diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index 5f331b675..eab0da16b 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -22,7 +22,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
dependency-check-parent
1.4.4
-
+ 1.4.4.1
dependency-check-maven
maven-plugin
Dependency-Check Maven Plugin
diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
index 6a84d10ab..f70a4f1ba 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
@@ -30,6 +30,7 @@ import org.apache.maven.plugins.annotations.Mojo;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.plugins.annotations.ResolutionScope;
import org.apache.maven.project.MavenProject;
+import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.exception.ExceptionCollection;
import org.owasp.dependencycheck.exception.ReportException;
@@ -62,7 +63,7 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
*/
@Override
public void runCheck() throws MojoExecutionException, MojoFailureException {
- final MavenEngine engine = loadEngine();
+ final Engine engine = loadEngine();
if (engine == null) {
return;
}
@@ -226,14 +227,14 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
/**
* Initializes the engine.
*
- * @return the MavenEngine used to execute dependency-check
+ * @return the Engine used to execute dependency-check
* @throws MojoExecutionException thrown if there is an exception running
* the Mojo
* @throws MojoFailureException thrown if dependency-check is configured to
* fail the build if severe CVEs are identified.
*/
- protected MavenEngine loadEngine() throws MojoExecutionException, MojoFailureException {
- MavenEngine engine = null;
+ protected Engine loadEngine() throws MojoExecutionException, MojoFailureException {
+ Engine engine = null;
try {
engine = initializeEngine();
} catch (DatabaseException ex) {
diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
index d39f9560b..9dbd290d8 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
@@ -49,6 +49,7 @@ import org.eclipse.aether.repository.RemoteRepository;
import org.eclipse.aether.resolution.ArtifactRequest;
import org.eclipse.aether.resolution.ArtifactResolutionException;
import org.eclipse.aether.resolution.ArtifactResult;
+import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.nexus.MavenArtifact;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
@@ -598,7 +599,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* @return a collection of exceptions that may have occurred while resolving
* and scanning the dependencies
*/
- protected ExceptionCollection scanArtifacts(MavenProject project, MavenEngine engine) {
+ protected ExceptionCollection scanArtifacts(MavenProject project, Engine engine) {
//
/*
for (Artifact a : project.getArtifacts()) {
@@ -648,7 +649,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* @return a collection of exceptions that may have occurred while resolving
* and scanning the dependencies
*/
- private ExceptionCollection collectDependencies(MavenEngine engine, MavenProject project, List nodes) {
+ private ExceptionCollection collectDependencies(Engine engine, MavenProject project, List nodes) {
ExceptionCollection exCol = null;
for (DependencyNode dependencyNode : nodes) {
exCol = collectDependencies(engine, project, dependencyNode.getChildren());
@@ -793,14 +794,14 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
//
/**
- * Initializes a new MavenEngine that can be used for scanning.
+ * Initializes a new Engine that can be used for scanning.
*
- * @return a newly instantiated MavenEngine
+ * @return a newly instantiated Engine
* @throws DatabaseException thrown if there is a database exception
*/
- protected MavenEngine initializeEngine() throws DatabaseException {
+ protected Engine initializeEngine() throws DatabaseException {
populateSettings();
- return new MavenEngine(this.project, this.reactorProjects);
+ return new Engine();
}
/**
@@ -1023,7 +1024,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* @param outputDir the directory path to write the report(s)
* @throws ReportException thrown if there is an error writing the report
*/
- protected void writeReports(MavenEngine engine, MavenProject p, File outputDir) throws ReportException {
+ protected void writeReports(Engine engine, MavenProject p, File outputDir) throws ReportException {
DatabaseProperties prop = null;
CveDB cve = null;
try {
@@ -1211,7 +1212,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* scan data between the "check" and "aggregate" phase.
*
* @param project the Maven project to read the data file from
- * @return a MavenEngine object populated with dependencies if
+ * @return a Engine object populated with dependencies if
* the serialized data file exists; otherwise null is returned
*/
protected List readDataFile(MavenProject project) {
diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java
index 57b697288..b2e578727 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java
@@ -25,6 +25,7 @@ import org.apache.maven.plugins.annotations.LifecyclePhase;
import org.apache.maven.plugins.annotations.Mojo;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.plugins.annotations.ResolutionScope;
+import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.exception.ExceptionCollection;
import org.owasp.dependencycheck.exception.ReportException;
@@ -74,7 +75,7 @@ public class CheckMojo extends BaseDependencyCheckMojo {
*/
@Override
public void runCheck() throws MojoExecutionException, MojoFailureException {
- MavenEngine engine = null;
+ Engine engine = null;
try {
engine = initializeEngine();
} catch (DatabaseException ex) {
diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/MavenEngine.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/MavenEngine.java
deleted file mode 100644
index 6db9ca918..000000000
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/MavenEngine.java
+++ /dev/null
@@ -1,243 +0,0 @@
-/*
- * This file is part of dependency-check-maven.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Copyright (c) 2014 Jeremy Long. All Rights Reserved.
