Merge branch 'upmaster' into ruby-bundler

Conflicts:
	dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
	dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
	dependency-check-core/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer

dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java

@@ -268,17 +268,6 @@ public class App {
         final String dataDirectory = cli.getDataDirectory();
         final File propertiesFile = cli.getPropertiesFile();
         final String suppressionFile = cli.getSuppressionFile();
-        final boolean jarDisabled = cli.isJarDisabled();
-        final boolean archiveDisabled = cli.isArchiveDisabled();
-        final boolean pyDistDisabled = cli.isPythonDistributionDisabled();
-        final boolean cMakeDisabled = cli.isCmakeDisabled();
-        final boolean pyPkgDisabled = cli.isPythonPackageDisabled();
-        final boolean autoconfDisabled = cli.isAutoconfDisabled();
-        final boolean bundleAuditDisabled = cli.isBundleAuditDisabled();
-        final boolean assemblyDisabled = cli.isAssemblyDisabled();
-        final boolean nuspecDisabled = cli.isNuspecDisabled();
-        final boolean centralDisabled = cli.isCentralDisabled();
-        final boolean nexusDisabled = cli.isNexusDisabled();
         final String nexusUrl = cli.getNexusUrl();
         final String databaseDriverName = cli.getDatabaseDriverName();
         final String databaseDriverPath = cli.getDatabaseDriverPath();
@@ -340,21 +329,22 @@ public class App {
         }
 
         //File Type Analyzer Settings
-        Settings.setBoolean(Settings.KEYS.ANALYZER_JAR_ENABLED, !jarDisabled);
-        Settings.setBoolean(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, !archiveDisabled);
-        Settings.setBoolean(Settings.KEYS.ANALYZER_PYTHON_DISTRIBUTION_ENABLED, !pyDistDisabled);
-        Settings.setBoolean(Settings.KEYS.ANALYZER_PYTHON_PACKAGE_ENABLED, !pyPkgDisabled);
-        Settings.setBoolean(Settings.KEYS.ANALYZER_AUTOCONF_ENABLED, !autoconfDisabled);
-        Settings.setBoolean(Settings.KEYS.ANALYZER_CMAKE_ENABLED, !cMakeDisabled);
-        Settings.setBoolean(Settings.KEYS.ANALYZER_NUSPEC_ENABLED, !nuspecDisabled);
-        Settings.setBoolean(Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED, !assemblyDisabled);
-        Settings.setBoolean(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_ENABLED, !bundleAuditDisabled);
+        Settings.setBoolean(Settings.KEYS.ANALYZER_JAR_ENABLED, !cli.isJarDisabled());
+        Settings.setBoolean(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, !cli.isArchiveDisabled());
+        Settings.setBoolean(Settings.KEYS.ANALYZER_PYTHON_DISTRIBUTION_ENABLED, !cli.isPythonDistributionDisabled());
+        Settings.setBoolean(Settings.KEYS.ANALYZER_PYTHON_PACKAGE_ENABLED, !cli.isPythonPackageDisabled());
+        Settings.setBoolean(Settings.KEYS.ANALYZER_AUTOCONF_ENABLED, !cli.isAutoconfDisabled());
+        Settings.setBoolean(Settings.KEYS.ANALYZER_CMAKE_ENABLED, !cli.isCmakeDisabled());
+        Settings.setBoolean(Settings.KEYS.ANALYZER_NUSPEC_ENABLED, !cli.isNuspecDisabled());
+        Settings.setBoolean(Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED, !cli.isAssemblyDisabled());
+        Settings.setBoolean(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_ENABLED, !cli.isBundleAuditDisabled());
         Settings.setBoolean(Settings.KEYS.ANALYZER_OPENSSL_ENABLED, !cli.isOpenSSLDisabled());
+        Settings.setBoolean(Settings.KEYS.ANALYZER_COMPOSER_LOCK_ENABLED, !cli.isComposerDisabled());
         Settings.setBoolean(Settings.KEYS.ANALYZER_NODE_PACKAGE_ENABLED, !cli.isNodeJsDisabled());
         Settings.setBoolean(Settings.KEYS.ANALYZER_RUBY_GEMSPEC_ENABLED, !cli.isRubyGemspecDisabled());
 
