Add an update only option

Former-commit-id: 67253232762acb61e1400dc60443e556f71db874
2026-01-16 08:36:55 +01:00 · 2015-03-28 12:17:24 -04:00
parent f247978d12
commit d0401f3f8d
10 changed files with 300 additions and 98 deletions
--- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
+++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
@@ -95,6 +95,9 @@ public class App {

        if (cli.isGetVersion()) {
            cli.printVersionInfo();
+        } else if (cli.isUpdateOnly()) {
+            populateSettings(cli);
+            runUpdateOnly();
        } else if (cli.isRunScan()) {
            populateSettings(cli);
            try {
@@ -212,11 +215,29 @@ public class App {
        }
    }

+    /**
+     * Only executes the update phase of dependency-check.
+     */
+    private void runUpdateOnly() {
+        Engine engine = null;
+        try {
+            engine = new Engine();
+            engine.doUpdates();
+        } catch (DatabaseException ex) {
+            LOGGER.log(Level.SEVERE, "Unable to connect to the dependency-check database; analysis has stopped");
+            LOGGER.log(Level.FINE, "", ex);
+        } finally {
+            if (engine != null) {
+                engine.cleanup();
+            }
+        }
+    }
+
    /**
     * Updates the global Settings.
     *
-     * @param cli a reference to the CLI Parser that contains the command line arguments used to set the corresponding
-     * settings in the core engine.
+     * @param cli a reference to the CLI Parser that contains the command line arguments used to set the corresponding settings in
+     * the core engine.
     */
    private void populateSettings(CliParser cli) {

--- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
+++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
@@ -266,6 +266,9 @@ public final class CliParser {
    @SuppressWarnings("static-access")
    private void addAdvancedOptions(final Options options) throws IllegalArgumentException {

+        final Option updateOnly = OptionBuilder.withLongOpt(ARGUMENT.UPDATE_ONLY)
+                .withDescription("Only update the local NVD data cache; no scan will be executed.").create();
+
        final Option data = OptionBuilder.withArgName("path").hasArg().withLongOpt(ARGUMENT.DATA_DIRECTORY)
                .withDescription("The location of the H2 Database file. This option should generally not be set.")
                .create(ARGUMENT.DATA_DIRECTORY_SHORT);
@@ -319,6 +322,7 @@ public final class CliParser {
        final Option disableNuspecAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_NUSPEC)
                .withDescription("Disable the Nuspec Analyzer.")
                .create();
+
        final Option disableAssemblyAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_ASSEMBLY)
                .withDescription("Disable the .NET Assembly Analyzer.")
                .create();
@@ -350,7 +354,8 @@ public final class CliParser {
                .withDescription("The path to Mono for .NET Assembly analysis on non-windows systems.")
                .create();

-        options.addOption(proxyPort)
+        options.addOption(updateOnly)
+                .addOption(proxyPort)
                .addOption(proxyServer)
                .addOption(proxyUsername)
                .addOption(proxyPassword)
@@ -689,12 +694,21 @@ public final class CliParser {
    /**
     * Checks if the auto update feature has been disabled. If it has been disabled via the command line this will return false.
     *
-     * @return if auto-update is allowed.
+     * @return <code>true</code> if auto-update is allowed; otherwise <code>false</code>
     */
    public boolean isAutoUpdate() {
        return (line == null) || !line.hasOption(ARGUMENT.DISABLE_AUTO_UPDATE);
    }

+    /**
+     * Checks if the update only flag has been set.
+     *
+     * @return <code>true</code> if the update only flag has been set; otherwise <code>false</code>.
+     */
+    public boolean isUpdateOnly() {
+        return (line == null) || line.hasOption(ARGUMENT.UPDATE_ONLY);
+    }
+
    /**
     * Returns the database driver name if specified; otherwise null is returned.
     *
@@ -770,6 +784,10 @@ public final class CliParser {
         * The short CLI argument name specifying that the CPE/CVE/etc. data should not be automatically updated.
         */
        public static final String DISABLE_AUTO_UPDATE_SHORT = "n";
+        /**
+         * The long CLI argument name specifying that only the update phase should be executed; no scan should be run.
+         */
+        public static final String UPDATE_ONLY = "updateonly";
        /**
         * The long CLI argument name specifying the directory to write the reports to.
         */