- */
-package org.owasp.dependencycheck.maven;
-
-import java.util.List;
-import org.apache.maven.project.MavenProject;
-import org.owasp.dependencycheck.analyzer.Analyzer;
-import org.owasp.dependencycheck.analyzer.CPEAnalyzer;
-import org.owasp.dependencycheck.analyzer.FileTypeAnalyzer;
-import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
-import org.owasp.dependencycheck.data.update.exception.UpdateException;
-import org.owasp.dependencycheck.exception.ExceptionCollection;
-import org.owasp.dependencycheck.exception.InitializationException;
-import org.owasp.dependencycheck.utils.Settings;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * A modified version of the core engine specifically designed to persist some
- * data between multiple executions of a multi-module Maven project.
- *
- * @author Jeremy Long
- */
-public class MavenEngine extends org.owasp.dependencycheck.Engine {
-
- /**
- * The logger.
- */
- private static final transient Logger LOGGER = LoggerFactory.getLogger(MavenEngine.class);
- /**
- * A key used to persist an object in the MavenProject.
- */
- private static final String CPE_ANALYZER_KEY = "dependency-check-CPEAnalyzer";
- /**
- * The current MavenProject.
- */
- private MavenProject currentProject;
- /**
- * The list of MavenProjects that are part of the current build.
- */
- private List reactorProjects;
- /**
- * Key used in the MavenProject context values to note whether or not an
- * update has been executed.
- */
- public static final String UPDATE_EXECUTED_FLAG = "dependency-check-update-executed";
-
- /**
- * Creates a new Engine to perform analysis on dependencies.
- *
- * @param project the current Maven project
- * @param reactorProjects the reactor projects for the current Maven
- * execution
- * @throws DatabaseException thrown if there is an issue connecting to the
- * database
- */
- public MavenEngine(MavenProject project, List reactorProjects) throws DatabaseException {
- this.currentProject = project;
- this.reactorProjects = reactorProjects;
- initializeEngine();
- }
-
- /**
- * Runs the analyzers against all of the dependencies.
- *
- * @throws ExceptionCollection thrown if an exception occurred; contains a
- * collection of exceptions that occurred during analysis.
- */
- @Override
- public void analyzeDependencies() throws ExceptionCollection {
- final MavenProject root = getExecutionRoot();
- if (root != null) {
- LOGGER.debug("Checking root project, {}, if updates have already been completed", root.getArtifactId());
- } else {
- LOGGER.debug("Checking root project, null, if updates have already been completed");
- }
- if (root != null && root.getContextValue(UPDATE_EXECUTED_FLAG) != null) {
- System.setProperty(Settings.KEYS.AUTO_UPDATE, Boolean.FALSE.toString());
- }
- super.analyzeDependencies();
- if (root != null) {
- root.setContextValue(UPDATE_EXECUTED_FLAG, Boolean.TRUE);
- }
- }
-
- /**
- * Runs the update steps of dependency-check.
- *
- * @throws UpdateException thrown if there is an exception
- */
- public void update() throws UpdateException {
- final MavenProject root = getExecutionRoot();
- if (root != null && root.getContextValue(UPDATE_EXECUTED_FLAG) != null) {
- System.setProperty(Settings.KEYS.AUTO_UPDATE, Boolean.FALSE.toString());
- }
- this.doUpdates();
- }
-
- /**
- * This constructor should not be called. Use Engine(MavenProject) instead.
- *
- * @throws DatabaseException thrown if there is an issue connecting to the
- * database
- */
- private MavenEngine() throws DatabaseException {
- }
-
- /**
- * Initializes the given analyzer. This skips the initialization of the
- * CPEAnalyzer if it has been initialized by a previous execution.
- *
- * @param analyzer the analyzer to initialize
- * @return the initialized analyzer
- */
- @Override
- protected Analyzer initializeAnalyzer(Analyzer analyzer) throws InitializationException {
- if (analyzer instanceof CPEAnalyzer) {
- CPEAnalyzer cpe = getPreviouslyLoadedCPEAnalyzer();
- if (cpe != null && cpe.isOpen()) {
- return cpe;
- }
- cpe = (CPEAnalyzer) super.initializeAnalyzer(analyzer);
- storeCPEAnalyzer(cpe);
- return cpe;
- }
- return super.initializeAnalyzer(analyzer);
- }
-
- /**
- * Releases resources used by the analyzers by calling close() on each
- * analyzer.
