github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-04-30 04:04:30 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'upmaster' into openssl-source-analyzer

Browse Source 
Conflicts:
	dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzerTest.java

Former-commit-id: 6d92982227ad0ff7c4381d03eb1bf542dfe7697f
This commit is contained in:
Dale Visser
2015-07-09 16:14:54 -04:00
parent a3ad598004 b227cf890b
commit e5fdda60fc
90 changed files with 2301 additions and 13037 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
dependency-check-utils/pom.xml
View File

@@ -104,7 +104,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.9.1</version>
<version>${reporting.javadoc-plugin.version}</version>
<configuration>
<failOnError>false</failOnError>
<bottom>Copyright© 2012-15 Jeremy Long. All Rights Reserved.</bottom>
@@ -121,7 +121,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>2.1</version>
<version>${reporting.versions-plugin.version}</version>
<reportSets>
<reportSet>
<reports>
@@ -134,17 +134,17 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jxr-plugin</artifactId>
<version>2.4</version>
<version>${reporting.jxr-plugin.version}</version>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>cobertura-maven-plugin</artifactId>
<version>2.6</version>
<version>${reporting.cobertura-plugin.version}</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-report-plugin</artifactId>
<version>2.16</version>
<version>${reporting.surefire-report-plugin.version}</version>
<reportSets>
<reportSet>
<reports>
@@ -156,7 +156,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>taglist-maven-plugin</artifactId>
<version>2.4</version>
<version>${reporting.taglist-plugin.version}</version>
<configuration>
<tagListOptions>
<tagClasses>
@@ -180,7 +180,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>2.11</version>
<version>${reporting.checkstyle-plugin.version}</version>
<configuration>
<enableRulesSummary>false</enableRulesSummary>
<enableFilesSummary>false</enableFilesSummary>
@@ -193,7 +193,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<version>3.0.1</version>
<version>${reporting.pmd-plugin.version}</version>
<configuration>
<targetJdk>1.6</targetJdk>
<linkXref>true</linkXref>
@@ -212,7 +212,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>2.5.3</version>
<version>${reporting.findbugs-plugin.version}</version>
<configuration>
<onlyAnalyze>org.owasp.dependencycheck.utils.*</onlyAnalyze>
</configuration>

16
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java
View File

@@ -78,7 +78,7 @@ public final class FileUtils {
boolean success = true;
if (!org.apache.commons.io.FileUtils.deleteQuietly(file)) {
success = false;
LOGGER.info("Failed to delete file: {}; attempting to delete on exit.", file.getPath());
LOGGER.debug("Failed to delete file: {}; attempting to delete on exit.", file.getPath());
file.deleteOnExit();
}
return success;
@@ -103,16 +103,16 @@ public final class FileUtils {
}
/**
* Returns the data directory. If a path was specified in dependencycheck.properties or was specified using the
* Settings object, and the path exists, that path will be returned as a File object. If it does not exist, then a
* File object will be created based on the file location of the JAR containing the specified class.
* Returns the data directory. If a path was specified in dependencycheck.properties or was specified using the Settings
* object, and the path exists, that path will be returned as a File object. If it does not exist, then a File object will be
* created based on the file location of the JAR containing the specified class.
*
* @param configuredFilePath the configured relative or absolute path
* @param clazz the class to resolve the path
* @return a File object
* @throws IOException is thrown if the path could not be decoded
* @deprecated This method should no longer be used. See the implementation in dependency-check-cli/App.java to see
* how the data directory should be set.
* @deprecated This method should no longer be used. See the implementation in dependency-check-cli/App.java to see how the
* data directory should be set.
*/
@java.lang.Deprecated
public static File getDataDirectory(String configuredFilePath, Class clazz) throws IOException {
@@ -126,8 +126,8 @@ public final class FileUtils {
}
/**
* Retrieves the physical path to the parent directory containing the provided class. For example, if a JAR file
* contained a class org.something.clazz this method would return the parent directory of the JAR file.
* Retrieves the physical path to the parent directory containing the provided class. For example, if a JAR file contained a
* class org.something.clazz this method would return the parent directory of the JAR file.
*
* @param clazz the class to determine the parent directory of
* @return the parent directory of the file containing the specified class.

