github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-02-24 19:35:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

updates to resolve issue #215

Browse Source
This commit is contained in:
Jeremy Long
2016-07-17 07:19:56 -04:00
parent 6d5d5ceb7b
commit c5757dc5f4
17 changed files with 569 additions and 202 deletions
Download Patch File Download Diff File Expand all files Collapse all files

126
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
View File

@@ -25,6 +25,7 @@ import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import org.apache.maven.MavenExecutionException;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.plugins.annotations.LifecyclePhase;
@@ -36,11 +37,13 @@ import org.owasp.dependencycheck.analyzer.DependencyBundlingAnalyzer;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.exception.ExceptionCollection;
import org.owasp.dependencycheck.exception.ReportException;
import org.owasp.dependencycheck.utils.Settings;
/**
* Maven Plugin that checks project dependencies and the dependencies of all child modules to see if they have any known published
* vulnerabilities.
* Maven Plugin that checks project dependencies and the dependencies of all
* child modules to see if they have any known published vulnerabilities.
*
* @author Jeremy Long
*/
@@ -55,18 +58,27 @@ import org.owasp.dependencycheck.utils.Settings;
public class AggregateMojo extends BaseDependencyCheckMojo {
/**
* Executes the aggregate dependency-check goal. This runs dependency-check and generates the subsequent reports.
* The key to store aggregate exception in the root Maven execution context.
*/
private static final String AGGREGATE_EXCEPTIONS = "AggregateExceptions";
/**
* Executes the aggregate dependency-check goal. This runs dependency-check
* and generates the subsequent reports.
*
* @throws MojoExecutionException thrown if there is ane exception running the mojo
* @throws MojoFailureException thrown if dependency-check is configured to fail the build
* @throws MojoExecutionException thrown if there is ane exception running
* the mojo
* @throws MojoFailureException thrown if dependency-check is configured to
* fail the build
*/
@Override
public void runCheck() throws MojoExecutionException, MojoFailureException {
final Engine engine = generateDataFile();
final MavenEngine engine = generateDataFile();
if (engine == null) {
return;
}
//if (getProject() == getReactorProjects().get(getReactorProjects().size() - 1)) {
if (getProject() == getLastProject()) {
//ensure that the .ser file was created for each.
for (MavenProject current : getReactorProjects()) {
final File dataFile = getDataFile(current);
@@ -76,7 +88,6 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
generateDataFile(engine, current);
}
}
for (MavenProject current : getReactorProjects()) {
List<Dependency> dependencies = readDataFile(current);
if (dependencies == null) {
@@ -90,10 +101,8 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
getLog().debug(String.format("Adding %d dependencies from %s", childDeps.size(), reportOn.getName()));
}
dependencies.addAll(childDeps);
} else {
if (getLog().isDebugEnabled()) {
getLog().debug(String.format("No dependencies read for %s", reportOn.getName()));
}
} else if (getLog().isDebugEnabled()) {
getLog().debug(String.format("No dependencies read for %s", reportOn.getName()));
}
}
engine.getDependencies().clear();
@@ -118,7 +127,21 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
//we shouldn't write this because nothing is configured to generate this report.
outputDir = new File(current.getBuild().getDirectory());
}
writeReports(engine, current, outputDir);
try {
writeReports(engine, current, outputDir);
} catch (ReportException ex) {
ExceptionCollection exCol = (ExceptionCollection) engine.getExecutionRoot().getContextValue(AGGREGATE_EXCEPTIONS);
if (exCol == null) {
exCol = new ExceptionCollection("Error writing aggregate report",ex);
} else {
exCol.addException(ex);
}
if (this.isFailOnError()) {
throw new MojoExecutionException("One or more exceptions occured during dependency-check analysis", exCol);
} else {
getLog().debug("One or more exceptions occured during dependency-check analysis", exCol);
}
}
}
}
engine.cleanup();
@@ -126,7 +149,8 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
}
/**
* Gets the last project in the reactor - taking into account skipped projects.
* Gets the last project in the reactor - taking into account skipped
* projects.
*
* @return the last project in the reactor
*/
@@ -152,7 +176,8 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
}
/**
* Returns a set containing all the descendant projects of the given project.
* Returns a set containing all the descendant projects of the given
* project.
