From d8bb6488b7cb8859a54da2243ba537343feb82c2 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Fri, 30 Dec 2016 17:01:09 -0500
Subject: [PATCH] added archetype per #612

---
 dependency-check-plugin/pom.xml               |  41 +++++
 .../META-INF/maven/archetype-metadata.xml     |  20 +++
 .../resources/archetype-resources/pom.xml     |  44 ++++++
 .../src/main/java/NewPlugin.java              | 143 ++++++++++++++++++
 ...rg.owasp.dependencycheck.analyzer.Analyzer |   1 +
 ...dencycheck.data.update.CachedWebDataSource |   0
 pom.xml                                       |   3 +-
 7 files changed, 251 insertions(+), 1 deletion(-)
 create mode 100644 dependency-check-plugin/pom.xml
 create mode 100644 dependency-check-plugin/src/main/resources/META-INF/maven/archetype-metadata.xml
 create mode 100644 dependency-check-plugin/src/main/resources/archetype-resources/pom.xml
 create mode 100644 dependency-check-plugin/src/main/resources/archetype-resources/src/main/java/NewPlugin.java
 create mode 100644 dependency-check-plugin/src/main/resources/archetype-resources/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer
 create mode 100644 dependency-check-plugin/src/main/resources/archetype-resources/src/main/resources/META-INF/services/org.owasp.dependencycheck.data.update.CachedWebDataSource

diff --git a/dependency-check-plugin/pom.xml b/dependency-check-plugin/pom.xml
new file mode 100644
index 000000000..eeb333397
--- /dev/null
+++ b/dependency-check-plugin/pom.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.owasp</groupId>
+        <artifactId>dependency-check-parent</artifactId>
+        <version>1.4.5-SNAPSHOT</version>
+    </parent>
+    <groupId>org.owasp</groupId>
+    <artifactId>dependency-check-plugin</artifactId>
+    <name>Dependency-Check Plugin Archetype</name>
+    <packaging>jar</packaging>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-resources-plugin</artifactId>
+                <configuration>
+                    <escapeString>\</escapeString>
+                </configuration>
+            </plugin>
+        </plugins>
+        <resources>
+            <resource>
+                <directory>src/main/resources</directory>
+                <filtering>true</filtering>
+                <includes>
+                    <include>archetype-resources/pom.xml</include>
+                </includes>
+            </resource>
+            <resource>
+                <directory>src/main/resources</directory>
+                <filtering>false</filtering>
+                <excludes>
+                    <exclude>archetype-resources/pom.xml</exclude>
+                </excludes>
+            </resource>
+        </resources>
+    </build>
+</project>
diff --git a/dependency-check-plugin/src/main/resources/META-INF/maven/archetype-metadata.xml b/dependency-check-plugin/src/main/resources/META-INF/maven/archetype-metadata.xml
new file mode 100644
index 000000000..98bb87fac
--- /dev/null
+++ b/dependency-check-plugin/src/main/resources/META-INF/maven/archetype-metadata.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<archetype-descriptor name="dependency-check-plugin"
+    xsi:schemaLocation="http://maven.apache.org/plugins/maven-archetype-plugin/archetype-descriptor/1.0.0 http://maven.apache.org/xsd/archetype-descriptor-1.0.0.xsd" 
+    xmlns="http://maven.apache.org/plugins/maven-archetype-plugin/archetype-descriptor/1.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <fileSets>
+    <fileSet filtered="true" packaged="true" encoding="UTF-8">
+      <directory>src/main/java</directory>
+      <includes>
+        <include>**/*.java</include>
+      </includes>
+    </fileSet>
+    <fileSet filtered="true" encoding="UTF-8">
+      <directory>src/main/resources</directory>
+      <includes>
+        <include>**/*</include>
+      </includes>
+    </fileSet>
+  </fileSets>
+</archetype-descriptor>
diff --git a/dependency-check-plugin/src/main/resources/archetype-resources/pom.xml b/dependency-check-plugin/src/main/resources/archetype-resources/pom.xml
new file mode 100644
index 000000000..7c411aa09
--- /dev/null
+++ b/dependency-check-plugin/src/main/resources/archetype-resources/pom.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>\${groupId}</groupId>
+    <artifactId>\${artifactId}</artifactId>
+    <version>\${version}</version>
+    
+    <name>\${artifactId}</name>
+    <packaging>jar</packaging>
+    
+    <licenses>
+        <license>
+            <name>The Apache Software License, Version 2.0</name>
+            <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+        </license>
+    </licenses>
+    
+    <dependencies>
+        <dependency>
+            <groupId>org.owasp</groupId>
+            <artifactId>dependency-check-utils</artifactId>
+            <version>${project.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.owasp</groupId>
+            <artifactId>dependency-check-core</artifactId>
+            <version>${project.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <version>${slf4j.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>       
+            <version>4.12</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+</project>
diff --git a/dependency-check-plugin/src/main/resources/archetype-resources/src/main/java/NewPlugin.java b/dependency-check-plugin/src/main/resources/archetype-resources/src/main/java/NewPlugin.java
new file mode 100644
index 000000000..b5a034803
--- /dev/null
+++ b/dependency-check-plugin/src/main/resources/archetype-resources/src/main/java/NewPlugin.java
@@ -0,0 +1,143 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package ${package};
+
+import java.io.File;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.owasp.dependencycheck.Engine;
+import org.owasp.dependencycheck.analyzer.AnalysisPhase;
+import org.owasp.dependencycheck.analyzer.Analyzer;
+import org.owasp.dependencycheck.analyzer.FileTypeAnalyzer;
+import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
+import org.owasp.dependencycheck.dependency.Dependency;
+import org.owasp.dependencycheck.exception.InitializationException;
+
+/**
+ * An OWASP dependency-check plug-in example. If you are not implementing a
+ * FileTypeAnalyzer, simple remove the annotation and the accept() method.
