mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-25 02:21:28 +01:00
added a scan artifacts method to enable scanning of a MavenProject as part of resolution for issue #173
Former-commit-id: 7db9d35d2b0327ed678502bd8ad3c9050613eefb
This commit is contained in:
Jeremy Long
@@ -42,9 +42,11 @@ import org.apache.maven.project.MavenProject;
|
|||||||
import org.apache.maven.reporting.MavenReport;
|
import org.apache.maven.reporting.MavenReport;
|
||||||
import org.apache.maven.reporting.MavenReportException;
|
import org.apache.maven.reporting.MavenReportException;
|
||||||
import org.apache.maven.settings.Proxy;
|
import org.apache.maven.settings.Proxy;
|
||||||
|
import org.owasp.dependencycheck.data.nexus.MavenArtifact;
|
||||||
import org.owasp.dependencycheck.data.nvdcve.CveDB;
|
import org.owasp.dependencycheck.data.nvdcve.CveDB;
|
||||||
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
|
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
|
||||||
import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
|
import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
|
||||||
|
import org.owasp.dependencycheck.dependency.Confidence;
|
||||||
import org.owasp.dependencycheck.dependency.Dependency;
|
import org.owasp.dependencycheck.dependency.Dependency;
|
||||||
import org.owasp.dependencycheck.dependency.Identifier;
|
import org.owasp.dependencycheck.dependency.Identifier;
|
||||||
import org.owasp.dependencycheck.dependency.Vulnerability;
|
import org.owasp.dependencycheck.dependency.Vulnerability;
|
||||||
@@ -406,6 +408,34 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Scans the project's artifacts and adds them to the engine's dependency list.
|
||||||
|
*
|
||||||
|
* @param project the project to scan the dependencies of
|
||||||
|
* @param engine the engine to use to scan the dependencies
|
||||||
|
*/
|
||||||
|
protected void scanArtifacts(MavenProject project, Engine engine) {
|
||||||
|
for (Artifact a : project.getArtifacts()) {
|
||||||
|
if (excludeFromScan(a)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
final List<Dependency> deps = engine.scan(a.getFile().getAbsoluteFile());
|
||||||
|
if (deps != null) {
|
||||||
|
if (deps.size() == 1) {
|
||||||
|
final Dependency d = deps.get(0);
|
||||||
|
if (d != null) {
|
||||||
|
final MavenArtifact ma = new MavenArtifact(a.getGroupId(), a.getArtifactId(), a.getVersion());
|
||||||
|
d.addAsEvidence("pom", ma, Confidence.HIGHEST);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
final String msg = String.format("More then 1 dependency was identified in first pass scan of '%s:%s:%s'",
|
||||||
|
a.getGroupId(), a.getArtifactId(), a.getVersion());
|
||||||
|
LOGGER.info(msg);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Executes the dependency-check scan and generates the necassary report.
|
* Executes the dependency-check scan and generates the necassary report.
|
||||||
*
|
*
|
||||||
|
|||||||
Reference in New Issue
Block a user