fix bug in getLastProject for non-site executions

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java

@@ -128,7 +128,7 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
     /**
      * Gets the last project in the reactor - taking into account skipped projects.
      *
-     * @return the last projecct in the reactor
+     * @return the last project in the reactor
      */
     private MavenProject getLastProject() {
         for (int x = getReactorProjects().size() - 1; x >= 0; x--) {
@@ -149,7 +149,7 @@ public class AggregateMojo extends BaseDependencyCheckMojo {
      */
     private boolean skipProject(MavenProject project) {
         final String skip = (String) project.getProperties().get("maven.site.skip");
-        return "true".equalsIgnoreCase(skip);
+        return "true".equalsIgnoreCase(skip) && isGeneratingSite();
     }
 
     /**

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java

@@ -387,6 +387,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
      */
     @Override
     public void execute() throws MojoExecutionException, MojoFailureException {
+        generatingSite = false;
         if (skip) {
             getLog().info("Skipping " + getName(Locale.US));
         } else {
@@ -424,6 +425,20 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
         generate((Sink) sink, locale);
     }
 
+    /**
+     * A flag indicating whether or not the maven site is being generated.
+     */
+    private boolean generatingSite = false;
+
+    /**
+     * Returns true if the Maven site is being generated.
+     *
+     * @return true if the Maven site is being generated
+     */
+    protected boolean isGeneratingSite() {
+        return generatingSite;
+    }
+
     /**
      * Generates the Dependency-Check Site Report.
      *
@@ -432,6 +447,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
      * @throws MavenReportException if a maven report exception occurs
      */
     public void generate(Sink sink, Locale locale) throws MavenReportException {
+        generatingSite = true;
         try {
             validateAggregate();
         } catch (MojoExecutionException ex) {
@@ -1054,7 +1070,8 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
                     "org.owasp.dependencycheck.dependency.Reference",
                     "org.owasp.dependencycheck.dependency.Vulnerability",
                     "org.owasp.dependencycheck.dependency.VulnerabilityComparator",
-                    "org.owasp.dependencycheck.dependency.VulnerableSoftware");
+                    "org.owasp.dependencycheck.dependency.VulnerableSoftware",
+                    "org.owasp.dependencycheck.data.cpe.IndexEntry");
             ret = (List<Dependency>) ois.readObject();
         } catch (FileNotFoundException ex) {
             //TODO fix logging

dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExpectedOjectInputStream.java

@@ -63,7 +63,7 @@ public class ExpectedOjectInputStream extends ObjectInputStream {
     @Override
     protected Class<?> resolveClass(ObjectStreamClass desc) throws IOException, ClassNotFoundException {
         if (!this.expected.contains(desc.getName())) {
-            throw new InvalidClassException("Unexpected deserialization", desc.getName());
+            throw new InvalidClassException("Unexpected deserialization ", desc.getName());
         }
         return super.resolveClass(desc);
     }