*
* @param project the project for which all descendants will be returned
* @return the set of descendant projects
@@ -232,49 +257,85 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
* Test if the project has pom packaging
*
* @param mavenProject Project to test
* @return <code>true</code> if it has a pom packaging; otherwise <code>false</code>
* @return <code>true</code> if it has a pom packaging; otherwise
* <code>false</code>
*/
protected boolean isMultiModule(MavenProject mavenProject) {
return "pom".equals(mavenProject.getPackaging());
}
/**
* Initializes the engine, runs a scan, and writes the serialized dependencies to disk.
* Initializes the engine, runs a scan, and writes the serialized
* dependencies to disk.
*
* @return the Engine used to execute dependency-check
* @throws MojoExecutionException thrown if there is an exception running the mojo
* @throws MojoFailureException thrown if dependency-check is configured to fail the build if severe CVEs are identified.
* @return the MavenEngine used to execute dependency-check
* @throws MojoExecutionException thrown if there is an exception running
* the mojo
* @throws MojoFailureException thrown if dependency-check is configured to
* fail the build if severe CVEs are identified.
*/
protected Engine generateDataFile() throws MojoExecutionException, MojoFailureException {
final Engine engine;
protected MavenEngine generateDataFile() throws MojoExecutionException, MojoFailureException {
MavenEngine engine = null;
try {
engine = initializeEngine();
} catch (DatabaseException ex) {
if (getLog().isDebugEnabled()) {
getLog().debug("Database connection error", ex);
}
throw new MojoExecutionException("An exception occured connecting to the local database. Please see the log file for more details.", ex);
final String msg = "An exception occured connecting to the local database. Please see the log file for more details.";
if (this.isFailOnError()) {
throw new MojoExecutionException(msg, ex);
}
getLog().error(msg, ex);
return null;
}
return generateDataFile(engine, getProject());
}
/**
* Runs dependency-check's Engine and writes the serialized dependencies to disk.
* Runs dependency-check's MavenEngine and writes the serialized
* dependencies to disk.
*
* @param engine the Engine to use when scanning.
* @param engine the MavenEngine to use when scanning.
* @param project the project to scan and generate the data file for
* @return the Engine used to execute dependency-check
* @throws MojoExecutionException thrown if there is an exception running the mojo
* @throws MojoFailureException thrown if dependency-check is configured to fail the build if severe CVEs are identified.
* @return the MavenEngine used to execute dependency-check
* @throws MojoExecutionException thrown if there is an exception running
* the mojo
* @throws MojoFailureException thrown if dependency-check is configured to
* fail the build if severe CVEs are identified.
*/
protected Engine generateDataFile(Engine engine, MavenProject project) throws MojoExecutionException, MojoFailureException {
protected MavenEngine generateDataFile(MavenEngine engine, MavenProject project) throws MojoExecutionException, MojoFailureException {
if (getLog().isDebugEnabled()) {
getLog().debug(String.format("Begin Scanning: %s", project.getName()));
}
engine.getDependencies().clear();
engine.resetFileTypeAnalyzers();
scanArtifacts(project, engine);
engine.analyzeDependencies();
try {
engine.analyzeDependencies();
} catch (ExceptionCollection ex) {
ExceptionCollection col = (ExceptionCollection) engine.getExecutionRoot().getContextValue(AGGREGATE_EXCEPTIONS);
if (col == null) {
col = ex;
} else if (ex.isFatal()) {
col.setFatal(true);
col.getExceptions().addAll(ex.getExceptions());
}
if (col.isFatal()) {
final String msg = String.format("Fatal exception(s) analyzing %s", project.getName());
if (this.isFailOnError()) {
throw new MojoExecutionException(msg, ex);
}
getLog().error(msg, col);
return null;
} else {
final String msg = String.format("Exception(s) analyzing %s", project.getName());
if (getLog().isDebugEnabled()) {
getLog().debug(msg, ex);
}
engine.getExecutionRoot().setContextValue(AGGREGATE_EXCEPTIONS, col);
}
}
final File target = new File(project.getBuild().getDirectory());
writeDataFile(project, target, engine.getDependencies());
showSummary(project, engine.getDependencies());
@@ -306,7 +367,8 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
}
/**
* Gets the description of the Dependency-Check report to be displayed in the Maven Generated Reports page.
* Gets the description of the Dependency-Check report to be displayed in
* the Maven Generated Reports page.
*
* @param locale The Locale to get the description for
* @return the description

