Add an update only option

Former-commit-id: 67253232762acb61e1400dc60443e556f71db874

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/Engine.java

@@ -27,8 +27,8 @@ import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 import org.owasp.dependencycheck.utils.Settings;
 
 /**
- * A modified version of the core engine specifically designed to persist some
- * data between multiple executions of a multi-module Maven project.
+ * A modified version of the core engine specifically designed to persist some data between multiple executions of a multi-module
+ * Maven project.
  *
  * @author Jeremy Long <jeremy.long@owasp.org>
  */
@@ -51,8 +51,7 @@ public class Engine extends org.owasp.dependencycheck.Engine {
      */
     private List<MavenProject> reactorProjects;
     /**
-     * Key used in the MavenProject context values to note whether or not an
-     * update has been executed.
+     * Key used in the MavenProject context values to note whether or not an update has been executed.
      */
     public static final String UPDATE_EXECUTED_FLAG = "dependency-check-update-executed";
 
@@ -60,10 +59,8 @@ public class Engine extends org.owasp.dependencycheck.Engine {
      * Creates a new Engine to perform anyalsis on dependencies.
      *
      * @param project the current Maven project
-     * @param reactorProjects the reactor projects for the current Maven
-     * execution
-     * @throws DatabaseException thrown if there is an issue connecting to the
-     * database
+     * @param reactorProjects the reactor projects for the current Maven execution
+     * @throws DatabaseException thrown if there is an issue connecting to the database
      */
     public Engine(MavenProject project, List<MavenProject> reactorProjects) throws DatabaseException {
         this.currentProject = project;
@@ -91,18 +88,28 @@ public class Engine extends org.owasp.dependencycheck.Engine {
         }
     }
 
+    /**
+     * Runs the update steps of dependency-check.
+     */
+    public void update() {
+        final MavenProject root = getExecutionRoot();
+        if (root != null && root.getContextValue(UPDATE_EXECUTED_FLAG) != null) {
+            System.setProperty(Settings.KEYS.AUTO_UPDATE, Boolean.FALSE.toString());
+        }
+        this.doUpdates();
+    }
+
     /**
      * This constructor should not be called. Use Engine(MavenProject) instead.
      *
-     * @throws DatabaseException thrown if there is an issue connecting to the
-     * database
+     * @throws DatabaseException thrown if there is an issue connecting to the database
      */
     private Engine() throws DatabaseException {
     }
 
     /**
-     * Initializes the given analyzer. This skips the initialization of the
-     * CPEAnalyzer if it has been initialized by a previous execution.
+     * Initializes the given analyzer. This skips the initialization of the CPEAnalyzer if it has been initialized by a previous
+     * execution.
      *
      * @param analyzer the analyzer to initialize
      * @return the initialized analyzer
@@ -121,8 +128,7 @@ public class Engine extends org.owasp.dependencycheck.Engine {
     }
 
     /**
-     * Releases resources used by the analyzers by calling close() on each
-     * analyzer.
+     * Releases resources used by the analyzers by calling close() on each analyzer.
      */
     @Override
     public void cleanup() {
@@ -209,10 +215,8 @@ public class Engine extends org.owasp.dependencycheck.Engine {
     }
 
     /**
-     * Resets the file type analyzers so that they can be re-used to scan
-     * additional directories. Without the reset the analyzer might be disabled
-     * because the first scan/analyze did not identify any files that could be
-     * processed by the analyzer.
+     * Resets the file type analyzers so that they can be re-used to scan additional directories. Without the reset the analyzer
+     * might be disabled because the first scan/analyze did not identify any files that could be processed by the analyzer.
      */
     public void resetFileTypeAnalyzers() {
         for (FileTypeAnalyzer a : getFileTypeAnalyzers()) {

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/UpdateMojo.java

@@ -0,0 +1,101 @@
+/*
+ * This file is part of dependency-check-maven.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.maven;
+
+import java.util.Locale;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import org.apache.maven.artifact.Artifact;
+import org.apache.maven.plugin.MojoExecutionException;
+import org.apache.maven.plugin.MojoFailureException;
+import org.apache.maven.plugins.annotations.LifecyclePhase;
+import org.apache.maven.plugins.annotations.Mojo;
+import org.apache.maven.plugins.annotations.ResolutionScope;
+import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
+import org.owasp.dependencycheck.utils.Settings;
+
+/**
+ * Maven Plugin that checks the project dependencies to see if they have any known published vulnerabilities.
+ *
+ * @author Jeremy Long <jeremy.long@owasp.org>
+ */
+@Mojo(
+        name = "update-only",
+        defaultPhase = LifecyclePhase.GENERATE_RESOURCES,
+        threadSafe = true,
+        requiresDependencyResolution = ResolutionScope.NONE,
+        requiresOnline = true
+)
+public class UpdateMojo extends BaseDependencyCheckMojo {
+
+    /**
+     * Logger field reference.
+     */
+    private static final Logger LOGGER = Logger.getLogger(UpdateMojo.class.getName());
+
+    /**
+     * Returns false; this mojo cannot generate a report.
+     *
+     * @return <code>false</code>
+     */
+    @Override
+    public boolean canGenerateReport() {
+        return false;
+    }
+
+    /**
+     * Executes the dependency-check engine on the project's dependencies and generates the report.
+     *
+     * @throws MojoExecutionException thrown if there is an exception executing the goal
+     * @throws MojoFailureException thrown if dependency-check is configured to fail the build
+     */
+    @Override
+    public void runCheck() throws MojoExecutionException, MojoFailureException {
+        final Engine engine;
+        try {
+            engine = initializeEngine();
+            engine.update();
+        } catch (DatabaseException ex) {
+            LOGGER.log(Level.FINE, "Database connection error", ex);
+            throw new MojoExecutionException("An exception occured connecting to the local database. Please see the log file for more details.", ex);
+        }
+        engine.cleanup();
+        Settings.cleanup();
+    }
+
+    /**
+     * Returns the report name.
+     *
+     * @param locale the location
+     * @return the report name
+     */
+    public String getName(Locale locale) {
+        return "dependency-check-update";
+    }
+
+    /**
+     * Gets the description of the Dependency-Check report to be displayed in the Maven Generated Reports page.
+     *
+     * @param locale The Locale to get the description for
+     * @return the description
+     */
+    public String getDescription(Locale locale) {
+        return "Updates the local cache of the NVD data from NIST.";
+    }
+
+}