From 23ad3d04b053df27fcdb3b535df94aa2afa80485 Mon Sep 17 00:00:00 2001
From: Johann Schmitz <schmitz@cominto.de>
Date: Tue, 6 Jun 2017 12:22:31 +0200
Subject: [PATCH 1/2] Issue #754: Allow exclusion of artifacts by type (regex)

---
 .../maven/ArtifactTypeExcluded.java           | 44 +++++++++++++++++++
 .../maven/BaseDependencyCheckMojo.java        | 18 +++++++-
 2 files changed, 61 insertions(+), 1 deletion(-)
 create mode 100644 dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/ArtifactTypeExcluded.java

diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/ArtifactTypeExcluded.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/ArtifactTypeExcluded.java
new file mode 100644
index 000000000..780e1da11
--- /dev/null
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/ArtifactTypeExcluded.java
@@ -0,0 +1,44 @@
+/*
+ * This file is part of dependency-check-maven.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.owasp.dependencycheck.maven;
+
+import org.apache.commons.lang.StringUtils;
+import org.owasp.dependencycheck.utils.Filter;
+
+/**
+ * {@link Filter} implementation to exclude artifacts whose type matches a regular expression
+ */
+public class ArtifactTypeExcluded extends Filter<String> {
+
+    private final String regex;
+
+    /**
+     * Creates a new instance
+     * @param excludeRegex The regular expression to match the artifacts type against
+     */
+    public ArtifactTypeExcluded(final String excludeRegex) {
+        this.regex = excludeRegex;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public boolean passes(final String artifactType) {
+
+        return StringUtils.isNotEmpty(regex) && StringUtils.isNotEmpty(artifactType) && artifactType.matches(regex);
+    }
+}
diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
index 692bf2eec..eb945c2ab 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
@@ -408,6 +408,14 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
     @SuppressWarnings("CanBeFinal")
     @Parameter(property = "skipSystemScope", defaultValue = "false", required = false)
     private boolean skipSystemScope = false;
+
+    /**
+     * Skip analysis for dependencies which type matches this regular expression.
+     */
+    @SuppressWarnings("CanBeFinal")
+    @Parameter(property = "skipArtifactType", required = false)
+    private String skipArtifactType;
+
     /**
      * The data directory, hold DC SQL DB.
      */
@@ -470,6 +478,12 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
      */
     private Filter<String> artifactScopeExcluded;
 
+    /**
+     * Filter for artifact type.
+     */
+    private Filter<String> artifactTypeExcluded;
+
+
     // </editor-fold>
     //<editor-fold defaultstate="collapsed" desc="Base Maven implementation">
     /**
@@ -641,7 +655,8 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
             List<DependencyNode> nodes, ProjectBuildingRequest buildingRequest) {
         ExceptionCollection exCol = null;
         for (DependencyNode dependencyNode : nodes) {
-            if (artifactScopeExcluded.passes(dependencyNode.getArtifact().getScope())) {
+            if (artifactScopeExcluded.passes(dependencyNode.getArtifact().getScope()) ||
+                artifactTypeExcluded.passes(dependencyNode.getArtifact().getType())) {
                 continue;
             }
             exCol = collectDependencies(engine, project, dependencyNode.getChildren(), buildingRequest);
@@ -990,6 +1005,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
         Settings.setIntIfNotNull(Settings.KEYS.CVE_CHECK_VALID_FOR_HOURS, cveValidForHours);
 
         artifactScopeExcluded = new ArtifactScopeExcluded(skipTestScope, skipProvidedScope, skipSystemScope, skipRuntimeScope);
+        artifactTypeExcluded = new ArtifactTypeExcluded(skipArtifactType);
     }
 
     /**

From e2617b74347a04f31c80045c5c1469e8b9b10468 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 10 Jun 2017 07:51:07 -0400
Subject: [PATCH 2/2] added test and documentation

---
 .../src/site/markdown/configuration.md        |  1 +
 .../maven/ArtifactTypeExcludedTest.java       | 77 +++++++++++++++++++
 2 files changed, 78 insertions(+)
 create mode 100644 dependency-check-maven/src/test/java/org/owasp/dependencycheck/maven/ArtifactTypeExcludedTest.java

diff --git a/dependency-check-maven/src/site/markdown/configuration.md b/dependency-check-maven/src/site/markdown/configuration.md
index 72168e591..08dfab16c 100644
--- a/dependency-check-maven/src/site/markdown/configuration.md
+++ b/dependency-check-maven/src/site/markdown/configuration.md
@@ -27,6 +27,7 @@ skipProvidedScope           | Skip analysis for artifacts with Provided Scope.
 skipRuntimeScope            | Skip analysis for artifacts with Runtime Scope.            | false
 skipSystemScope             | Skip analysis for artifacts with System Scope.             | false
 skipTestScope               | Skip analysis for artifacts with Test Scope.               | true
+skipArtifactType            | A regular expression used to filter/skip artifact types.   | &nbsp;
 suppressionFile             | The file path to the XML suppression file \- used to suppress [false positives](../general/suppression.html). | &nbsp;
 hintsFile                   | The file path to the XML hints file \- used to resolve [false negatives](../general/hints.html).       | &nbsp;
 enableExperimental          | Enable the [experimental analyzers](../analyzers/index.html). If not enabled the experimental analyzers (see below) will not be loaded or used. | false
diff --git a/dependency-check-maven/src/test/java/org/owasp/dependencycheck/maven/ArtifactTypeExcludedTest.java b/dependency-check-maven/src/test/java/org/owasp/dependencycheck/maven/ArtifactTypeExcludedTest.java
new file mode 100644
index 000000000..e3a78f95e
--- /dev/null
+++ b/dependency-check-maven/src/test/java/org/owasp/dependencycheck/maven/ArtifactTypeExcludedTest.java
@@ -0,0 +1,77 @@
+/*
+ * This file is part of dependency-check-maven.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2017 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.maven;
+
+import org.junit.Test;
+import static org.junit.Assert.assertEquals;
+
+/**
+ *
+ * @author Jeremy Long
+ */
+public class ArtifactTypeExcludedTest {
+
+    /**
+     * Test of passes method, of class ArtifactTypeExcluded.
+     */
+    @Test
+    public void testPasses() {
+        String artifactType = null;
+        ArtifactTypeExcluded instance = new ArtifactTypeExcluded(null);
+        boolean expResult = false;
+        boolean result = instance.passes(artifactType);
+        assertEquals(expResult, result);
+
+        artifactType = "pom";
+        instance = new ArtifactTypeExcluded(null);
+        expResult = false;
+        result = instance.passes(artifactType);
+        assertEquals(expResult, result);
+        
+        artifactType = null;
+        instance = new ArtifactTypeExcluded("jar");
+        expResult = false;
+        result = instance.passes(artifactType);
+        assertEquals(expResult, result);
+        
+        artifactType = "pom";
+        instance = new ArtifactTypeExcluded("");
+        expResult = false;
+        result = instance.passes(artifactType);
+        assertEquals(expResult, result);
+        
+        artifactType = "pom";
+        instance = new ArtifactTypeExcluded("jar");
+        expResult = false;
+        result = instance.passes(artifactType);
+        assertEquals(expResult, result);
+        
+        artifactType = "pom";
+        instance = new ArtifactTypeExcluded("pom");
+        expResult = true;
+        result = instance.passes(artifactType);
+        assertEquals(expResult, result);
+        
+        artifactType = "pom";
+        instance = new ArtifactTypeExcluded(".*");
+        expResult = true;
+        result = instance.passes(artifactType);
+        assertEquals(expResult, result);
+    }
+
+}