57
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
View File

@@ -47,6 +47,7 @@ import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Identifier;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.exception.ReportException;
import org.owasp.dependencycheck.reporting.ReportGenerator;
import org.owasp.dependencycheck.utils.ExpectedOjectInputStream;
import org.owasp.dependencycheck.utils.Settings;
@@ -69,14 +70,27 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* System specific new line character.
*/
private static final String NEW_LINE = System.getProperty("line.separator", "\n").intern();
//</editor-fold>
// <editor-fold defaultstate="collapsed" desc="Maven bound parameters and components">
/**
* Sets whether or not the external report format should be used.
*/
@Parameter(property = "metaFileName", defaultValue = "dependency-check.ser", required = true)
private String dataFileName;
/**
* Sets whether or not the external report format should be used.
*/
@Parameter(property = "failOnError", defaultValue = "true", required = true)
private boolean failOnError;
//</editor-fold>
// <editor-fold defaultstate="collapsed" desc="Maven bound parameters and components">
/**
* Returns if the mojo should fail the build if an exception occurs.
* @return whether or not the mojo should fail the build
*/
protected boolean isFailOnError() {
return failOnError;
}
/**
* The Maven Project Object.
*/
@@ -111,13 +125,11 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not
* recommended that this be turned to false. Default is true.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "autoUpdate")
private Boolean autoUpdate;
/**
* Sets whether Experimental analyzers are enabled. Default is false.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "enableExperimental")
private Boolean enableExperimental;
/**
@@ -145,7 +157,6 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
/**
* The maven settings proxy id.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "mavenSettingsProxyId", required = false)
private String mavenSettingsProxyId;
@@ -162,6 +173,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
/**
* Flag indicating whether or not to show a summary in the output.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "showSummary", defaultValue = "true", required = false)
private boolean showSummary = true;
@@ -541,7 +553,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* @param project the project to scan the dependencies of
* @param engine the engine to use to scan the dependencies
*/
protected void scanArtifacts(MavenProject project, Engine engine) {
protected void scanArtifacts(MavenProject project, MavenEngine engine) {
for (Artifact a : project.getArtifacts()) {
if (excludeFromScan(a)) {
continue;
@@ -649,14 +661,14 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
//</editor-fold>
/**
* Initializes a new <code>Engine</code> that can be used for scanning.
* Initializes a new <code>MavenEngine</code> that can be used for scanning.
*
* @return a newly instantiated <code>Engine</code>
* @return a newly instantiated <code>MavenEngine</code>
* @throws DatabaseException thrown if there is a database exception
*/
protected Engine initializeEngine() throws DatabaseException {
protected MavenEngine initializeEngine() throws DatabaseException {
populateSettings();
return new Engine(this.project,
return new MavenEngine(this.project,
this.reactorProjects);
}
@@ -875,10 +887,11 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* Generates the reports for a given dependency-check engine.
*
* @param engine a dependency-check engine
* @param p the maven project
* @param outputDir the directory path to write the report(s).
* @param p the Maven project
* @param outputDir the directory path to write the report(s)
* @throws ReportException thrown if there is an error writing the report
*/
protected void writeReports(Engine engine, MavenProject p, File outputDir) {
protected void writeReports(MavenEngine engine, MavenProject p, File outputDir) throws ReportException {
DatabaseProperties prop = null;
CveDB cve = null;
try {
@@ -897,19 +910,11 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
final ReportGenerator r = new ReportGenerator(p.getName(), engine.getDependencies(), engine.getAnalyzers(), prop);
try {
r.generateReports(outputDir.getAbsolutePath(), format);
} catch (IOException ex) {
getLog().error(
"Unexpected exception occurred during analysis; please see the verbose error log for more details.");
if (getLog().isDebugEnabled()) {
getLog().debug("", ex);
}
} catch (Throwable ex) {
getLog().error(
"Unexpected exception occurred during analysis; please see the verbose error log for more details.");
if (getLog().isDebugEnabled()) {
getLog().debug("", ex);
}
} catch (ReportException ex) {
final String msg = String.format("Error generating the report for %s", p.getName());
throw new ReportException(msg, ex);
}
}
//<editor-fold defaultstate="collapsed" desc="Methods to fail build or show summary">
@@ -1074,7 +1079,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* scan data between the "check" and "aggregate" phase.
*
* @param project the Maven project to read the data file from
* @return a <code>Engine</code> object populated with dependencies if the
* @return a <code>MavenEngine</code> object populated with dependencies if the
* serialized data file exists; otherwise <code>null</code> is returned
*/
protected List<Dependency> readDataFile(MavenProject project) {

