added configuration settings to the interfaces to support disabling of specific analyzers per issue #86

Former-commit-id: ce5fe7e4340a4df6f0a59a78acee6429a10ba01b

dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java

@@ -457,6 +457,81 @@ public class DependencyCheckTask extends Task {
         this.showSummary = showSummary;
     }
 
+    /**
+     * Sets whether or not the analyzer is enabled.
+     *
+     * @param jarAnalyzerEnabled the value of the new setting
+     */
+    public void setJarAnalyzerEnabled(boolean jarAnalyzerEnabled) {
+        this.jarAnalyzerEnabled = jarAnalyzerEnabled;
+    }
+    /**
+     * Whether or not the Archive Analyzer is enabled.
+     */
+    private boolean archiveAnalyzerEnabled = true;
+
+    /**
+     * Returns whether or not the analyzer is enabled.
+     *
+     * @return true if the analyzer is enabled
+     */
+    public boolean isArchiveAnalyzerEnabled() {
+        return archiveAnalyzerEnabled;
+    }
+    /**
+     * Whether or not the .NET Assembly Analyzer is enabled.
+     */
+    private boolean assemblyAnalyzerEnabled = true;
+
+    /**
+     * Sets whether or not the analyzer is enabled.
+     *
+     * @param archiveAnalyzerEnabled the value of the new setting
+     */
+    public void setArchiveAnalyzerEnabled(boolean archiveAnalyzerEnabled) {
+        this.archiveAnalyzerEnabled = archiveAnalyzerEnabled;
+    }
+
+    /**
+     * Returns whether or not the analyzer is enabled.
+     *
+     * @return true if the analyzer is enabled
+     */
+    public boolean isAssemblyAnalyzerEnabled() {
+        return assemblyAnalyzerEnabled;
+    }
+
+    /**
+     * Sets whether or not the analyzer is enabled.
+     *
+     * @param assemblyAnalyzerEnabled the value of the new setting
+     */
+    public void setAssemblyAnalyzerEnabled(boolean assemblyAnalyzerEnabled) {
+        this.assemblyAnalyzerEnabled = assemblyAnalyzerEnabled;
+    }
+    /**
+     * Whether or not the .NET Nuspec Analyzer is enabled.
+     */
+    private boolean nuspecAnalyzerEnabled = true;
+
+    /**
+     * Returns whether or not the analyzer is enabled.
+     *
+     * @return true if the analyzer is enabled
+     */
+    public boolean isNuspecAnalyzerEnabled() {
+        return nuspecAnalyzerEnabled;
+    }
+
+    /**
+     * Sets whether or not the analyzer is enabled.
+     *
+     * @param nuspecAnalyzerEnabled the value of the new setting
+     */
+    public void setNuspecAnalyzerEnabled(boolean nuspecAnalyzerEnabled) {
+        this.nuspecAnalyzerEnabled = nuspecAnalyzerEnabled;
+    }
+
     /**
      * Whether or not the nexus analyzer is enabled.
      */
@@ -907,11 +982,29 @@ public class DependencyCheckTask extends Task {
         if (suppressionFile != null && !suppressionFile.isEmpty()) {
             Settings.setString(Settings.KEYS.SUPPRESSION_FILE, suppressionFile);
         }
+
+        //File Type Analyzer Settings
+        //JAR ANALYZER
+        Settings.setBoolean(Settings.KEYS.ANALYZER_JAR_ENABLED, jarAnalyzerEnabled);
+        //NUSPEC ANALYZER
+        Settings.setBoolean(Settings.KEYS.ANALYZER_NUSPEC_ENABLED, nuspecAnalyzerEnabled);
+        //NEXUS ANALYZER
         Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, nexusAnalyzerEnabled);
         if (nexusUrl != null && !nexusUrl.isEmpty()) {
             Settings.setString(Settings.KEYS.ANALYZER_NEXUS_URL, nexusUrl);
         }
         Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_PROXY, nexusUsesProxy);
+        //ARCHIVE ANALYZER
+        Settings.setBoolean(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, archiveAnalyzerEnabled);
+        if (zipExtensions != null && !zipExtensions.isEmpty()) {
+            Settings.setString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, zipExtensions);
+        }
+        //ASSEMBLY ANALYZER
+        Settings.setBoolean(Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED, assemblyAnalyzerEnabled);
+        if (pathToMono != null && !pathToMono.isEmpty()) {
+            Settings.setString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, pathToMono);
+        }
+
         if (databaseDriverName != null && !databaseDriverName.isEmpty()) {
             Settings.setString(Settings.KEYS.DB_DRIVER_NAME, databaseDriverName);
         }
@@ -927,9 +1020,6 @@ public class DependencyCheckTask extends Task {
         if (databasePassword != null && !databasePassword.isEmpty()) {
             Settings.setString(Settings.KEYS.DB_PASSWORD, databasePassword);
         }
-        if (zipExtensions != null && !zipExtensions.isEmpty()) {
-            Settings.setString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, zipExtensions);
-        }
         if (cveUrl12Modified != null && !cveUrl12Modified.isEmpty()) {
             Settings.setString(Settings.KEYS.CVE_MODIFIED_12_URL, cveUrl12Modified);
         }
@@ -942,9 +1032,6 @@ public class DependencyCheckTask extends Task {
         if (cveUrl20Base != null && !cveUrl20Base.isEmpty()) {
             Settings.setString(Settings.KEYS.CVE_SCHEMA_2_0, cveUrl20Base);
         }
-        if (pathToMono != null && !pathToMono.isEmpty()) {
-            Settings.setString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, pathToMono);
-        }
     }
 