+ */
+public class NewPlugin implements Analyzer, FileTypeAnalyzer {
+
+    /**
+     * The Logger for use throughout the NewPlugin.
+     */
+    private static final Logger LOGGER = LoggerFactory.getLogger(NewPlugin.class);
+
+    /**
+     * <p>
+     * Method implementation for the FileTypeAnalyzer; if not implementing a
+     * file type analyzer this method can be removed.</p>
+     * <p>
+     * Determines if the analyzer can process the given file.</p>
+     *
+     * @param pathname the path to the file
+     * @return <code>true</code> if the analyzer can process the file; otherwise
+     * <code>false</code>
+     */
+    @Override
+    public boolean accept(File pathname) {
+        throw new UnsupportedOperationException("Not implemented yet.");
+    }
+
+    /**
+     * Analyzes the given dependency. The analysis could be anything from
+     * identifying an Identifier for the dependency, to finding vulnerabilities,
+     * etc. Additionally, if the analyzer collects enough information to add a
+     * description or license information for the dependency it should be added.
+     *
+     * @param dependency a dependency to analyze.
+     * @param engine the engine that is scanning the dependencies - this is
+     * useful if we need to check other dependencies
+     * @throws AnalysisException is thrown if there is an error analyzing the
+     * dependency file
+     */
+    @Override
+    public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
+        if (enabled) {
+            throw new UnsupportedOperationException("Not implemented yet.");
+        }
+    }
+
+    /**
+     * Returns the name of the analyzer.
+     *
+     * @return the name of the analyzer.
+     */
+    @Override
+    public String getName() {
+        return "New Plugin";
+    }
+
+    /**
+     * Returns the phase that the analyzer is intended to run in.
+     *
+     * @return the phase that the analyzer is intended to run in.
+     */
+    @Override
+    public AnalysisPhase getAnalysisPhase() {
+        return AnalysisPhase.INFORMATION_COLLECTION;
+    }
+
+    /**
+     * The initialize method is called (once) prior to the analyze method being
+     * called on all of the dependencies.
+     *
+     * @throws InitializationException is thrown if an exception occurs
+     * initializing the analyzer.
+     */
+    @Override
+    public void initialize() throws InitializationException {
+
+    }
+
+    /**
+     * The close method is called after all of the dependencies have been
+     * analyzed.
+     *
+     * @throws Exception is thrown if an exception occurs closing the analyzer.
+     */
+    @Override
+    public void close() throws Exception {
+
+    }
+
+    /**
+     * Returns whether multiple instances of the same type of analyzer can run
+     * in parallel. Note that running analyzers of different types in parallel
+     * is not supported at all.
+     *
+     * @return {@code true} if the analyzer supports parallel processing,
+     * {@code false} else
+     */
+    @Override
+    public boolean supportsParallelProcessing() {
+        return true;
+    }
+
+    /**
+     * Flag indicating whether or not the analyzer is enabled.
+     */
+    private boolean enabled = true;
+
+    /**
+     * Returns whether or not the analyzer is enabled.
+     *
+     * @return whether or not the analyzer is enabled
+     */
+    @Override
+    public boolean isEnabled() {
+        return enabled;
+    }
+}
diff --git a/dependency-check-plugin/src/main/resources/archetype-resources/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer b/dependency-check-plugin/src/main/resources/archetype-resources/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer
new file mode 100644
index 000000000..92854d72b
--- /dev/null
+++ b/dependency-check-plugin/src/main/resources/archetype-resources/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer
@@ -0,0 +1 @@
+${package}.NewPlugin
\ No newline at end of file
diff --git a/dependency-check-plugin/src/main/resources/archetype-resources/src/main/resources/META-INF/services/org.owasp.dependencycheck.data.update.CachedWebDataSource b/dependency-check-plugin/src/main/resources/archetype-resources/src/main/resources/META-INF/services/org.owasp.dependencycheck.data.update.CachedWebDataSource
new file mode 100644
index 000000000..e69de29bb
diff --git a/pom.xml b/pom.xml
index b71888541..c47d96199 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,6 +29,7 @@ Copyright (c) 2012 - Jeremy Long
         <module>dependency-check-ant</module>
         <module>dependency-check-maven</module>
         <module>dependency-check-utils</module>
+        <module>dependency-check-plugin</module>
     </modules>
     <name>Dependency-Check</name>
     <url>https://github.com/jeremylong/DependencyCheck.git</url>
@@ -222,7 +223,7 @@ Copyright (c) 2012 - Jeremy Long
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-resources-plugin</artifactId>
-                    <version>3.0.1</version>
+                    <version>3.0.2</version>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>