github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 15:53:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added 'deep scan' argument/property to indicate more evidence should be collected even if it increases false positives

Browse Source 
Former-commit-id: 200acdb012410df0cd59c164cd362f7940366fb1
This commit is contained in:
Jeremy Long
2013-03-08 17:33:01 -05:00
parent 7d67d3fa86
commit d99e8f9ef5
4 changed files with 55 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/main/java/org/owasp/dependencycheck/App.java
View File

@@ -29,6 +29,7 @@ import org.apache.commons.cli.ParseException;
import org.owasp.dependencycheck.reporting.ReportGenerator;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.utils.CliParser;
import org.owasp.dependencycheck.utils.Settings;
/*
* This file is part of App.
@@ -112,11 +113,10 @@ public class App {
if (cli.isGetVersion()) {
cli.printVersionInfo();
} else if (cli.isRunScan()) {
runScan(cli.getReportDirectory(), cli.getReportFormat(), cli.getApplicationName(), cli.getScanFiles(), cli.isAutoUpdate());
runScan(cli.getReportDirectory(), cli.getReportFormat(), cli.getApplicationName(), cli.getScanFiles(), cli.isAutoUpdate(), cli.isDeepScan());
} else {
cli.printHelp();
}
}
/**
@@ -124,16 +124,21 @@ public class App {
* reportDirectory.
*
* @param reportDirectory the path to the directory where the reports will
* be written.
* @param outputFormat the output format of the report.
* @param applicationName the application name for the report.
* @param files the files/directories to scan.
* be written
* @param outputFormat the output format of the report
* @param applicationName the application name for the report
* @param files the files/directories to scan
* @param autoUpdate whether to auto-update the cached data from the Internet
* @param deepScan whether to perform a deep scan of the evidence in the project dependencies
*/
private void runScan(String reportDirectory, String outputFormat, String applicationName, String[] files, boolean autoUpdate) {
private void runScan(String reportDirectory, String outputFormat, String applicationName, String[] files, boolean autoUpdate, boolean deepScan) {
Engine scanner = new Engine(autoUpdate);
Settings.setBoolean(Settings.KEYS.PERFORM_DEEP_SCAN, deepScan);
for (String file : files) {
scanner.scan(file);
}
scanner.analyzeDependencies();
List<Dependency> dependencies = scanner.getDependencies();
@@ -145,6 +150,5 @@ public class App {
} catch (Exception ex) {
Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
}
}
}