Merge branch 'master' of github.com:jeremylong/DependencyCheck

dependency-check-gradle/src/main/groovy/com/tools/security/extension/DependencyCheckExtension.groovy

@@ -23,5 +23,6 @@ class DependencyCheckExtension {
     CveExtension cveExtension
 
     String outputDirectory = "./reports"
+    String suppressionFile;
     Boolean quickQueryTimestamp;
 }

dependency-check-gradle/src/main/groovy/com/tools/security/tasks/DependencyCheckTask.groovy

@@ -38,6 +38,7 @@ import static org.owasp.dependencycheck.utils.Settings.KEYS.PROXY_PASSWORD
 import static org.owasp.dependencycheck.utils.Settings.KEYS.PROXY_PORT
 import static org.owasp.dependencycheck.utils.Settings.KEYS.PROXY_SERVER
 import static org.owasp.dependencycheck.utils.Settings.KEYS.PROXY_USERNAME
+import static org.owasp.dependencycheck.utils.Settings.KEYS.SUPPRESSION_FILE
 import static org.owasp.dependencycheck.utils.Settings.setBoolean
 import static org.owasp.dependencycheck.utils.Settings.setString
 
@@ -73,6 +74,7 @@ class DependencyCheckTask extends DefaultTask {
         overrideProxySetting()
         overrideCveUrlSetting()
         overrideDownloaderSetting()
+        overrideSuppressionFile()
     }
 
     def cleanup(engine) {
@@ -145,6 +147,12 @@ class DependencyCheckTask extends DefaultTask {
         overrideBooleanSetting(DOWNLOADER_QUICK_QUERY_TIMESTAMP, config.quickQueryTimestamp)
     }
 
+    def overrideSuppressionFile() {
+        if (config.suppressionFile) {
+            overrideStringSetting(SUPPRESSION_FILE, config.suppressionFile);
+        }
+    }
+
     private overrideStringSetting(String key, String providedValue) {
         if (providedValue != null) {
             logger.lifecycle("Setting [${key}] overrided with value [${providedValue}]")

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java

@@ -931,20 +931,11 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
                         parent.getAbsolutePath()));
             }
 
-            OutputStream os = null;
-            OutputStream bos = null;
             ObjectOutputStream out = null;
             try {
                 if (dependencies != null) {
-                    os = new FileOutputStream(file);
+                    out = new ObjectOutputStream(new BufferedOutputStream(new FileOutputStream(file)));
-                    bos = new BufferedOutputStream(os);
-                    out = new ObjectOutputStream(bos);
                     out.writeObject(dependencies);
-                    out.flush();
-
-                    //call reset to prevent resource leaks per
-                    //https://www.securecoding.cert.org/confluence/display/java/SER10-J.+Avoid+memory+and+resource+leaks+during+serialization
-                    out.reset();
                 }
                 if (getLog().isDebugEnabled()) {
                     getLog().debug(String.format("Serialized data file written to '%s' for %s, referenced by key %s",
@@ -967,24 +958,6 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
                         }
                     }
                 }
-                if (bos != null) {
-                    try {
-                        bos.close();
-                    } catch (IOException ex) {
-                        if (getLog().isDebugEnabled()) {
-                            getLog().debug("ignore", ex);
-                        }
-                    }
-                }
-                if (os != null) {
-                    try {
-                        os.close();
-                    } catch (IOException ex) {
-                        if (getLog().isDebugEnabled()) {
-                            getLog().debug("ignore", ex);
-                        }
-                    }
-                }
             }
         }
     }