diff --git a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java index 01764c81a..d557c54a4 100644 --- a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java +++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java @@ -457,6 +457,81 @@ public class DependencyCheckTask extends Task { this.showSummary = showSummary; } + /** + * Sets whether or not the analyzer is enabled. + * + * @param jarAnalyzerEnabled the value of the new setting + */ + public void setJarAnalyzerEnabled(boolean jarAnalyzerEnabled) { + this.jarAnalyzerEnabled = jarAnalyzerEnabled; + } + /** + * Whether or not the Archive Analyzer is enabled. + */ + private boolean archiveAnalyzerEnabled = true; + + /** + * Returns whether or not the analyzer is enabled. + * + * @return true if the analyzer is enabled + */ + public boolean isArchiveAnalyzerEnabled() { + return archiveAnalyzerEnabled; + } + /** + * Whether or not the .NET Assembly Analyzer is enabled. + */ + private boolean assemblyAnalyzerEnabled = true; + + /** + * Sets whether or not the analyzer is enabled. + * + * @param archiveAnalyzerEnabled the value of the new setting + */ + public void setArchiveAnalyzerEnabled(boolean archiveAnalyzerEnabled) { + this.archiveAnalyzerEnabled = archiveAnalyzerEnabled; + } + + /** + * Returns whether or not the analyzer is enabled. + * + * @return true if the analyzer is enabled + */ + public boolean isAssemblyAnalyzerEnabled() { + return assemblyAnalyzerEnabled; + } + + /** + * Sets whether or not the analyzer is enabled. + * + * @param assemblyAnalyzerEnabled the value of the new setting + */ + public void setAssemblyAnalyzerEnabled(boolean assemblyAnalyzerEnabled) { + this.assemblyAnalyzerEnabled = assemblyAnalyzerEnabled; + } + /** + * Whether or not the .NET Nuspec Analyzer is enabled. + */ + private boolean nuspecAnalyzerEnabled = true; + + /** + * Returns whether or not the analyzer is enabled. + * + * @return true if the analyzer is enabled + */ + public boolean isNuspecAnalyzerEnabled() { + return nuspecAnalyzerEnabled; + } + + /** + * Sets whether or not the analyzer is enabled. + * + * @param nuspecAnalyzerEnabled the value of the new setting + */ + public void setNuspecAnalyzerEnabled(boolean nuspecAnalyzerEnabled) { + this.nuspecAnalyzerEnabled = nuspecAnalyzerEnabled; + } + /** * Whether or not the nexus analyzer is enabled. */ @@ -907,11 +982,29 @@ public class DependencyCheckTask extends Task { if (suppressionFile != null && !suppressionFile.isEmpty()) { Settings.setString(Settings.KEYS.SUPPRESSION_FILE, suppressionFile); } + + //File Type Analyzer Settings + //JAR ANALYZER + Settings.setBoolean(Settings.KEYS.ANALYZER_JAR_ENABLED, jarAnalyzerEnabled); + //NUSPEC ANALYZER + Settings.setBoolean(Settings.KEYS.ANALYZER_NUSPEC_ENABLED, nuspecAnalyzerEnabled); + //NEXUS ANALYZER Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, nexusAnalyzerEnabled); if (nexusUrl != null && !nexusUrl.isEmpty()) { Settings.setString(Settings.KEYS.ANALYZER_NEXUS_URL, nexusUrl); } Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_PROXY, nexusUsesProxy); + //ARCHIVE ANALYZER + Settings.setBoolean(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, archiveAnalyzerEnabled); + if (zipExtensions != null && !zipExtensions.isEmpty()) { + Settings.setString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, zipExtensions); + } + //ASSEMBLY ANALYZER + Settings.setBoolean(Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED, assemblyAnalyzerEnabled); + if (pathToMono != null && !pathToMono.isEmpty()) { + Settings.setString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, pathToMono); + } + if (databaseDriverName != null && !databaseDriverName.isEmpty()) { Settings.setString(Settings.KEYS.DB_DRIVER_NAME, databaseDriverName); } @@ -927,9 +1020,6 @@ public class DependencyCheckTask extends Task { if (databasePassword != null && !databasePassword.isEmpty()) { Settings.setString(Settings.KEYS.DB_PASSWORD, databasePassword); } - if (zipExtensions != null && !zipExtensions.isEmpty()) { - Settings.setString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, zipExtensions); - } if (cveUrl12Modified != null && !cveUrl12Modified.isEmpty()) { Settings.setString(Settings.KEYS.CVE_MODIFIED_12_URL, cveUrl12Modified); } @@ -942,9 +1032,6 @@ public class DependencyCheckTask extends Task { if (cveUrl20Base != null && !cveUrl20Base.isEmpty()) { Settings.setString(Settings.KEYS.CVE_SCHEMA_2_0, cveUrl20Base); } - if (pathToMono != null && !pathToMono.isEmpty()) { - Settings.setString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, pathToMono); - } } /** @@ -1036,4 +1123,18 @@ public class DependencyCheckTask extends Task { return values; } } + + /** + * Whether or not the Jar Analyzer is enabled. + */ + private boolean jarAnalyzerEnabled = true; + + /** + * Returns whether or not the analyzer is enabled. + * + * @return true if the analyzer is enabled + */ + public boolean isJarAnalyzerEnabled() { + return jarAnalyzerEnabled; + } } diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java index fd4981e6e..f76924810 100644 --- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java +++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java @@ -158,6 +158,10 @@ public class App { final String dataDirectory = cli.getDataDirectory(); final File propertiesFile = cli.getPropertiesFile(); final String suppressionFile = cli.getSuppressionFile(); + final boolean jarDisabled = cli.isJarDisabled(); + final boolean archiveDisabled = cli.isArchiveDisabled(); + final boolean assemblyDisabled = cli.isAssemblyDisabled(); + final boolean nuspecDisabled = cli.isNuspecDisabled(); final boolean nexusDisabled = cli.isNexusDisabled(); final String nexusUrl = cli.getNexusUrl(); final String databaseDriverName = cli.getDatabaseDriverName(); @@ -216,6 +220,13 @@ public class App { if (suppressionFile != null && !suppressionFile.isEmpty()) { Settings.setString(Settings.KEYS.SUPPRESSION_FILE, suppressionFile); } + + //File Type Analyzer Settings + Settings.setBoolean(Settings.KEYS.ANALYZER_JAR_ENABLED, !jarDisabled); + Settings.setBoolean(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, !archiveDisabled); + Settings.setBoolean(Settings.KEYS.ANALYZER_NUSPEC_ENABLED, !nuspecDisabled); + Settings.setBoolean(Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED, !assemblyDisabled); + Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, !nexusDisabled); if (nexusUrl != null && !nexusUrl.isEmpty()) { Settings.setString(Settings.KEYS.ANALYZER_NEXUS_URL, nexusUrl); diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java index f19e917b4..ab00565f2 100644 --- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java +++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java @@ -19,7 +19,6 @@ package org.owasp.dependencycheck.cli; import java.io.File; import java.io.FileNotFoundException; - import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLineParser; import org.apache.commons.cli.HelpFormatter; @@ -272,6 +271,19 @@ public final class CliParser { .withDescription("The path to the database driver; note, this does not need to be set unless the JAR is outside of the classpath.") .create(); + final Option disableJarAnalyzer = OptionBuilder.withLongOpt(ArgumentName.DISABLE_JAR) + .withDescription("Disable the Jar Analyzer.") + .create(); + final Option disableArchiveAnalyzer = OptionBuilder.withLongOpt(ArgumentName.DISABLE_ARCHIVE) + .withDescription("Disable the Archive Analyzer.") + .create(); + final Option disableNuspecAnalyzer = OptionBuilder.withLongOpt(ArgumentName.DISABLE_NUSPEC) + .withDescription("Disable the Nuspec Analyzer.") + .create(); + final Option disableAssemblyAnalyzer = OptionBuilder.withLongOpt(ArgumentName.DISABLE_ASSEMBLY) + .withDescription("Disable the .NET Assembly Analyzer.") + .create(); + final Option disableNexusAnalyzer = OptionBuilder.withLongOpt(ArgumentName.DISABLE_NEXUS) .withDescription("Disable the Nexus Analyzer.") .create(); @@ -305,6 +317,10 @@ public final class CliParser { .addOption(dbPassword) .addOption(dbDriver) .addOption(dbDriverPath) + .addOption(disableJarAnalyzer) + .addOption(disableArchiveAnalyzer) + .addOption(disableAssemblyAnalyzer) + .addOption(disableNuspecAnalyzer) .addOption(disableNexusAnalyzer) .addOption(nexusUrl) .addOption(nexusUsesProxy) @@ -339,6 +355,42 @@ public final class CliParser { return (line != null) && isValid && line.hasOption(ArgumentName.SCAN); } + /** + * Returns true if the disableJar command line argument was specified. + * + * @return true if the disableJar command line argument was specified; otherwise false + */ + public boolean isJarDisabled() { + return (line != null) && line.hasOption(ArgumentName.DISABLE_JAR); + } + + /** + * Returns true if the disableArchive command line argument was specified. + * + * @return true if the disableArchive command line argument was specified; otherwise false + */ + public boolean isArchiveDisabled() { + return (line != null) && line.hasOption(ArgumentName.DISABLE_ARCHIVE); + } + + /** + * Returns true if the disableNuspec command line argument was specified. + * + * @return true if the disableNuspec command line argument was specified; otherwise false + */ + public boolean isNuspecDisabled() { + return (line != null) && line.hasOption(ArgumentName.DISABLE_NUSPEC); + } + + /** + * Returns true if the disableAssembly command line argument was specified. + * + * @return true if the disableAssembly command line argument was specified; otherwise false + */ + public boolean isAssemblyDisabled() { + return (line != null) && line.hasOption(ArgumentName.DISABLE_ASSEMBLY); + } + /** * Returns true if the disableNexus command line argument was specified. * @@ -737,6 +789,22 @@ public final class CliParser { * The CLI argument name for setting the location of the suppression file. */ public static final String SUPPRESION_FILE = "suppression"; + /** + * Disables the Jar Analyzer. + */ + public static final String DISABLE_JAR = "disableJar"; + /** + * Disables the Archive Analyzer. + */ + public static final String DISABLE_ARCHIVE = "disableArchive"; + /** + * Disables the Assembly Analyzer. + */ + public static final String DISABLE_ASSEMBLY = "disableAssembly"; + /** + * Disables the Nuspec Analyzer. + */ + public static final String DISABLE_NUSPEC = "disableNuspec"; /** * Disables the Nexus Analyzer. */ diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java index 937e8754c..e447b51cf 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java @@ -152,10 +152,16 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR @Deprecated private String proxyUrl = null; + /** + * The maven settings. + */ @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"}) @Parameter(property = "mavenSettings", defaultValue = "${settings}", required = false) private org.apache.maven.settings.Settings mavenSettings; + /** + * The maven settings proxy id. + */ @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"}) @Parameter(property = "mavenSettingsProxyId", required = false) private String mavenSettingsProxyId; @@ -205,6 +211,35 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"}) @Parameter(property = "showSummary", defaultValue = "true", required = false) private boolean showSummary = true; + + /** + * Whether or not the Jar Analyzer is enabled. + */ + @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"}) + @Parameter(property = "jarAnalyzerEnabled", defaultValue = "true", required = false) + private boolean jarAnalyzerEnabled = true; + + /** + * Whether or not the Archive Analyzer is enabled. + */ + @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"}) + @Parameter(property = "archiveAnalyzerEnabled", defaultValue = "true", required = false) + private boolean archiveAnalyzerEnabled = true; + + /** + * Whether or not the .NET Assembly Analyzer is enabled. + */ + @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"}) + @Parameter(property = "assemblyAnalyzerEnabled", defaultValue = "true", required = false) + private boolean assemblyAnalyzerEnabled = true; + + /** + * Whether or not the .NET Nuspec Analyzer is enabled. + */ + @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"}) + @Parameter(property = "nuspecAnalyzerEnabled", defaultValue = "true", required = false) + private boolean nuspecAnalyzerEnabled = true; + /** * Whether or not the Nexus Analyzer is enabled. */ @@ -740,13 +775,24 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR } // + /** + * Returns the maven settings proxy