github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-25 02:21:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

externalized central search query so future changes can be handled via a properties change - issue #978

Browse Source
This commit is contained in:
Jeremy Long
2017-11-14 06:37:41 -05:00
parent 49d14d1272
commit dea9fa1145
4 changed files with 30 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java
View File

@@ -51,12 +51,17 @@ import org.xml.sax.SAXException;
public class CentralSearch { public class CentralSearch {
/** /**
* The URL for the Central service * The URL for the Central service.
*/ */
private final String rootURL; private final String rootURL;
/** /**
* Whether to use the Proxy when making requests * The Central Search Query.
*/
private final String query;
/**
* Whether to use the Proxy when making requests.
*/ */
private final boolean useProxy; private final boolean useProxy;
@@ -84,6 +89,14 @@ public class CentralSearch {
throw new MalformedURLException(String.format("The configured central analyzer URL is invalid: %s", searchUrl)); throw new MalformedURLException(String.format("The configured central analyzer URL is invalid: %s", searchUrl));
} }
this.rootURL = searchUrl; this.rootURL = searchUrl;
final String queryStr = settings.getString(Settings.KEYS.ANALYZER_CENTRAL_QUERY);
LOGGER.debug("Central Search Query: {}", queryStr);
if (!queryStr.matches("^%s.*%s.*$")) {
final String msg = String.format("The configured central analyzer query parameter is invalid (it must have two %%s): %s", queryStr);
throw new MalformedURLException(msg);
}
this.query = queryStr;
LOGGER.debug("Central Search Full URL: {}", String.format(query, rootURL, "[SHA1]"));
if (null != settings.getString(Settings.KEYS.PROXY_SERVER)) { if (null != settings.getString(Settings.KEYS.PROXY_SERVER)) {
useProxy = true; useProxy = true;
LOGGER.debug("Using proxy"); LOGGER.debug("Using proxy");
@@ -94,7 +107,7 @@ public class CentralSearch {
} }
/** /**
* Searches the configured Central URL for the given sha1 hash. If the * Searches the configured Central URL for the given SHA1 hash. If the
* artifact is found, a <code>MavenArtifact</code> is populated with the * artifact is found, a <code>MavenArtifact</code> is populated with the
* GAV. * GAV.
* *
@@ -108,7 +121,7 @@ public class CentralSearch {
throw new IllegalArgumentException("Invalid SHA1 format"); throw new IllegalArgumentException("Invalid SHA1 format");
} }
List<MavenArtifact> result = null; List<MavenArtifact> result = null;
final URL url = new URL(String.format("%s?q=1:%%22%s%%22&wt=xml", rootURL, sha1)); final URL url = new URL(String.format(query, rootURL, sha1));
LOGGER.debug("Searching Central url {}", url); LOGGER.debug("Searching Central url {}", url);
@@ -184,10 +197,10 @@ public class CentralSearch {
} }
/** /**
* Tests to determine if the gien URL is <b>invalid</b>. * Tests to determine if the given URL is <b>invalid</b>.
* *
* @param url the url to evaluate * @param url the URL to evaluate
* @return true if the url is malformed; otherwise false * @return true if the URL is malformed; otherwise false
*/ */
private boolean isInvalidURL(String url) { private boolean isInvalidURL(String url) {
try { try {

3
dependency-check-core/src/main/resources/dependencycheck.properties
View File

@@ -77,6 +77,9 @@ analyzer.nexus.proxy=true
# the URL for searching search.maven.org for SHA-1 and whether it's enabled # the URL for searching search.maven.org for SHA-1 and whether it's enabled
analyzer.central.enabled=true analyzer.central.enabled=true
analyzer.central.url=https://search.maven.org/solrsearch/select analyzer.central.url=https://search.maven.org/solrsearch/select
# Note - the central query is used in a String.format(query, url, sha1)).
# As such, it must have two %s and any other % must be escapped by doubling it
analyzer.central.query=%s?q=1:%%22%s%%22&wt=xml
# the URL for searching api.nodesecurity.io # the URL for searching api.nodesecurity.io
analyzer.nsp.url=https://api.nodesecurity.io/check analyzer.nsp.url=https://api.nodesecurity.io/check

3
dependency-check-core/src/test/resources/dependencycheck.properties
View File

@@ -72,6 +72,9 @@ analyzer.nexus.proxy=true
# the URL for searching search.maven.org for SHA-1 and whether it's enabled # the URL for searching search.maven.org for SHA-1 and whether it's enabled
analyzer.central.enabled=true analyzer.central.enabled=true
analyzer.central.url=https://search.maven.org/solrsearch/select analyzer.central.url=https://search.maven.org/solrsearch/select
# Note - the central query is used in a String.format(query, url, sha1)).
# As such, it must have two %s and any other % must be escapped by doubling it
analyzer.central.query=%s?q=1:%%22%s%%22&wt=xml
# the URL for searching api.nodesecurity.io # the URL for searching api.nodesecurity.io
analyzer.nsp.url=https://api.nodesecurity.io/check analyzer.nsp.url=https://api.nodesecurity.io/check

4
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
View File

@@ -348,6 +348,10 @@ public final class Settings {
* The properties key for the Central search URL. * The properties key for the Central search URL.
*/ */
public static final String ANALYZER_CENTRAL_URL = "analyzer.central.url"; public static final String ANALYZER_CENTRAL_URL = "analyzer.central.url";
/**
* The properties key for the Central search query.
*/
public static final String ANALYZER_CENTRAL_QUERY = "analyzer.central.query";
/** /**
* The path to mono, if available. * The path to mono, if available.
*/ */