     /**
@@ -1036,4 +1123,18 @@ public class DependencyCheckTask extends Task {
             return values;
         }
     }
+
+    /**
+     * Whether or not the Jar Analyzer is enabled.
+     */
+    private boolean jarAnalyzerEnabled = true;
+
+    /**
+     * Returns whether or not the analyzer is enabled.
+     *
+     * @return true if the analyzer is enabled
+     */
+    public boolean isJarAnalyzerEnabled() {
+        return jarAnalyzerEnabled;
+    }
 }

dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java

@@ -158,6 +158,10 @@ public class App {
         final String dataDirectory = cli.getDataDirectory();
         final File propertiesFile = cli.getPropertiesFile();
         final String suppressionFile = cli.getSuppressionFile();
+        final boolean jarDisabled = cli.isJarDisabled();
+        final boolean archiveDisabled = cli.isArchiveDisabled();
+        final boolean assemblyDisabled = cli.isAssemblyDisabled();
+        final boolean nuspecDisabled = cli.isNuspecDisabled();
         final boolean nexusDisabled = cli.isNexusDisabled();
         final String nexusUrl = cli.getNexusUrl();
         final String databaseDriverName = cli.getDatabaseDriverName();
@@ -216,6 +220,13 @@ public class App {
         if (suppressionFile != null && !suppressionFile.isEmpty()) {
             Settings.setString(Settings.KEYS.SUPPRESSION_FILE, suppressionFile);
         }
+
+        //File Type Analyzer Settings
+        Settings.setBoolean(Settings.KEYS.ANALYZER_JAR_ENABLED, !jarDisabled);
+        Settings.setBoolean(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, !archiveDisabled);
+        Settings.setBoolean(Settings.KEYS.ANALYZER_NUSPEC_ENABLED, !nuspecDisabled);
+        Settings.setBoolean(Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED, !assemblyDisabled);
+
         Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, !nexusDisabled);
         if (nexusUrl != null && !nexusUrl.isEmpty()) {
             Settings.setString(Settings.KEYS.ANALYZER_NEXUS_URL, nexusUrl);

dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java

@@ -19,7 +19,6 @@ package org.owasp.dependencycheck.cli;
 
 import java.io.File;
 import java.io.FileNotFoundException;
-
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.CommandLineParser;
 import org.apache.commons.cli.HelpFormatter;
@@ -272,6 +271,19 @@ public final class CliParser {
                 .withDescription("The path to the database driver; note, this does not need to be set unless the JAR is outside of the classpath.")
                 .create();
 
+        final Option disableJarAnalyzer = OptionBuilder.withLongOpt(ArgumentName.DISABLE_JAR)
+                .withDescription("Disable the Jar Analyzer.")
+                .create();
+        final Option disableArchiveAnalyzer = OptionBuilder.withLongOpt(ArgumentName.DISABLE_ARCHIVE)
+                .withDescription("Disable the Archive Analyzer.")
+                .create();
+        final Option disableNuspecAnalyzer = OptionBuilder.withLongOpt(ArgumentName.DISABLE_NUSPEC)
+                .withDescription("Disable the Nuspec Analyzer.")
+                .create();
+        final Option disableAssemblyAnalyzer = OptionBuilder.withLongOpt(ArgumentName.DISABLE_ASSEMBLY)
+                .withDescription("Disable the .NET Assembly Analyzer.")
+                .create();
+
         final Option disableNexusAnalyzer = OptionBuilder.withLongOpt(ArgumentName.DISABLE_NEXUS)
                 .withDescription("Disable the Nexus Analyzer.")
                 .create();
@@ -305,6 +317,10 @@ public final class CliParser {
                 .addOption(dbPassword)
                 .addOption(dbDriver)
                 .addOption(dbDriverPath)
+                .addOption(disableJarAnalyzer)
+                .addOption(disableArchiveAnalyzer)
+                .addOption(disableAssemblyAnalyzer)
+                .addOption(disableNuspecAnalyzer)
                 .addOption(disableNexusAnalyzer)
                 .addOption(nexusUrl)
                 .addOption(nexusUsesProxy)
@@ -339,6 +355,42 @@ public final class CliParser {
         return (line != null) && isValid && line.hasOption(ArgumentName.SCAN);
     }
 
