fixes for issue #63 and issue #65

Former-commit-id: 40e4da9fe17999748dd94ee91a1c9451576cab75

dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java

@@ -21,14 +21,10 @@ import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
-import java.util.Arrays;
-import java.util.HashSet;
 import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import org.apache.commons.cli.ParseException;
-import org.owasp.dependencycheck.analyzer.Analyzer;
-import org.owasp.dependencycheck.analyzer.ArchiveAnalyzer;
 import org.owasp.dependencycheck.cli.CliParser;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
@@ -87,7 +83,7 @@ public class App {
             cli.printVersionInfo();
         } else if (cli.isRunScan()) {
             updateSettings(cli);
-            runScan(cli.getReportDirectory(), cli.getReportFormat(), cli.getApplicationName(), cli.getScanFiles(), cli.getExtraExtensions());
+            runScan(cli.getReportDirectory(), cli.getReportFormat(), cli.getApplicationName(), cli.getScanFiles(), cli.getAdditionalZipExtensions());
         } else {
             cli.printHelp();
         }
@@ -104,11 +100,6 @@ public class App {
     private void runScan(String reportDirectory, String outputFormat, String applicationName, String[] files, String extraExtensions) {
         final Engine scanner = new Engine();
 
-        if (extraExtensions != null && ! extraExtensions.isEmpty())
-            for (Analyzer analyzer : scanner.getAnalyzers())
-                if (analyzer instanceof ArchiveAnalyzer)
-                    ((ArchiveAnalyzer)analyzer).addSupportedExtensions(new HashSet<String>(Arrays.asList(extraExtensions.split("\\s*,\\s*"))));
-
         for (String file : files) {
             scanner.scan(file);
         }
@@ -164,7 +155,7 @@ public class App {
         final String connectionString = cli.getConnectionString();
         final String databaseUser = cli.getDatabaseUser();
         final String databasePassword = cli.getDatabasePassword();
-        final String extraExtensions = cli.getExtraExtensions();
+        final String additionalZipExtensions = cli.getAdditionalZipExtensions();
 
         if (propertiesFile != null) {
             try {
@@ -230,8 +221,8 @@ public class App {
         if (databasePassword != null && !databasePassword.isEmpty()) {
             Settings.setString(Settings.KEYS.DB_PASSWORD, databasePassword);
         }
-        if (extraExtensions!= null && !extraExtensions.isEmpty()) {
-            Settings.setString(Settings.KEYS.EXTRA_EXTENSIONS, extraExtensions);
+        if (additionalZipExtensions != null && !additionalZipExtensions.isEmpty()) {
+            Settings.setString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, additionalZipExtensions);
         }
     }
 }

dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java

@@ -204,8 +204,10 @@ public final class CliParser {
                 .withDescription("The url to the Nexus Server.")
                 .create();
 
-        final Option extraExtensions = OptionBuilder.withArgName("extraExtensions").hasArg().withLongOpt(ArgumentName.EXTRA_EXTENSIONS)
-                .withDescription("List of extra extensions to be scanned")
+        final Option additionalZipExtensions = OptionBuilder.withArgName("extensions").hasArg()
+                .withLongOpt(ArgumentName.ADDITIONAL_ZIP_EXTENSIONS)
+                .withDescription("A comma seperated list of additional extensions to be scanned as ZIP files "
+                        + "(ZIP, EAR, WAR are already treated as zip files)")
                 .create();
 
         //This is an option group because it can be specified more then once.
@@ -225,7 +227,7 @@ public final class CliParser {
                 .addOption(suppressionFile)
                 .addOption(disableNexusAnalyzer)
                 .addOption(nexusUrl)
-                .addOption(extraExtensions);
+                .addOption(additionalZipExtensions);
     }
 
     /**
@@ -554,12 +556,12 @@ public final class CliParser {
     }
 
     /**
-     * Returns the extra Extensions if specified; otherwise null is returned.
+     * Returns the additional Extensions if specified; otherwise null is returned.
      *
-     * @return the extra Extensions; otherwise null is returned
+     * @return the additional Extensions; otherwise null is returned
      */
-    public String getExtraExtensions() {
-        return line.getOptionValue(ArgumentName.EXTRA_EXTENSIONS);
+    public String getAdditionalZipExtensions() {
+        return line.getOptionValue(ArgumentName.ADDITIONAL_ZIP_EXTENSIONS);
     }
 
     /**
@@ -718,6 +720,6 @@ public final class CliParser {
         /**
          * The CLI argument name for setting extra extensions.
          */
-        public static final String EXTRA_EXTENSIONS = "extraExtension";
+        public static final String ADDITIONAL_ZIP_EXTENSIONS = "zipExtensions";
     }
 }

dependency-check-cli/src/site/markdown/arguments.md

@@ -28,4 +28,4 @@ Short  | Argument Name         | Parameter   | Description | Requirement
        | \-\-dbUser            | \<user\>    | The username used to connect to the database. | Optional
        | \-\-disableNexus      |             | Disable the Nexus Analyzer. | Optional
        | \-\-nexus             | \<url\>     | The url to the Nexus Server. | Optional
-       | \-\-extraExtensions   | \<strings\> | List of extensions to be scanned, comma separated. | Optional
+       | \-\-zipExtensions     | \<strings\> | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. | Optional