Merge branch 'COMINTO-754-error-resolving'

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/ArtifactTypeExcluded.java

@@ -0,0 +1,44 @@
+/*
+ * This file is part of dependency-check-maven.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.owasp.dependencycheck.maven;
+
+import org.apache.commons.lang.StringUtils;
+import org.owasp.dependencycheck.utils.Filter;
+
+/**
+ * {@link Filter} implementation to exclude artifacts whose type matches a regular expression
+ */
+public class ArtifactTypeExcluded extends Filter<String> {
+
+    private final String regex;
+
+    /**
+     * Creates a new instance
+     * @param excludeRegex The regular expression to match the artifacts type against
+     */
+    public ArtifactTypeExcluded(final String excludeRegex) {
+        this.regex = excludeRegex;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public boolean passes(final String artifactType) {
+
+        return StringUtils.isNotEmpty(regex) && StringUtils.isNotEmpty(artifactType) && artifactType.matches(regex);
+    }
+}

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java

@@ -408,6 +408,14 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
     @SuppressWarnings("CanBeFinal")
     @Parameter(property = "skipSystemScope", defaultValue = "false", required = false)
     private boolean skipSystemScope = false;
+
+    /**
+     * Skip analysis for dependencies which type matches this regular expression.
+     */
+    @SuppressWarnings("CanBeFinal")
+    @Parameter(property = "skipArtifactType", required = false)
+    private String skipArtifactType;
+
     /**
      * The data directory, hold DC SQL DB.
      */
@@ -470,6 +478,12 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
      */
     private Filter<String> artifactScopeExcluded;
 
+    /**
+     * Filter for artifact type.
+     */
+    private Filter<String> artifactTypeExcluded;
+
+
     // </editor-fold>
     //<editor-fold defaultstate="collapsed" desc="Base Maven implementation">
     /**
@@ -641,7 +655,8 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
             List<DependencyNode> nodes, ProjectBuildingRequest buildingRequest) {
         ExceptionCollection exCol = null;
         for (DependencyNode dependencyNode : nodes) {
-            if (artifactScopeExcluded.passes(dependencyNode.getArtifact().getScope())) {
+            if (artifactScopeExcluded.passes(dependencyNode.getArtifact().getScope()) ||
+                artifactTypeExcluded.passes(dependencyNode.getArtifact().getType())) {
                 continue;
             }
             exCol = collectDependencies(engine, project, dependencyNode.getChildren(), buildingRequest);
@@ -990,6 +1005,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
         Settings.setIntIfNotNull(Settings.KEYS.CVE_CHECK_VALID_FOR_HOURS, cveValidForHours);
 
         artifactScopeExcluded = new ArtifactScopeExcluded(skipTestScope, skipProvidedScope, skipSystemScope, skipRuntimeScope);
+        artifactTypeExcluded = new ArtifactTypeExcluded(skipArtifactType);
     }
 
     /**

dependency-check-maven/src/site/markdown/configuration.md

@@ -27,6 +27,7 @@ skipProvidedScope           | Skip analysis for artifacts with Provided Scope.
 skipRuntimeScope            | Skip analysis for artifacts with Runtime Scope.            | false
 skipSystemScope             | Skip analysis for artifacts with System Scope.             | false
 skipTestScope               | Skip analysis for artifacts with Test Scope.               | true
+skipArtifactType            | A regular expression used to filter/skip artifact types.   |  
 suppressionFile             | The file path to the XML suppression file \- used to suppress [false positives](../general/suppression.html). |  
 hintsFile                   | The file path to the XML hints file \- used to resolve [false negatives](../general/hints.html).       |  
 enableExperimental          | Enable the [experimental analyzers](../analyzers/index.html). If not enabled the experimental analyzers (see below) will not be loaded or used. | false

dependency-check-maven/src/test/java/org/owasp/dependencycheck/maven/ArtifactTypeExcludedTest.java

@@ -0,0 +1,77 @@
+/*
+ * This file is part of dependency-check-maven.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2017 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.maven;
+
+import org.junit.Test;
+import static org.junit.Assert.assertEquals;
+
+/**
+ *
+ * @author Jeremy Long
+ */
+public class ArtifactTypeExcludedTest {
+
+    /**
+     * Test of passes method, of class ArtifactTypeExcluded.
+     */
+    @Test
+    public void testPasses() {
+        String artifactType = null;
+        ArtifactTypeExcluded instance = new ArtifactTypeExcluded(null);
+        boolean expResult = false;
+        boolean result = instance.passes(artifactType);
+        assertEquals(expResult, result);
+
+        artifactType = "pom";
+        instance = new ArtifactTypeExcluded(null);
+        expResult = false;
+        result = instance.passes(artifactType);
+        assertEquals(expResult, result);
+        
+        artifactType = null;
+        instance = new ArtifactTypeExcluded("jar");
+        expResult = false;
+        result = instance.passes(artifactType);
+        assertEquals(expResult, result);
+        
+        artifactType = "pom";
+        instance = new ArtifactTypeExcluded("");
+        expResult = false;
+        result = instance.passes(artifactType);
+        assertEquals(expResult, result);
+        
+        artifactType = "pom";
+        instance = new ArtifactTypeExcluded("jar");
+        expResult = false;
+        result = instance.passes(artifactType);
+        assertEquals(expResult, result);
+        
+        artifactType = "pom";
+        instance = new ArtifactTypeExcluded("pom");
+        expResult = true;
+        result = instance.passes(artifactType);
+        assertEquals(expResult, result);
+        
+        artifactType = "pom";
+        instance = new ArtifactTypeExcluded(".*");
+        expResult = true;
+        result = instance.passes(artifactType);
+        assertEquals(expResult, result);
+    }
+
+}