25
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
View File

@@ -130,6 +130,14 @@ public final class Settings {
* The properties key for the CVE schema version 2.0.
*/
public static final String CVE_SCHEMA_2_0 = "cve.url-2.0.base";
/**
* The properties key that indicates how often the CPE data needs to be updated.
*/
public static final String CPE_MODIFIED_VALID_FOR_DAYS = "cpe.validfordays";
/**
* The properties key for the URL to retrieve the CPE.
*/
public static final String CPE_URL = "cpe.url";
/**
* The properties key for the proxy server.
*
@@ -732,16 +740,15 @@ public final class Settings {
*
* @param connectionStringKey the property file key for the connection string
* @param dbFileNameKey the settings key for the db filename
* @param dbVersionKey the settings key for the dbVersion
* @return the connection string
* @throws IOException thrown the data directory cannot be created
* @throws InvalidSettingException thrown if there is an invalid setting
*/
public static String getConnectionString(String connectionStringKey, String dbFileNameKey, String dbVersionKey)
public static String getConnectionString(String connectionStringKey, String dbFileNameKey)
throws IOException, InvalidSettingException {
final String connStr = Settings.getString(connectionStringKey);
if (connStr == null) {
final String msg = String.format("Invalid properties file to get the connection string; '%s' must be defined.",
final String msg = String.format("Invalid properties file; data.connection_string is missing.",
connectionStringKey);
throw new InvalidSettingException(msg);
}
@@ -756,18 +763,6 @@ public final class Settings {
dbFileNameKey);
throw new InvalidSettingException(msg);
}
if (fileName.contains("%s")) {
String version = null;
if (dbVersionKey != null) {
version = Settings.getString(dbVersionKey);
}
if (version == null) {
final String msg = String.format("Invalid properties file to get a file based connection string; '%s' must be defined.",
dbFileNameKey);
throw new InvalidSettingException(msg);
}
fileName = String.format(fileName, version);
}
if (connStr.startsWith("jdbc:h2:file:") && fileName.endsWith(".h2.db")) {
fileName = fileName.substring(0, fileName.length() - 6);
}

12
dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java
View File

@@ -163,21 +163,15 @@ public class SettingsTest extends BaseTest {
*/
@Test
public void testGetConnectionString() throws Exception {
String value = Settings.getConnectionString(Settings.KEYS.DB_CONNECTION_STRING, Settings.KEYS.DB_FILE_NAME, Settings.KEYS.DB_VERSION);
String value = Settings.getConnectionString(Settings.KEYS.DB_CONNECTION_STRING, Settings.KEYS.DB_FILE_NAME);
Assert.assertNotNull(value);
String msg = null;
try {
value = Settings.getConnectionString(Settings.KEYS.DB_CONNECTION_STRING, Settings.KEYS.DB_FILE_NAME, null);
value = Settings.getConnectionString("invalidKey", null);
} catch (InvalidSettingException e) {
msg = e.getMessage();
}
Assert.assertNotNull(msg, msg);
try {
value = Settings.getConnectionString("invalidKey", null, null);
} catch (InvalidSettingException e) {
msg = e.getMessage();
}
Assert.assertNotNull(msg, msg);
Assert.assertNotNull(msg);
}
/**

2
dependency-check-utils/src/test/resources/dependencycheck.properties
View File

@@ -16,7 +16,7 @@ engine.version.url=http://jeremylong.github.io/DependencyCheck/current.txt
# will not be used. The data.directory will be resolved and if the connection string
# below contains a %s then the data.directory will replace the %s.
data.directory=[JAR]/data
data.file_name=cve.%s.h2.db
data.file_name=dc.h2.db
data.version=2.9
data.connection_string=jdbc:h2:file:%s;FILE_LOCK=SERIALIZED;AUTOCOMMIT=ON;
#data.connection_string=jdbc:h2:file:%s;AUTO_SERVER=TRUE;AUTOCOMMIT=ON;