
public static HttpURLConnection createHttpURLConnection(URL url) throws URLConnectionFailureException { public static HttpURLConnection createHttpURLConnection(URL url) throws URLConnectionFailureException {
HttpURLConnection conn = null; HttpURLConnection conn = null;
Proxy proxy = null; Proxy proxy = null;
final String proxyUrl = Settings.getString(Settings.KEYS.PROXY_URL); final String proxyUrl = Settings.getString(Settings.KEYS.PROXY_SERVER);
try { try {
if (proxyUrl != null) { if (proxyUrl != null) {
final int proxyPort = Settings.getInt(Settings.KEYS.PROXY_PORT); final int proxyPort = Settings.getInt(Settings.KEYS.PROXY_PORT);

2
dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java
View File

@@ -38,7 +38,7 @@ public class DownloaderIntegrationTest extends BaseTest {
// Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, "1000"); // Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, "1000");
// Settings.setString(Settings.KEYS.PROXY_PORT, "8080"); // Settings.setString(Settings.KEYS.PROXY_PORT, "8080");
// Settings.setString(Settings.KEYS.PROXY_URL, "127.0.0.1"); // Settings.setString(Settings.KEYS.PROXY_SERVER, "127.0.0.1");
URL url = new URL(Settings.getString(Settings.KEYS.CVE_MODIFIED_20_URL)); URL url = new URL(Settings.getString(Settings.KEYS.CVE_MODIFIED_20_URL));
File outputPath = new File("target/downloaded_cve.xml"); File outputPath = new File("target/downloaded_cve.xml");
Downloader.fetchFile(url, outputPath); Downloader.fetchFile(url, outputPath);