github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 00:03:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

work in progress

Browse Source 
Former-commit-id: 0ff4b90e22accc5adb1d91735fe4979838fdc651
This commit is contained in:
Jeremy Long
2015-02-22 10:23:31 -05:00
parent df606674db
commit d6fc456039
1 changed files with 31 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
View File

@@ -75,15 +75,10 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
final Map<MavenProject, Set<MavenProject>> children = buildAggregateInfo();
for (MavenProject current : getReactorProjects()) {
final File outputDir = getCorrectOutputDirectory(current);
if (outputDir == null) { //dc was never run on this project. write the ser to the target.
engine.getDependencies().clear();
engine.resetFileTypeAnalyzers();
scanArtifacts(current, engine);
engine.analyzeDependencies();
final File target = new File(current.getBuild().getOutputDirectory()).getParentFile();
writeDataFile(current, target, engine.getDependencies());
showSummary(current, engine.getDependencies());
final File dataFile = getDataFile(current);
if (dataFile == null) { //dc was never run on this project. write the ser to the target.
LOGGER.fine(String.format("Executing dependency-check on %s", current.getName()));
generateDataFile(engine, current);
}
}
@@ -144,13 +139,18 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
if (children == null) {
return Collections.emptyList();
}
LOGGER.info("Children of " + project.getId());
for (String mod : project.getModules()) {
LOGGER.info(" mod: " + mod);
}
final List<MavenProject> result = new ArrayList<MavenProject>();
for (MavenProject child : children) {
if (isMultiModule(child)) {
LOGGER.info("* adding multi-module children " + child.getId());
result.addAll(getAllChildren(child, childMap));
} else {
result.add(child);
}
LOGGER.info("* " + child.getId());
result.add(child);
}
return result;
}
@@ -184,7 +184,7 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
}
/**
* Runs dependency-check's Engine and writes the serialized dependencies to disk.
* Initilizes the engine, runs a scan, and writes the serialized dependencies to disk.
*
* @return the Engine used to execute dependency-check
* @throws MojoExecutionException thrown if there is an exception running the mojo
@@ -198,9 +198,26 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
LOGGER.log(Level.FINE, "Database connection error", ex);
throw new MojoExecutionException("An exception occured connecting to the local database. Please see the log file for more details.", ex);
}
scanArtifacts(getProject(), engine);
return generateDataFile(engine, getProject());
}
/**
* Runs dependency-check's Engine and writes the serialized dependencies to disk.
*
* @param engine the Engine to use when scanning.
* @param project the project to scan and generate the data file for
* @return the Engine used to execute dependency-check
* @throws MojoExecutionException thrown if there is an exception running the mojo
* @throws MojoFailureException thrown if dependency-check is configured to fail the build if severe CVEs are identified.
*/
protected Engine generateDataFile(Engine engine, MavenProject project) throws MojoExecutionException, MojoFailureException {
LOGGER.fine(String.format("Begin Scanning: %s", project.getName()));
engine.getDependencies().clear();
engine.resetFileTypeAnalyzers();
scanArtifacts(project, engine);
engine.analyzeDependencies();
writeDataFile(getProject(), null, engine.getDependencies());
File target = this.getCorrectOutputDirectory(project);
writeDataFile(getProject(), target, engine.getDependencies());
showSummary(getProject(), engine.getDependencies());
checkForFailure(engine.getDependencies());
return engine;