-        Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, !centralDisabled);
-        Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, !nexusDisabled);
+        Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, !cli.isCentralDisabled());
+        Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, !cli.isNexusDisabled());
         if (nexusUrl != null && !nexusUrl.isEmpty()) {
             Settings.setString(Settings.KEYS.ANALYZER_NEXUS_URL, nexusUrl);
         }

dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java

@@ -326,13 +326,13 @@ public final class CliParser {
         final Option pathToMono = Option.builder().argName("path").hasArg().longOpt(ARGUMENT.PATH_TO_MONO)
                 .desc("The path to Mono for .NET Assembly analysis on non-windows systems.")
                 .build();
-
+        
         final Option pathToBundleAudit = Option.builder().argName("path").hasArg()
                 .longOpt(ARGUMENT.PATH_TO_BUNDLE_AUDIT)
                 .desc("The path to bundle-audit for Gem bundle analysis.").build();
 
-        final Option connectionTimeout = Option.builder(ARGUMENT.CONNECTION_TIMEOUT_SHORT).argName("timeout").hasArg().longOpt(ARGUMENT.CONNECTION_TIMEOUT)
-                .desc("The connection timeout (in milliseconds) to use when downloading resources.")
+        final Option connectionTimeout = Option.builder(ARGUMENT.CONNECTION_TIMEOUT_SHORT).argName("timeout").hasArg()
+                .longOpt(ARGUMENT.CONNECTION_TIMEOUT).desc("The connection timeout (in milliseconds) to use when downloading resources.")
                 .build();
 
         final Option proxyServer = Option.builder().argName("server").hasArg().longOpt(ARGUMENT.PROXY_SERVER)
@@ -381,6 +381,9 @@ public final class CliParser {
         final Option disablePythonPackageAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_PY_PKG)
                 .desc("Disable the Python Package Analyzer.").build();
 
+        final Option disableComposerAnalyzer = Option.builder().longOpt(ARGUMENT.DISABLE_COMPOSER)
+                .desc("Disable the PHP Composer Analyzer.").build();
+
         final Option disableAutoconfAnalyzer = Option.builder()
                 .longOpt(ARGUMENT.DISABLE_AUTOCONF)
                 .desc("Disable the Autoconf Analyzer.").build();
@@ -429,6 +432,7 @@ public final class CliParser {
                 .addOption(Option.builder().longOpt(ARGUMENT.DISABLE_BUNDLE_AUDIT)
                         .desc("Disable the Ruby Bundler-Audit Analyzer.").build())
                 .addOption(disableAutoconfAnalyzer)
+                .addOption(disableComposerAnalyzer)
                 .addOption(disableOpenSSLAnalyzer)
                 .addOption(disableNuspecAnalyzer)
                 .addOption(disableCentralAnalyzer)
@@ -600,6 +604,15 @@ public final class CliParser {
         return (line != null) && line.hasOption(ARGUMENT.DISABLE_AUTOCONF);
     }
 
+    /**
+     * Returns true if the disableComposer command line argument was specified.
+     *
+     * @return true if the disableComposer command line argument was specified; otherwise false
+     */
+    public boolean isComposerDisabled() {
+        return (line != null) && line.hasOption(ARGUMENT.DISABLE_COMPOSER);
+    }
+
     /**
      * Returns true if the disableNexus command line argument was specified.
      *
@@ -751,7 +764,7 @@ public final class CliParser {
      * @return the application name.
      */
     public String getProjectName() {
-        String appName = line.getOptionValue(ARGUMENT.APP_NAME);
+        final String appName = line.getOptionValue(ARGUMENT.APP_NAME);
         String name = line.getOptionValue(ARGUMENT.PROJECT);
         if (name == null && appName != null) {
             name = appName;
@@ -1035,11 +1048,15 @@ public final class CliParser {
         public static final String PROJECT = "project";
         /**
          * The long CLI argument name specifying the name of the application to be scanned.
+         *
+         * @deprecated project should be used instead
          */
         @Deprecated
         public static final String APP_NAME = "app";
         /**
          * The short CLI argument name specifying the name of the application to be scanned.
+         *
+         * @deprecated project should be used instead
          */
         @Deprecated
         public static final String APP_NAME_SHORT = "a";
@@ -1159,6 +1176,10 @@ public final class CliParser {
          * Disables the Python Package Analyzer.
          */
         public static final String DISABLE_PY_PKG = "disablePyPkg";
+        /**
+         * Disables the Python Package Analyzer.
+         */
+        public static final String DISABLE_COMPOSER = "disableComposer";
         /**
          * Disables the Ruby Gemspec Analyzer.
          */