- */
- @Override
- public void cleanup() {
- super.cleanup();
- if (currentProject == null || reactorProjects == null) {
- return;
- }
- if (this.currentProject == reactorProjects.get(reactorProjects.size() - 1)) {
- final CPEAnalyzer cpe = getPreviouslyLoadedCPEAnalyzer();
- if (cpe != null) {
- cpe.close();
- }
- }
- }
-
- /**
- * Closes the given analyzer. This skips closing the CPEAnalyzer.
- *
- * @param analyzer the analyzer to close
- */
- @Override
- protected void closeAnalyzer(Analyzer analyzer) {
- if (analyzer instanceof CPEAnalyzer) {
- if (getPreviouslyLoadedCPEAnalyzer() == null) {
- super.closeAnalyzer(analyzer);
- }
- } else {
- super.closeAnalyzer(analyzer);
- }
- }
-
- /**
- * Gets the CPEAnalyzer from the root Maven Project.
- *
- * @return an initialized CPEAnalyzer
- */
- private CPEAnalyzer getPreviouslyLoadedCPEAnalyzer() {
- CPEAnalyzer cpe = null;
- final MavenProject project = getExecutionRoot();
- if (project != null) {
- final Object obj = project.getContextValue(CPE_ANALYZER_KEY);
- if (obj != null && obj instanceof CPEAnalyzer) {
- cpe = (CPEAnalyzer) project.getContextValue(CPE_ANALYZER_KEY);
- }
- }
- return cpe;
- }
-
- /**
- * Stores a CPEAnalyzer in the root Maven Project.
- *
- * @param cpe the CPEAnalyzer to store
- */
- private void storeCPEAnalyzer(CPEAnalyzer cpe) {
- final MavenProject p = getExecutionRoot();
- if (p != null) {
- p.setContextValue(CPE_ANALYZER_KEY, cpe);
- }
- }
-
- /**
- * Returns the root Maven Project.
- *
- * @return the root Maven Project
- */
- MavenProject getExecutionRoot() {
- if (reactorProjects == null) {
- return null;
- }
- for (MavenProject p : reactorProjects) {
- if (p.isExecutionRoot()) {
- return p;
- }
- }
- //the following should never run, but leaving it as a failsafe.
- if (this.currentProject == null) {
- return null;
- }
- MavenProject p = this.currentProject;
- while (p.getParent() != null) {
- p = p.getParent();
- }
- return p;
- }
-
- /**
- * Resets the file type analyzers so that they can be re-used to scan
- * additional directories. Without the reset the analyzer might be disabled
- * because the first scan/analyze did not identify any files that could be
- * processed by the analyzer.
- */
- public void resetFileTypeAnalyzers() {
- for (FileTypeAnalyzer a : getFileTypeAnalyzers()) {
- a.reset();
- }
- }
-}
diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/UpdateMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/UpdateMojo.java
index ed79b6a99..ec0e6928d 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/UpdateMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/UpdateMojo.java
@@ -23,6 +23,7 @@ import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.plugins.annotations.LifecyclePhase;
import org.apache.maven.plugins.annotations.Mojo;
import org.apache.maven.plugins.annotations.ResolutionScope;
+import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.data.update.exception.UpdateException;
import org.owasp.dependencycheck.utils.Settings;
@@ -64,10 +65,10 @@ public class UpdateMojo extends BaseDependencyCheckMojo {
*/
@Override
public void runCheck() throws MojoExecutionException, MojoFailureException {
- MavenEngine engine = null;
+ Engine engine = null;
try {
engine = initializeEngine();
- engine.update();
+ engine.doUpdates();
} catch (DatabaseException ex) {
if (getLog().isDebugEnabled()) {
getLog().debug("Database connection error", ex);
diff --git a/dependency-check-maven/src/test/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojoTest.java b/dependency-check-maven/src/test/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojoTest.java
index 4ee8a4f65..339397e2f 100644
--- a/dependency-check-maven/src/test/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojoTest.java
+++ b/dependency-check-maven/src/test/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojoTest.java
@@ -35,6 +35,7 @@ import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import org.junit.Assume;
import org.junit.Test;
+import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.Settings;
@@ -91,7 +92,7 @@ public class BaseDependencyCheckMojoTest extends BaseTest {
boolean autoUpdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE);
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
- MavenEngine engine = new MavenEngine(null, null);
+ Engine engine = new Engine();
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
assertTrue(engine.getDependencies().isEmpty());