+    /**
+     * Returns true if the disableJar command line argument was specified.
+     *
+     * @return true if the disableJar command line argument was specified; otherwise false
+     */
+    public boolean isJarDisabled() {
+        return (line != null) && line.hasOption(ArgumentName.DISABLE_JAR);
+    }
+
+    /**
+     * Returns true if the disableArchive command line argument was specified.
+     *
+     * @return true if the disableArchive command line argument was specified; otherwise false
+     */
+    public boolean isArchiveDisabled() {
+        return (line != null) && line.hasOption(ArgumentName.DISABLE_ARCHIVE);
+    }
+
+    /**
+     * Returns true if the disableNuspec command line argument was specified.
+     *
+     * @return true if the disableNuspec command line argument was specified; otherwise false
+     */
+    public boolean isNuspecDisabled() {
+        return (line != null) && line.hasOption(ArgumentName.DISABLE_NUSPEC);
+    }
+
+    /**
+     * Returns true if the disableAssembly command line argument was specified.
+     *
+     * @return true if the disableAssembly command line argument was specified; otherwise false
+     */
+    public boolean isAssemblyDisabled() {
+        return (line != null) && line.hasOption(ArgumentName.DISABLE_ASSEMBLY);
+    }
+
     /**
      * Returns true if the disableNexus command line argument was specified.
      *
@@ -737,6 +789,22 @@ public final class CliParser {
          * The CLI argument name for setting the location of the suppression file.
          */
         public static final String SUPPRESION_FILE = "suppression";
+        /**
+         * Disables the Jar Analyzer.
+         */
+        public static final String DISABLE_JAR = "disableJar";
+        /**
+         * Disables the Archive Analyzer.
+         */
+        public static final String DISABLE_ARCHIVE = "disableArchive";
+        /**
+         * Disables the Assembly Analyzer.
+         */
+        public static final String DISABLE_ASSEMBLY = "disableAssembly";
+        /**
+         * Disables the Nuspec Analyzer.
+         */
+        public static final String DISABLE_NUSPEC = "disableNuspec";
         /**
          * Disables the Nexus Analyzer.
          */

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java

@@ -152,10 +152,16 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
     @Deprecated
     private String proxyUrl = null;
 
+    /**
+     * The maven settings.
+     */
     @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"})
     @Parameter(property = "mavenSettings", defaultValue = "${settings}", required = false)
     private org.apache.maven.settings.Settings mavenSettings;
 
+    /**
+     * The maven settings proxy id.
+     */
     @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"})
     @Parameter(property = "mavenSettingsProxyId", required = false)
     private String mavenSettingsProxyId;
@@ -205,6 +211,35 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
     @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"})
     @Parameter(property = "showSummary", defaultValue = "true", required = false)
     private boolean showSummary = true;
+
+    /**
+     * Whether or not the Jar Analyzer is enabled.
+     */
+    @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"})
+    @Parameter(property = "jarAnalyzerEnabled", defaultValue = "true", required = false)
+    private boolean jarAnalyzerEnabled = true;
+
+    /**
+     * Whether or not the Archive Analyzer is enabled.
+     */
+    @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"})
+    @Parameter(property = "archiveAnalyzerEnabled", defaultValue = "true", required = false)
+    private boolean archiveAnalyzerEnabled = true;
+
+    /**
+     * Whether or not the .NET Assembly Analyzer is enabled.
+     */
+    @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"})
+    @Parameter(property = "assemblyAnalyzerEnabled", defaultValue = "true", required = false)
+    private boolean assemblyAnalyzerEnabled = true;
+
+    /**
+     * Whether or not the .NET Nuspec Analyzer is enabled.
+     */
+    @SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"})
+    @Parameter(property = "nuspecAnalyzerEnabled", defaultValue = "true", required = false)
+    private boolean nuspecAnalyzerEnabled = true;
+
     /**
      * Whether or not the Nexus Analyzer is enabled.
      */
@@ -740,13 +775,24 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
     }
     // </editor-fold>
 
