github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 07:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'removeMavenEngine'

Browse Source
This commit is contained in:
Jeremy Long
2016-12-03 13:48:03 -05:00
parent fe61f298f0 bfa67fcba7
commit d5c3eeaf28
14 changed files with 222 additions and 260 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dependency-check-maven/pom.xml
View File

@@ -22,7 +22,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
<artifactId>dependency-check-parent</artifactId>
<version>1.4.4</version>
</parent>
<version>1.4.4.1</version>
<artifactId>dependency-check-maven</artifactId>
<packaging>maven-plugin</packaging>
<name>Dependency-Check Maven Plugin</name>

19
dependency-check-maven/src/it/617-hierarchical-cross-deps/invoker.properties Normal file
View File

@@ -0,0 +1,19 @@
#
# This file is part of dependency-check-maven.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Copyright (c) 2014 Jeremy Long. All Rights Reserved.
#
invoker.goals = install ${project.groupId}:${project.artifactId}:${project.version}:check -e

35
dependency-check-maven/src/it/617-hierarchical-cross-deps/module-java/pom.xml Normal file
View File

@@ -0,0 +1,35 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file is part of dependency-check-maven.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Copyright (c) 2013 Jeremy Long. All Rights Reserved.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.owasp.test</groupId>
<artifactId>hierarchical-cross-deps</artifactId>
<version>1.0.0-SNAPSHOT</version>
</parent>
<artifactId>module-java</artifactId>
<packaging>jar</packaging>
<dependencies>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
</dependencies>
</project>

35
dependency-check-maven/src/it/617-hierarchical-cross-deps/module-web/pom.xml Normal file
View File

@@ -0,0 +1,35 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file is part of dependency-check-maven.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Copyright (c) 2013 Jeremy Long. All Rights Reserved.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.owasp.test</groupId>
<artifactId>hierarchical-cross-deps</artifactId>
<version>1.0.0-SNAPSHOT</version>
</parent>
<artifactId>module-web</artifactId>
<packaging>war</packaging>
<dependencies>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>module-java</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
</project>

26
dependency-check-maven/src/it/617-hierarchical-cross-deps/module-web/src/main/webapp/WEB-INF/web.xml Normal file
View File

@@ -0,0 +1,26 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file is part of dependency-check-maven.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Copyright (c) 2013 Jeremy Long. All Rights Reserved.
-->
<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>test-app</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
</web-app>

29
dependency-check-maven/src/it/617-hierarchical-cross-deps/pom.xml Normal file
View File

@@ -0,0 +1,29 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file is part of dependency-check-maven.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Copyright (c) 2013 Jeremy Long. All Rights Reserved.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.owasp.test</groupId>
<artifactId>hierarchical-cross-deps</artifactId>
<version>1.0.0-SNAPSHOT</version>
<packaging>pom</packaging>
<modules>
<module>module-java</module>
<module>module-web</module>
</modules>
</project>

28
dependency-check-maven/src/it/617-hierarchical-cross-deps/postbuild.groovy Normal file
View File

@@ -0,0 +1,28 @@
/*
* This file is part of dependency-check-maven.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright (c) 2014 Jeremy Long. All Rights Reserved.
*/
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
// Save NVD-CVE for next IT (if not already done)
File datasDwl = new File("target/local-repo/org/owasp/dependency-check-data/3.0", "dc.h2.db");
File datasSave = new File("target/nvd-cve-backup", "dc.h2.db");
if (datasDwl.exists() && !datasSave.exists()){
System.out.println("Save NVD-CVE into backup");
FileUtils.copyFile(datasDwl, datasSave);
}

28
dependency-check-maven/src/it/617-hierarchical-cross-deps/prebuild.groovy Normal file
View File

@@ -0,0 +1,28 @@
/*
* This file is part of dependency-check-maven.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright (c) 2014 Jeremy Long. All Rights Reserved.
*/
import org.apache.commons.io.FileUtils;
// Load NVD-CVE if not exist and had been saved in a previous IT
File datasDwl = new File("target/local-repo/org/owasp/dependency-check-data/3.0", "dc.h2.db");
File datasSave = new File("target/nvd-cve-backup", "dc.h2.db");
if (!datasDwl.exists() && datasSave.exists()){
System.out.println("Load NVD-CVE from backup");
FileUtils.copyFile(datasSave, datasDwl);
}