73
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java
View File

@@ -26,10 +26,13 @@ import org.apache.maven.plugins.annotations.Mojo;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.plugins.annotations.ResolutionScope;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.exception.ExceptionCollection;
import org.owasp.dependencycheck.exception.ReportException;
import org.owasp.dependencycheck.utils.Settings;
/**
* Maven Plugin that checks the project dependencies to see if they have any known published vulnerabilities.
* Maven Plugin that checks the project dependencies to see if they have any
* known published vulnerabilities.
*
* @author Jeremy Long
*/
@@ -45,7 +48,8 @@ public class CheckMojo extends BaseDependencyCheckMojo {
/**
* Returns whether or not a the report can be generated.
*
* @return <code>true</code> if the report can be generated; otherwise <code>false</code>
* @return <code>true</code> if the report can be generated; otherwise
* <code>false</code>
*/
@Override
public boolean canGenerateReport() {
@@ -60,33 +64,65 @@ public class CheckMojo extends BaseDependencyCheckMojo {
}
/**
* Executes the dependency-check engine on the project's dependencies and generates the report.
* Executes the dependency-check engine on the project's dependencies and
* generates the report.
*
* @throws MojoExecutionException thrown if there is an exception executing the goal
* @throws MojoFailureException thrown if dependency-check is configured to fail the build
* @throws MojoExecutionException thrown if there is an exception executing
* the goal
* @throws MojoFailureException thrown if dependency-check is configured to
* fail the build
*/
@Override
public void runCheck() throws MojoExecutionException, MojoFailureException {
final Engine engine;
MavenEngine engine = null;
try {
engine = initializeEngine();
} catch (DatabaseException ex) {
if (getLog().isDebugEnabled()) {
getLog().debug("Database connection error", ex);
}
throw new MojoExecutionException("An exception occured connecting to the local database. Please see the log file for more details.", ex);
final String msg = "An exception occured connecting to the local database. Please see the log file for more details.";
if (this.isFailOnError()) {
throw new MojoExecutionException(msg, ex);
}
getLog().error(msg);
}
scanArtifacts(getProject(), engine);
if (engine.getDependencies().isEmpty()) {
getLog().info("No dependencies were identified that could be analyzed by dependency-check");
} else {
engine.analyzeDependencies();
writeReports(engine, getProject(), getCorrectOutputDirectory());
writeDataFile(getProject(), null, engine.getDependencies());
showSummary(getProject(), engine.getDependencies());
checkForFailure(engine.getDependencies());
if (engine != null) {
scanArtifacts(getProject(), engine);
if (engine.getDependencies().isEmpty()) {
getLog().info("No dependencies were identified that could be analyzed by dependency-check");
} else {
ExceptionCollection exCol = null;
try {
engine.analyzeDependencies();
} catch (ExceptionCollection ex) {
if (this.isFailOnError() && ex.isFatal()) {
throw new MojoExecutionException("One or more exceptions occured during analysis", ex);
}
exCol = ex;
}
if (exCol == null || !exCol.isFatal()) {
try {
writeReports(engine, getProject(), getCorrectOutputDirectory());
} catch (ReportException ex) {
if (this.isFailOnError()) {
if (exCol!= null) {
exCol.addException(ex);
} else {
exCol = new ExceptionCollection("Unable to write the dependency-check report", ex);
}
}
}
writeDataFile(getProject(), null, engine.getDependencies());
showSummary(getProject(), engine.getDependencies());
checkForFailure(engine.getDependencies());
if (exCol != null && this.isFailOnError()) {
throw new MojoExecutionException("One or more exceptions occured during dependency-check analysis", exCol);
}
}
}
engine.cleanup();
}
engine.cleanup();
Settings.cleanup();
}
@@ -109,7 +145,8 @@ public class CheckMojo extends BaseDependencyCheckMojo {
}
/**
* Gets the description of the Dependency-Check report to be displayed in the Maven Generated Reports page.
* Gets the description of the Dependency-Check report to be displayed in
* the Maven Generated Reports page.
*
* @param locale The Locale to get the description for
* @return the description

