mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-18 01:27:11 +01:00
Former-commit-id: 40e4da9fe17999748dd94ee91a1c9451576cab75
This commit is contained in:
Jeremy Long
@@ -23,7 +23,10 @@ import java.io.InputStream;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.net.URLEncoder;
|
||||
import java.text.DateFormat;
|
||||
import java.util.*;
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
import java.util.Locale;
|
||||
import java.util.Set;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.Logger;
|
||||
import org.apache.maven.artifact.Artifact;
|
||||
@@ -42,8 +45,6 @@ import org.apache.maven.reporting.MavenMultiPageReport;
|
||||
import org.apache.maven.reporting.MavenReport;
|
||||
import org.apache.maven.reporting.MavenReportException;
|
||||
import org.owasp.dependencycheck.Engine;
|
||||
import org.owasp.dependencycheck.analyzer.Analyzer;
|
||||
import org.owasp.dependencycheck.analyzer.ArchiveAnalyzer;
|
||||
import org.owasp.dependencycheck.data.nvdcve.CveDB;
|
||||
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
|
||||
import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
|
||||
@@ -227,12 +228,12 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
|
||||
@SuppressWarnings({"CanBeFinal", "FieldCanBeLocal"})
|
||||
@Parameter(property = "databasePassword", defaultValue = "", required = false)
|
||||
private String databasePassword;
|
||||
// </editor-fold>
|
||||
/**
|
||||
* File extensions to add to analysis next to jar, zip, ....
|
||||
* A comma-separated list of file extensions to add to analysis next to jar, zip, ....
|
||||
*/
|
||||
@Parameter(property = "extraExtensions", required = false)
|
||||
private String[] extraExtensions;
|
||||
@Parameter(property = "zipExtensions", required = false)
|
||||
private String zipExtensions;
|
||||
// </editor-fold>
|
||||
/**
|
||||
* Executes the Dependency-Check on the dependent libraries.
|
||||
*
|
||||
@@ -245,13 +246,6 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
|
||||
|
||||
populateSettings();
|
||||
final Engine engine = new Engine();
|
||||
|
||||
if (extraExtensions != null) {
|
||||
for (Analyzer analyzer : engine.getAnalyzers())
|
||||
if (analyzer instanceof ArchiveAnalyzer)
|
||||
((ArchiveAnalyzer)analyzer).addSupportedExtensions(new HashSet<String>(Arrays.asList(extraExtensions)));
|
||||
}
|
||||
|
||||
final Set<Artifact> artifacts = project.getArtifacts();
|
||||
for (Artifact a : artifacts) {
|
||||
if (!Artifact.SCOPE_TEST.equals(a.getScope()) && !Artifact.SCOPE_PROVIDED.equals(a.getScope()) && !Artifact.SCOPE_RUNTIME.equals(a.getScope())) {
|
||||
@@ -713,6 +707,9 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
|
||||
if (databasePassword != null && !databasePassword.isEmpty()) {
|
||||
Settings.setString(Settings.KEYS.DB_PASSWORD, databasePassword);
|
||||
}
|
||||
if (zipExtensions != null && !zipExtensions.isEmpty()) {
|
||||
Settings.setString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, zipExtensions);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -2,24 +2,24 @@ Configuration
|
||||
====================
|
||||
The following properties can be set on the dependency-check-maven plugin.
|
||||
|
||||
Property | Description | Default Value
|
||||
--------------------|------------------------------------|------------------
|
||||
autoUpdate | Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. | true
|
||||
externalReport | When using as a Site plugin this parameter sets whether or not the external report format should be used. | false
|
||||
failBuildOnCVSS | Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11 which means since the CVSS scores are 0-10, by default the build will never fail. | 11
|
||||
format | The report format to be generated (HTML, XML, VULN, ALL). This configuration option has no affect if using this within the Site plugin unless the externalReport is set to true. | HTML
|
||||
logFile | The file path to write verbose logging information. |
|
||||
suppressionFile | The file path to the XML suppression file \- used to suppress [false positives](../suppression.html) |
|
||||
connectionTimeout | The Connection Timeout. |
|
||||
proxyUrl | The Proxy URL. |
|
||||
proxyPort | The Proxy Port. |
|
||||
proxyUsername | Defines the proxy user name. |
|
||||
proxyPassword | Defines the proxy password. |
|
||||
nexusAnalyzerEnabled | The connection timeout used when downloading data files from the Internet. |
|
||||
nexusUrl | The connection timeout used when downloading data files from the Internet. |
|
||||
databaseDriverName | The name of the database driver. Example: org.h2.Driver. |
|
||||
databaseDriverPath | The path to the database driver JAR file; only used if the driver is not in the class path. |
|
||||
connectionString | The connection string used to connect to the database. |
|
||||
databaseUser | The username used when connecting to the database. |
|
||||
databasePassword | The password used when connecting to the database. |
|
||||
extraExtensions | List of extra extensions to be scanned. |
|
||||
Property | Description | Default Value
|
||||
---------------------|------------------------------------|------------------
|
||||
autoUpdate | Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. | true
|
||||
externalReport | When using as a Site plugin this parameter sets whether or not the external report format should be used. | false
|
||||
failBuildOnCVSS | Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11 which means since the CVSS scores are 0-10, by default the build will never fail. | 11
|
||||
format | The report format to be generated (HTML, XML, VULN, ALL). This configuration option has no affect if using this within the Site plugin unless the externalReport is set to true. | HTML
|
||||
logFile | The file path to write verbose logging information. |
|
||||
suppressionFile | The file path to the XML suppression file \- used to suppress [false positives](../suppression.html) |
|
||||
connectionTimeout | The Connection Timeout. |
|
||||
proxyUrl | The Proxy URL. |
|
||||
proxyPort | The Proxy Port. |
|
||||
proxyUsername | Defines the proxy user name. |
|
||||
proxyPassword | Defines the proxy password. |
|
||||
nexusAnalyzerEnabled | The connection timeout used when downloading data files from the Internet. |
|
||||
nexusUrl | The connection timeout used when downloading data files from the Internet. |
|
||||
databaseDriverName | The name of the database driver. Example: org.h2.Driver. |
|
||||
databaseDriverPath | The path to the database driver JAR file; only used if the driver is not in the class path. |
|
||||
connectionString | The connection string used to connect to the database. |
|
||||
databaseUser | The username used when connecting to the database. |
|
||||
databasePassword | The password used when connecting to the database. |
|
||||
zipExtensions | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. |
|
||||
|
||||
Reference in New Issue
Block a user