9
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
View File

@@ -30,6 +30,7 @@ import org.apache.maven.plugins.annotations.Mojo;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.plugins.annotations.ResolutionScope;
import org.apache.maven.project.MavenProject;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.exception.ExceptionCollection;
import org.owasp.dependencycheck.exception.ReportException;
@@ -62,7 +63,7 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
*/
@Override
public void runCheck() throws MojoExecutionException, MojoFailureException {
final MavenEngine engine = loadEngine();
final Engine engine = loadEngine();
if (engine == null) {
return;
}
@@ -226,14 +227,14 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
/**
* Initializes the engine.
*
* @return the MavenEngine used to execute dependency-check
* @return the Engine used to execute dependency-check
* @throws MojoExecutionException thrown if there is an exception running
* the Mojo
* @throws MojoFailureException thrown if dependency-check is configured to
* fail the build if severe CVEs are identified.
*/
protected MavenEngine loadEngine() throws MojoExecutionException, MojoFailureException {
MavenEngine engine = null;
protected Engine loadEngine() throws MojoExecutionException, MojoFailureException {
Engine engine = null;
try {
engine = initializeEngine();
} catch (DatabaseException ex) {

17
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
View File

@@ -49,6 +49,7 @@ import org.eclipse.aether.repository.RemoteRepository;
import org.eclipse.aether.resolution.ArtifactRequest;
import org.eclipse.aether.resolution.ArtifactResolutionException;
import org.eclipse.aether.resolution.ArtifactResult;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.nexus.MavenArtifact;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
@@ -598,7 +599,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* @return a collection of exceptions that may have occurred while resolving
* and scanning the dependencies
*/
protected ExceptionCollection scanArtifacts(MavenProject project, MavenEngine engine) {
protected ExceptionCollection scanArtifacts(MavenProject project, Engine engine) {
// <editor-fold defaultstate="collapsed" desc="old implementation">
/*
for (Artifact a : project.getArtifacts()) {
@@ -648,7 +649,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* @return a collection of exceptions that may have occurred while resolving
* and scanning the dependencies
*/
private ExceptionCollection collectDependencies(MavenEngine engine, MavenProject project, List<DependencyNode> nodes) {
private ExceptionCollection collectDependencies(Engine engine, MavenProject project, List<DependencyNode> nodes) {
ExceptionCollection exCol = null;
for (DependencyNode dependencyNode : nodes) {
exCol = collectDependencies(engine, project, dependencyNode.getChildren());
@@ -793,14 +794,14 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
//</editor-fold>
/**
* Initializes a new <code>MavenEngine</code> that can be used for scanning.
* Initializes a new <code>Engine</code> that can be used for scanning.
*
* @return a newly instantiated <code>MavenEngine</code>
* @return a newly instantiated <code>Engine</code>
* @throws DatabaseException thrown if there is a database exception
*/
protected MavenEngine initializeEngine() throws DatabaseException {
protected Engine initializeEngine() throws DatabaseException {
populateSettings();
return new MavenEngine(this.project, this.reactorProjects);
return new Engine();
}
/**
@@ -1023,7 +1024,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* @param outputDir the directory path to write the report(s)
* @throws ReportException thrown if there is an error writing the report
*/
protected void writeReports(MavenEngine engine, MavenProject p, File outputDir) throws ReportException {
protected void writeReports(Engine engine, MavenProject p, File outputDir) throws ReportException {
DatabaseProperties prop = null;
CveDB cve = null;
try {
@@ -1211,7 +1212,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
* scan data between the "check" and "aggregate" phase.
*
* @param project the Maven project to read the data file from
* @return a <code>MavenEngine</code> object populated with dependencies if
* @return a <code>Engine</code> object populated with dependencies if
* the serialized data file exists; otherwise <code>null</code> is returned
*/
protected List<Dependency> readDataFile(MavenProject project) {

