From d42a1c6ab180a4a03a2442414ce74ca04dfc15c8 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Fri, 26 Dec 2014 07:09:11 -0500
Subject: [PATCH] added a scan artifacts method to enable scanning of a
 MavenProject as part of resolution for issue #173

Former-commit-id: 7db9d35d2b0327ed678502bd8ad3c9050613eefb
---
 .../maven/BaseDependencyCheckMojo.java        | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
index 6e7625d3a..8a670bb9c 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
@@ -42,9 +42,11 @@ import org.apache.maven.project.MavenProject;
 import org.apache.maven.reporting.MavenReport;
 import org.apache.maven.reporting.MavenReportException;
 import org.apache.maven.settings.Proxy;
+import org.owasp.dependencycheck.data.nexus.MavenArtifact;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
+import org.owasp.dependencycheck.dependency.Confidence;
 import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.dependency.Identifier;
 import org.owasp.dependencycheck.dependency.Vulnerability;
@@ -406,6 +408,34 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
         }
     }
 
+    /**
+     * Scans the project's artifacts and adds them to the engine's dependency list.
+     *
+     * @param project the project to scan the dependencies of
+     * @param engine the engine to use to scan the dependencies
+     */
+    protected void scanArtifacts(MavenProject project, Engine engine) {
+        for (Artifact a : project.getArtifacts()) {
+            if (excludeFromScan(a)) {
+                continue;
+            }
+            final List<Dependency> deps = engine.scan(a.getFile().getAbsoluteFile());
+            if (deps != null) {
+                if (deps.size() == 1) {
+                    final Dependency d = deps.get(0);
+                    if (d != null) {
+                        final MavenArtifact ma = new MavenArtifact(a.getGroupId(), a.getArtifactId(), a.getVersion());
+                        d.addAsEvidence("pom", ma, Confidence.HIGHEST);
+                    }
+                } else {
+                    final String msg = String.format("More then 1 dependency was identified in first pass scan of '%s:%s:%s'",
+                            a.getGroupId(), a.getArtifactId(), a.getVersion());
+                    LOGGER.info(msg);
+                }
+            }
+        }
+    }
+
     /**
      * Executes the dependency-check scan and generates the necassary report.
      *