10
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java → dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/MavenEngine.java
View File

@@ -36,12 +36,12 @@ import org.slf4j.LoggerFactory;
*
* @author Jeremy Long
*/
public class Engine extends org.owasp.dependencycheck.Engine {
public class MavenEngine extends org.owasp.dependencycheck.Engine {
/**
* The logger.
*/
private static final transient Logger LOGGER = LoggerFactory.getLogger(Engine.class);
private static final transient Logger LOGGER = LoggerFactory.getLogger(MavenEngine.class);
/**
* A key used to persist an object in the MavenProject.
*/
@@ -69,7 +69,7 @@ public class Engine extends org.owasp.dependencycheck.Engine {
* @throws DatabaseException thrown if there is an issue connecting to the
* database
*/
public Engine(MavenProject project, List<MavenProject> reactorProjects) throws DatabaseException {
public MavenEngine(MavenProject project, List<MavenProject> reactorProjects) throws DatabaseException {
this.currentProject = project;
this.reactorProjects = reactorProjects;
initializeEngine();
@@ -117,7 +117,7 @@ public class Engine extends org.owasp.dependencycheck.Engine {
* @throws DatabaseException thrown if there is an issue connecting to the
* database
*/
private Engine() throws DatabaseException {
private MavenEngine() throws DatabaseException {
}
/**
@@ -208,7 +208,7 @@ public class Engine extends org.owasp.dependencycheck.Engine {
*
* @return the root Maven Project
*/
private MavenProject getExecutionRoot() {
MavenProject getExecutionRoot() {
if (reactorProjects == null) {
return null;
}

33
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/PurgeMojo.java
View File