3
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/CheckMojo.java
View File

@@ -25,6 +25,7 @@ import org.apache.maven.plugins.annotations.LifecyclePhase;
import org.apache.maven.plugins.annotations.Mojo;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.plugins.annotations.ResolutionScope;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.exception.ExceptionCollection;
import org.owasp.dependencycheck.exception.ReportException;
@@ -74,7 +75,7 @@ public class CheckMojo extends BaseDependencyCheckMojo {
*/
@Override
public void runCheck() throws MojoExecutionException, MojoFailureException {
MavenEngine engine = null;
Engine engine = null;
try {
engine = initializeEngine();
} catch (DatabaseException ex) {

243
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/MavenEngine.java
View File

@@ -1,243 +0,0 @@
/*
* This file is part of dependency-check-maven.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright (c) 2014 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.maven;
import java.util.List;
import org.apache.maven.project.MavenProject;
import org.owasp.dependencycheck.analyzer.Analyzer;
import org.owasp.dependencycheck.analyzer.CPEAnalyzer;
import org.owasp.dependencycheck.analyzer.FileTypeAnalyzer;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.data.update.exception.UpdateException;
import org.owasp.dependencycheck.exception.ExceptionCollection;
import org.owasp.dependencycheck.exception.InitializationException;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* A modified version of the core engine specifically designed to persist some
* data between multiple executions of a multi-module Maven project.
*
* @author Jeremy Long
*/
public class MavenEngine extends org.owasp.dependencycheck.Engine {
/**
* The logger.
*/
private static final transient Logger LOGGER = LoggerFactory.getLogger(MavenEngine.class);
/**
* A key used to persist an object in the MavenProject.
*/
private static final String CPE_ANALYZER_KEY = "dependency-check-CPEAnalyzer";
/**
* The current MavenProject.
*/
private MavenProject currentProject;
/**
* The list of MavenProjects that are part of the current build.
*/
private List<MavenProject> reactorProjects;
/**
* Key used in the MavenProject context values to note whether or not an
* update has been executed.
*/
public static final String UPDATE_EXECUTED_FLAG = "dependency-check-update-executed";
/**
* Creates a new Engine to perform analysis on dependencies.
*
* @param project the current Maven project
* @param reactorProjects the reactor projects for the current Maven
* execution
* @throws DatabaseException thrown if there is an issue connecting to the
* database
*/
public MavenEngine(MavenProject project, List<MavenProject> reactorProjects) throws DatabaseException {
this.currentProject = project;
this.reactorProjects = reactorProjects;
initializeEngine();
}
/**
* Runs the analyzers against all of the dependencies.
*
* @throws ExceptionCollection thrown if an exception occurred; contains a
* collection of exceptions that occurred during analysis.
*/
@Override
public void analyzeDependencies() throws ExceptionCollection {
final MavenProject root = getExecutionRoot();
if (root != null) {
LOGGER.debug("Checking root project, {}, if updates have already been completed", root.getArtifactId());
} else {
LOGGER.debug("Checking root project, null, if updates have already been completed");
}
if (root != null && root.getContextValue(UPDATE_EXECUTED_FLAG) != null) {
System.setProperty(Settings.KEYS.AUTO_UPDATE, Boolean.FALSE.toString());
}
super.analyzeDependencies();
if (root != null) {
root.setContextValue(UPDATE_EXECUTED_FLAG, Boolean.TRUE);
}
}
/**
* Runs the update steps of dependency-check.
*
* @throws UpdateException thrown if there is an exception
*/
public void update() throws UpdateException {
final MavenProject root = getExecutionRoot();
if (root != null && root.getContextValue(UPDATE_EXECUTED_FLAG) != null) {
System.setProperty(Settings.KEYS.AUTO_UPDATE, Boolean.FALSE.toString());
}
this.doUpdates();
}
/**
* This constructor should not be called. Use Engine(MavenProject) instead.
*
* @throws DatabaseException thrown if there is an issue connecting to the
* database
*/
private MavenEngine() throws DatabaseException {
}
/**
* Initializes the given analyzer. This skips the initialization of the