+    /**
+     * Returns the maven settings proxy url.
+     *
+     * @param proxy the maven proxy
+     * @return the proxy url
+     */
     private String getMavenSettingsProxyUrl(Proxy proxy) {
         return new StringBuilder(proxy.getProtocol()).append("://").append(proxy.getHost()).toString();
     }
 
+    /**
+     * Returns the maven proxy.
+     *
+     * @return the maven proxy
+     */
     private Proxy getMavenProxy() {
         if (mavenSettings != null) {
-            List<Proxy> proxies = mavenSettings.getProxies();
+            final List<Proxy> proxies = mavenSettings.getProxies();
             if (proxies != null && proxies.size() > 0) {
                 if (mavenSettingsProxyId != null) {
                     for (Proxy proxy : proxies) {
@@ -761,7 +807,6 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
                 }
             }
         }
-
         return null;
     }
 
@@ -789,12 +834,12 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
 
         Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
 
-        Proxy proxy = getMavenProxy();
+        final Proxy proxy = getMavenProxy();
         if (proxy != null) {
             Settings.setString(Settings.KEYS.PROXY_URL, getMavenSettingsProxyUrl(proxy));
             Settings.setString(Settings.KEYS.PROXY_PORT, Integer.toString(proxy.getPort()));
-            String userName = proxy.getUsername();
+            final String userName = proxy.getUsername();
-            String password = proxy.getPassword();
+            final String password = proxy.getPassword();
             if (userName != null && password != null) {
                 Settings.setString(Settings.KEYS.PROXY_USERNAME, userName);
                 Settings.setString(Settings.KEYS.PROXY_PASSWORD, password);
@@ -819,11 +864,30 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
         if (suppressionFile != null && !suppressionFile.isEmpty()) {
             Settings.setString(Settings.KEYS.SUPPRESSION_FILE, suppressionFile);
         }
+
+        //File Type Analyzer Settings
+        //JAR ANALYZER
+        Settings.setBoolean(Settings.KEYS.ANALYZER_JAR_ENABLED, jarAnalyzerEnabled);
+        //NUSPEC ANALYZER
+        Settings.setBoolean(Settings.KEYS.ANALYZER_NUSPEC_ENABLED, nuspecAnalyzerEnabled);
+        //NEXUS ANALYZER
         Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, nexusAnalyzerEnabled);
         if (nexusUrl != null && !nexusUrl.isEmpty()) {
             Settings.setString(Settings.KEYS.ANALYZER_NEXUS_URL, nexusUrl);
         }
         Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_PROXY, nexusUsesProxy);
+        //ARCHIVE ANALYZER
+        Settings.setBoolean(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, archiveAnalyzerEnabled);
+        if (zipExtensions != null && !zipExtensions.isEmpty()) {
+            Settings.setString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, zipExtensions);
+        }
+        //ASSEMBLY ANALYZER
+        Settings.setBoolean(Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED, assemblyAnalyzerEnabled);
+        if (pathToMono != null && !pathToMono.isEmpty()) {
+            Settings.setString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, pathToMono);
+        }
+
+        //Database configuration
         if (databaseDriverName != null && !databaseDriverName.isEmpty()) {
             Settings.setString(Settings.KEYS.DB_DRIVER_NAME, databaseDriverName);
         }
@@ -839,8 +903,9 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
         if (databasePassword != null && !databasePassword.isEmpty()) {
             Settings.setString(Settings.KEYS.DB_PASSWORD, databasePassword);
         }
-        if (zipExtensions != null && !zipExtensions.isEmpty()) {
+        // Data Directory
-            Settings.setString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, zipExtensions);
+        if (dataDirectory != null && !dataDirectory.isEmpty()) {
+            Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDirectory);
         }
 
         // Scope Exclusion
@@ -848,11 +913,6 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
         Settings.setBoolean(Settings.KEYS.SKIP_RUNTIME_SCOPE, skipRuntimeScope);
         Settings.setBoolean(Settings.KEYS.SKIP_PROVIDED_SCOPE, skipProvidedScope);
 
-        // Data Directory
-        if (dataDirectory != null && !dataDirectory.isEmpty()) {
-            Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDirectory);
-        }
-
         // CVE Data Mirroring
         if (cveUrl12Modified != null && !cveUrl12Modified.isEmpty()) {
             Settings.setString(Settings.KEYS.CVE_MODIFIED_12_URL, cveUrl12Modified);
@@ -866,9 +926,7 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
         if (cveUrl20Base != null && !cveUrl20Base.isEmpty()) {
             Settings.setString(Settings.KEYS.CVE_SCHEMA_2_0, cveUrl20Base);
         }
-        if (pathToMono != null && !pathToMono.isEmpty()) {
+
-            Settings.setString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, pathToMono);
-        }
     }
 
     /**