github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 00:03:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

added a scan artifacts method to enable scanning of a MavenProject as part of resolution for issue #173

Browse Source 
Former-commit-id: 7db9d35d2b0327ed678502bd8ad3c9050613eefb
This commit is contained in:
Jeremy Long
2014-12-26 07:09:11 -05:00
parent 80a89ef6d1
commit d42a1c6ab1
1 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
View File

@@ -42,9 +42,11 @@ import org.apache.maven.project.MavenProject;
import org.apache.maven.reporting.MavenReport;
import org.apache.maven.reporting.MavenReportException;
import org.apache.maven.settings.Proxy;
import org.owasp.dependencycheck.data.nexus.MavenArtifact;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Identifier;
import org.owasp.dependencycheck.dependency.Vulnerability;
@@ -406,6 +408,34 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
}
}
/**
* Scans the project's artifacts and adds them to the engine's dependency list.
*
* @param project the project to scan the dependencies of
* @param engine the engine to use to scan the dependencies
*/
protected void scanArtifacts(MavenProject project, Engine engine) {
for (Artifact a : project.getArtifacts()) {
if (excludeFromScan(a)) {
continue;
}
final List<Dependency> deps = engine.scan(a.getFile().getAbsoluteFile());
if (deps != null) {
if (deps.size() == 1) {
final Dependency d = deps.get(0);
if (d != null) {
final MavenArtifact ma = new MavenArtifact(a.getGroupId(), a.getArtifactId(), a.getVersion());
d.addAsEvidence("pom", ma, Confidence.HIGHEST);
}
} else {
final String msg = String.format("More then 1 dependency was identified in first pass scan of '%s:%s:%s'",
a.getGroupId(), a.getArtifactId(), a.getVersion());
LOGGER.info(msg);
}
}
}
}
/**
* Executes the dependency-check scan and generates the necassary report.
*