updates to allow old suppression file configuration

2026-04-30 12:14:30 +02:00 · 2017-06-22 07:18:14 -04:00
parent 3d5b86d96f
commit dee1ccfd3e
14 changed files with 269 additions and 38 deletions
--- a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java
+++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java
@@ -64,7 +64,7 @@ public class Check extends Update {
     * Whether or not the NSP Analyzer is enabled.
     */
    private Boolean nspAnalyzerEnabled;
-    
+
    /**
     * Whether or not the Ruby Bundle Audit Analyzer is enabled.
     */
@@ -154,6 +154,10 @@ public class Check extends Update {
     * Default is HTML.
     */
    private String reportFormat = "HTML";
+    /**
+     * Suppression file path.
+     */
+    private String suppressionFile = null;
    /**
     * Suppression file paths.
     */
@@ -462,11 +466,10 @@ public class Check extends Update {
     * Set the value of suppressionFile.
     *
     * @param suppressionFile new value of suppressionFile
-     * @deprecated property form of suppressionFile has been replaced by a child element
     */
-    @Deprecated
    public void setSuppressionFile(String suppressionFile) {
-        throw new BuildException("Definition of a suppression file via a property has been deprecated. Suppression files are now defined as a nested element, please update your configuration.");
+        this.suppressionFile = suppressionFile;
+        suppressionFiles.add(suppressionFile);
    }

    /**
@@ -758,6 +761,7 @@ public class Check extends Update {
    public void setNodeAnalyzerEnabled(Boolean nodeAnalyzerEnabled) {
        this.nodeAnalyzerEnabled = nodeAnalyzerEnabled;
    }
+
    /**
     * Get the value of nspAnalyzerEnabled.
     *
@@ -766,6 +770,7 @@ public class Check extends Update {
    public Boolean isNspAnalyzerEnabled() {
        return nspAnalyzerEnabled;
    }
+
    /**
     * Set the value of nspAnalyzerEnabled.
     *
--- a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/SuppressionFile.java
+++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/SuppressionFile.java
@@ -18,8 +18,10 @@
 package org.owasp.dependencycheck.taskdefs;

 /**
- * Class          : {@link SuppressionFile}
- * Responsibility : Models a suppression file nested XML element where the simple content is its location.
+ * Class : {@link SuppressionFile} Responsibility : Models a suppression file
+ * nested XML element where the simple content is its location.
+ *
+ * @author Phillip Whittlesea
 */
 public class SuppressionFile {

--- a/dependency-check-ant/src/test/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTaskTest.java
+++ b/dependency-check-ant/src/test/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTaskTest.java
@@ -127,22 +127,41 @@ public class DependencyCheckTaskTest {
        buildFileRule.executeTarget(antTaskName);

        // THEN the ant task executed without error
-        final File report = new File("target/dependency-check-report.html");
+        final File report = new File("target/suppression-report.html");
        assertTrue("Expected the DependencyCheck report to be generated", report.exists());
    }

    /**
-     * Test the DependencyCheckTask deprecated suppression property throws an exception with a warning.
+     * Test the DependencyCheckTask deprecated suppression property throws an
+     * exception with a warning.
     */
    @Test
-    public void testDeprecatedSuppressingCVE() {
+    public void testSuppressingSingle() {
        // GIVEN an ant task with a vulnerability using the legacy property
-        final String antTaskName = "deprecated-suppression";
-
+        final String antTaskName = "suppression-single";
+        
        // WHEN executing the ant task
-        // THEN an exception with a warning is thrown
-        expectedException.expect(BuildException.class);
-        expectedException.expectMessage("Definition of a suppression file via a property has been deprecated. Suppression files are now defined as a nested element, please update your configuration.");
        buildFileRule.executeTarget(antTaskName);
+
+        // THEN the ant task executed without error
+        final File report = new File("target/suppression-single-report.html");
+        assertTrue("Expected the DependencyCheck report to be generated", report.exists());
+    }
+
+    /**
+     * Test the DependencyCheckTask deprecated suppression property throws an
+     * exception with a warning.
+     */
+    @Test
+    public void testSuppressingMultiple() {
+        // GIVEN an ant task with a vulnerability using multiple was to configure the suppression file
+        final String antTaskName = "suppression-multiple";
+
+         // WHEN executing the ant task
+        buildFileRule.executeTarget(antTaskName);
+        
+        // THEN the ant task executed without error
+        final File report = new File("target/suppression-multiple-report.html");
+        assertTrue("Expected the DependencyCheck report to be generated", report.exists());
    }
 }
--- a/dependency-check-ant/src/test/resources/build.xml
+++ b/dependency-check-ant/src/test/resources/build.xml
@@ -72,19 +72,10 @@
        </dependency-check>
    </target>

-    <target name="deprecated-suppression">
-        <dependency-check
-            applicationName="test suppression"
-            reportOutputDirectory="${project.build.directory}"
-            autoupdate="false"
-            failBuildOnCVSS="3"
-            suppressionFile="${project.build.directory}/test-classes/test-suppression1.xml"/>
-    </target>
-
    <target name="suppression">
        <dependency-check
            applicationName="test suppression"
-            reportOutputDirectory="${project.build.directory}"
+            reportOutputDirectory="${project.build.directory}/suppression-report.html"
            autoupdate="false"
            failBuildOnCVSS="3">
            <suppressionfile>${project.build.directory}/test-classes/test-suppression1.xml</suppressionfile>
@@ -97,4 +88,30 @@
                files="jetty-6.1.0.jar,org.mortbay.jetty.jar"/>
        </dependency-check>
    </target>
+    <target name="suppression-single">
+        <dependency-check
+            applicationName="test suppression"
+            reportOutputDirectory="${project.build.directory}/suppression-single-report.html"
+            autoupdate="false"
+            failBuildOnCVSS="3"
+            suppressionFile="${project.build.directory}/test-classes/test-suppression1.xml">
+            <fileset dir="${project.build.directory}/test-classes/jars">
+                <include name="axis-1.4.jar"/>
+            </fileset>
+        </dependency-check>
+    </target>
+    <target name="suppression-multiple">
+        <dependency-check
+            applicationName="test suppression"
+            reportOutputDirectory="${project.build.directory}/suppression-multiple-report.html"
+            autoupdate="false"
+            failBuildOnCVSS="3"
+            suppressionFile="${project.build.directory}/test-classes/test-suppression1.xml">
+            <suppressionfile>${project.build.directory}/test-classes/test-suppression2.xml</suppressionfile>
+            <fileset dir="${project.build.directory}/test-classes/jars">
+                <include name="axis-1.4.jar"/>
+            </fileset>
+        </dependency-check>
+    </target>
+    
 </project>