* CPEAnalyzer if it has been initialized by a previous execution.
*
* @param analyzer the analyzer to initialize
* @return the initialized analyzer
*/
@Override
protected Analyzer initializeAnalyzer(Analyzer analyzer) throws InitializationException {
if (analyzer instanceof CPEAnalyzer) {
CPEAnalyzer cpe = getPreviouslyLoadedCPEAnalyzer();
if (cpe != null && cpe.isOpen()) {
return cpe;
}
cpe = (CPEAnalyzer) super.initializeAnalyzer(analyzer);
storeCPEAnalyzer(cpe);
return cpe;
}
return super.initializeAnalyzer(analyzer);
}
/**
* Releases resources used by the analyzers by calling close() on each
* analyzer.
*/
@Override
public void cleanup() {
super.cleanup();
if (currentProject == null || reactorProjects == null) {
return;
}
if (this.currentProject == reactorProjects.get(reactorProjects.size() - 1)) {
final CPEAnalyzer cpe = getPreviouslyLoadedCPEAnalyzer();
if (cpe != null) {
cpe.close();
}
}
}
/**
* Closes the given analyzer. This skips closing the CPEAnalyzer.
*
* @param analyzer the analyzer to close
*/
@Override
protected void closeAnalyzer(Analyzer analyzer) {
if (analyzer instanceof CPEAnalyzer) {
if (getPreviouslyLoadedCPEAnalyzer() == null) {
super.closeAnalyzer(analyzer);
}
} else {
super.closeAnalyzer(analyzer);
}
}
/**
* Gets the CPEAnalyzer from the root Maven Project.
*
* @return an initialized CPEAnalyzer
*/
private CPEAnalyzer getPreviouslyLoadedCPEAnalyzer() {
CPEAnalyzer cpe = null;
final MavenProject project = getExecutionRoot();
if (project != null) {
final Object obj = project.getContextValue(CPE_ANALYZER_KEY);
if (obj != null && obj instanceof CPEAnalyzer) {
cpe = (CPEAnalyzer) project.getContextValue(CPE_ANALYZER_KEY);
}
}
return cpe;
}
/**
* Stores a CPEAnalyzer in the root Maven Project.
*
* @param cpe the CPEAnalyzer to store
*/
private void storeCPEAnalyzer(CPEAnalyzer cpe) {
final MavenProject p = getExecutionRoot();
if (p != null) {
p.setContextValue(CPE_ANALYZER_KEY, cpe);
}
}
/**
* Returns the root Maven Project.
*
* @return the root Maven Project
*/
MavenProject getExecutionRoot() {
if (reactorProjects == null) {
return null;
}
for (MavenProject p : reactorProjects) {
if (p.isExecutionRoot()) {
return p;
}
}
//the following should never run, but leaving it as a failsafe.
if (this.currentProject == null) {
return null;
}
MavenProject p = this.currentProject;
while (p.getParent() != null) {
p = p.getParent();
}
return p;
}
/**
* Resets the file type analyzers so that they can be re-used to scan
* additional directories. Without the reset the analyzer might be disabled
* because the first scan/analyze did not identify any files that could be
* processed by the analyzer.
*/
public void resetFileTypeAnalyzers() {
for (FileTypeAnalyzer a : getFileTypeAnalyzers()) {
a.reset();
}
}
}

5
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/UpdateMojo.java
View File

@@ -23,6 +23,7 @@ import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.plugins.annotations.LifecyclePhase;
import org.apache.maven.plugins.annotations.Mojo;
import org.apache.maven.plugins.annotations.ResolutionScope;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.data.update.exception.UpdateException;
import org.owasp.dependencycheck.utils.Settings;
@@ -64,10 +65,10 @@ public class UpdateMojo extends BaseDependencyCheckMojo {
*/
@Override
public void runCheck() throws MojoExecutionException, MojoFailureException {
MavenEngine engine = null;
Engine engine = null;
try {
engine = initializeEngine();
engine.update();
engine.doUpdates();
} catch (DatabaseException ex) {
if (getLog().isDebugEnabled()) {
getLog().debug("Database connection error", ex);

3
dependency-check-maven/src/test/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojoTest.java
View File

@@ -35,6 +35,7 @@ import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import org.junit.Assume;
import org.junit.Test;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.Settings;
@@ -91,7 +92,7 @@ public class BaseDependencyCheckMojoTest extends BaseTest {
boolean autoUpdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE);
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
MavenEngine engine = new MavenEngine(null, null);
Engine engine = new Engine();
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
assertTrue(engine.getDependencies().isEmpty());