github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-27 03:21:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

initial addition of available version numbers

Browse Source
This commit is contained in:
Jeremy Long
2017-08-19 16:57:32 -04:00
parent 6567c971e1
commit d06d561a55
1 changed files with 17 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
View File

@@ -26,6 +26,7 @@ import java.util.List;
import java.util.Locale; import java.util.Locale;
import org.apache.maven.artifact.Artifact; import org.apache.maven.artifact.Artifact;
import org.apache.maven.artifact.repository.ArtifactRepository; import org.apache.maven.artifact.repository.ArtifactRepository;
import org.apache.maven.artifact.versioning.ArtifactVersion;
import org.apache.maven.doxia.sink.Sink; import org.apache.maven.doxia.sink.Sink;
import org.apache.maven.execution.MavenSession; import org.apache.maven.execution.MavenSession;
import org.apache.maven.plugin.AbstractMojo; import org.apache.maven.plugin.AbstractMojo;
@@ -497,15 +498,14 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
private Filter<String> artifactTypeExcluded; private Filter<String> artifactTypeExcluded;
/** /**
* An array of <code>fileSet</code>s that specify additional files and/or directories * An array of <code>fileSet</code>s that specify additional files and/or
* (from the basedir) to analyze as part of the scan. If not specified, defaults to * directories (from the basedir) to analyze as part of the scan. If not
* Maven conventions of: * specified, defaults to Maven conventions of: src/main/resources,
* src/main/resources, src/main/filters, and src/main/webapp * src/main/filters, and src/main/webapp
*/ */
@Parameter(property = "scanSet", required = false) @Parameter(property = "scanSet", required = false)
private FileSet[] scanSet; private FileSet[] scanSet;
// </editor-fold> // </editor-fold>
//<editor-fold defaultstate="collapsed" desc="Base Maven implementation"> //<editor-fold defaultstate="collapsed" desc="Base Maven implementation">
/** /**
@@ -688,6 +688,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
String artifactId = null; String artifactId = null;
String groupId = null; String groupId = null;
String version = null; String version = null;
List<ArtifactVersion> availableVersions = null;
if (org.apache.maven.artifact.Artifact.SCOPE_SYSTEM.equals(dependencyNode.getArtifact().getScope())) { if (org.apache.maven.artifact.Artifact.SCOPE_SYSTEM.equals(dependencyNode.getArtifact().getScope())) {
for (org.apache.maven.model.Dependency d : project.getDependencies()) { for (org.apache.maven.model.Dependency d : project.getDependencies()) {
final Artifact a = dependencyNode.getArtifact(); final Artifact a = dependencyNode.getArtifact();
@@ -698,6 +699,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
groupId = a.getGroupId(); groupId = a.getGroupId();
artifactId = a.getArtifactId(); artifactId = a.getArtifactId();
version = a.getVersion(); version = a.getVersion();
availableVersions = a.getAvailableVersions();
break; break;
} }
} }
@@ -717,6 +719,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
groupId = result.getGroupId(); groupId = result.getGroupId();
artifactId = result.getArtifactId(); artifactId = result.getArtifactId();
version = result.getVersion(); version = result.getVersion();
availableVersions = result.getAvailableVersions();
} }
if (isResolved && artifactFile != null) { if (isResolved && artifactFile != null) {
final List<Dependency> deps = engine.scan(artifactFile.getAbsoluteFile(), final List<Dependency> deps = engine.scan(artifactFile.getAbsoluteFile(),
@@ -727,11 +730,14 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
if (d != null) { if (d != null) {
final MavenArtifact ma = new MavenArtifact(groupId, artifactId, version); final MavenArtifact ma = new MavenArtifact(groupId, artifactId, version);
d.addAsEvidence("pom", ma, Confidence.HIGHEST); d.addAsEvidence("pom", ma, Confidence.HIGHEST);
if (getLog().isDebugEnabled()) { if (availableVersions != null) {
for (ArtifactVersion av : availableVersions) {
d.addAvailableVersion(av.toString());
}
}
getLog().debug(String.format("Adding project reference %s on dependency %s", getLog().debug(String.format("Adding project reference %s on dependency %s",
project.getName(), d.getDisplayFileName())); project.getName(), d.getDisplayFileName()));
} }
}
} else if (getLog().isDebugEnabled()) { } else if (getLog().isDebugEnabled()) {
final String msg = String.format("More than 1 dependency was identified in first pass scan of '%s' in project %s", final String msg = String.format("More than 1 dependency was identified in first pass scan of '%s' in project %s",
dependencyNode.getArtifact().getId(), project.getName()); dependencyNode.getArtifact().getId(), project.getName());