url. + * + * @param proxy the maven proxy + * @return the proxy url + */ private String getMavenSettingsProxyUrl(Proxy proxy) { return new StringBuilder(proxy.getProtocol()).append("://").append(proxy.getHost()).toString(); } + /** + * Returns the maven proxy. + * + * @return the maven proxy + */ private Proxy getMavenProxy() { if (mavenSettings != null) { - List proxies = mavenSettings.getProxies(); + final List proxies = mavenSettings.getProxies(); if (proxies != null && proxies.size() > 0) { if (mavenSettingsProxyId != null) { for (Proxy proxy : proxies) { @@ -761,7 +807,6 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR } } } - return null; } @@ -789,12 +834,12 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate); - Proxy proxy = getMavenProxy(); + final Proxy proxy = getMavenProxy(); if (proxy != null) { Settings.setString(Settings.KEYS.PROXY_URL, getMavenSettingsProxyUrl(proxy)); Settings.setString(Settings.KEYS.PROXY_PORT, Integer.toString(proxy.getPort())); - String userName = proxy.getUsername(); - String password = proxy.getPassword(); + final String userName = proxy.getUsername(); + final String password = proxy.getPassword(); if (userName != null && password != null) { Settings.setString(Settings.KEYS.PROXY_USERNAME, userName); Settings.setString(Settings.KEYS.PROXY_PASSWORD, password); @@ -819,11 +864,30 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR if (suppressionFile != null && !suppressionFile.isEmpty()) { Settings.setString(Settings.KEYS.SUPPRESSION_FILE, suppressionFile); } + + //File Type Analyzer Settings + //JAR ANALYZER + Settings.setBoolean(Settings.KEYS.ANALYZER_JAR_ENABLED, jarAnalyzerEnabled); + //NUSPEC ANALYZER + Settings.setBoolean(Settings.KEYS.ANALYZER_NUSPEC_ENABLED, nuspecAnalyzerEnabled); + //NEXUS ANALYZER Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, nexusAnalyzerEnabled); if (nexusUrl != null && !nexusUrl.isEmpty()) { Settings.setString(Settings.KEYS.ANALYZER_NEXUS_URL, nexusUrl); } Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_PROXY, nexusUsesProxy); + //ARCHIVE ANALYZER + Settings.setBoolean(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, archiveAnalyzerEnabled); + if (zipExtensions != null && !zipExtensions.isEmpty()) { + Settings.setString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, zipExtensions); + } + //ASSEMBLY ANALYZER + Settings.setBoolean(Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED, assemblyAnalyzerEnabled); + if (pathToMono != null && !pathToMono.isEmpty()) { + Settings.setString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, pathToMono); + } + + //Database configuration if (databaseDriverName != null && !databaseDriverName.isEmpty()) { Settings.setString(Settings.KEYS.DB_DRIVER_NAME, databaseDriverName); } @@ -839,8 +903,9 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR if (databasePassword != null && !databasePassword.isEmpty()) { Settings.setString(Settings.KEYS.DB_PASSWORD, databasePassword); } - if (zipExtensions != null && !zipExtensions.isEmpty()) { - Settings.setString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, zipExtensions); + // Data Directory + if (dataDirectory != null && !dataDirectory.isEmpty()) { + Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDirectory); } // Scope Exclusion @@ -848,11 +913,6 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR Settings.setBoolean(Settings.KEYS.SKIP_RUNTIME_SCOPE, skipRuntimeScope); Settings.setBoolean(Settings.KEYS.SKIP_PROVIDED_SCOPE, skipProvidedScope); - // Data Directory - if (dataDirectory != null && !dataDirectory.isEmpty()) { - Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDirectory); - } - // CVE Data Mirroring if (cveUrl12Modified != null && !cveUrl12Modified.isEmpty()) { Settings.setString(Settings.KEYS.CVE_MODIFIED_12_URL, cveUrl12Modified); @@ -866,9 +926,7 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR if (cveUrl20Base != null && !cveUrl20Base.isEmpty()) { Settings.setString(Settings.KEYS.CVE_SCHEMA_2_0, cveUrl20Base); } - if (pathToMono != null && !pathToMono.isEmpty()) { - Settings.setString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, pathToMono); - } + } /**