@@ -54,14 +54,20 @@ public class PurgeMojo extends BaseDependencyCheckMojo {
/**
* Purges the local copy of the NVD.
*
* @throws MojoExecutionException thrown if there is an exception executing the goal
* @throws MojoFailureException thrown if dependency-check is configured to fail the build
* @throws MojoExecutionException thrown if there is an exception executing
* the goal
* @throws MojoFailureException thrown if dependency-check is configured to
* fail the build
*/
@Override
public void runCheck() throws MojoExecutionException, MojoFailureException {
if (getConnectionString() != null && !getConnectionString().isEmpty()) {
getLog().error("Unable to purge the local NVD when using a non-default connection string");
final String msg = "Unable to purge the local NVD when using a non-default connection string";
if (this.isFailOnError()) {
throw new MojoFailureException(msg);
}
getLog().error(msg);
} else {
populateSettings();
File db;
@@ -71,13 +77,25 @@ public class PurgeMojo extends BaseDependencyCheckMojo {
if (db.delete()) {
getLog().info("Database file purged; local copy of the NVD has been removed");
} else {
getLog().error(String.format("Unable to delete '%s'; please delete the file manually", db.getAbsolutePath()));
final String msg = String.format("Unable to delete '%s'; please delete the file manually", db.getAbsolutePath());
if (this.isFailOnError()) {
throw new MojoFailureException(msg);
}
getLog().error(msg);
}
} else {
getLog().error(String.format("Unable to purge database; the database file does not exists: %s", db.getAbsolutePath()));
final String msg = String.format("Unable to purge database; the database file does not exists: %s", db.getAbsolutePath());
if (this.isFailOnError()) {
throw new MojoFailureException(msg);
}
getLog().error(msg);
}
} catch (IOException ex) {
getLog().error("Unable to delete the database");
final String msg = "Unable to delete the database";
if (this.isFailOnError()) {
throw new MojoExecutionException(msg, ex);
}
getLog().error(msg);
}
Settings.cleanup();
}
@@ -95,7 +113,8 @@ public class PurgeMojo extends BaseDependencyCheckMojo {
}
/**
* Gets the description of the Dependency-Check report to be displayed in the Maven Generated Reports page.
* Gets the description of the Dependency-Check report to be displayed in
* the Maven Generated Reports page.
*
* @param locale The Locale to get the description for
* @return the description

36
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/UpdateMojo.java
View File

@@ -24,10 +24,12 @@ import org.apache.maven.plugins.annotations.LifecyclePhase;
import org.apache.maven.plugins.annotations.Mojo;
import org.apache.maven.plugins.annotations.ResolutionScope;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.data.update.exception.UpdateException;
import org.owasp.dependencycheck.utils.Settings;
/**
* Maven Plugin that checks the project dependencies to see if they have any known published vulnerabilities.
* Maven Plugin that checks the project dependencies to see if they have any
* known published vulnerabilities.
*
* @author Jeremy Long
*/
@@ -51,14 +53,17 @@ public class UpdateMojo extends BaseDependencyCheckMojo {
}
/**
* Executes the dependency-check engine on the project's dependencies and generates the report.
* Executes the dependency-check engine on the project's dependencies and
* generates the report.
*
* @throws MojoExecutionException thrown if there is an exception executing the goal
* @throws MojoFailureException thrown if dependency-check is configured to fail the build
* @throws MojoExecutionException thrown if there is an exception executing
* the goal
* @throws MojoFailureException thrown if dependency-check is configured to
* fail the build
*/
@Override
public void runCheck() throws MojoExecutionException, MojoFailureException {
final Engine engine;
MavenEngine engine = null;
try {
engine = initializeEngine();
engine.update();
@@ -66,9 +71,21 @@ public class UpdateMojo extends BaseDependencyCheckMojo {
if (getLog().isDebugEnabled()) {
getLog().debug("Database connection error", ex);
}
throw new MojoExecutionException("An exception occured connecting to the local database. Please see the log file for more details.", ex);
final String msg = "An exception occured connecting to the local database. Please see the log file for more details.";
if (this.isFailOnError()) {
throw new MojoExecutionException(msg, ex);
}
getLog().error(msg);
} catch (UpdateException ex) {
final String msg = "An exception occured while downloading updates. Please see the log file for more details.";
if (this.isFailOnError()) {
throw new MojoExecutionException(msg, ex);
}
getLog().error(msg);
}
if (engine != null) {
engine.cleanup();
}
engine.cleanup();
Settings.cleanup();
}
@@ -84,7 +101,8 @@ public class UpdateMojo extends BaseDependencyCheckMojo {
}
/**
* Gets the description of the Dependency-Check report to be displayed in the Maven Generated Reports page.
* Gets the description of the Dependency-Check report to be displayed in
* the Maven Generated Reports page.
*
* @param locale The Locale to get the description for
* @return the description
@@ -93,5 +111,5 @@ public class UpdateMojo extends BaseDependencyCheckMojo {
public String getDescription(Locale locale) {
return "Updates the local cache of the NVD data from NIST.";
}
}