From f17f04f00a8fbbd15ba941ae94297d16921a19ec Mon Sep 17 00:00:00 2001 From: Henri Gomez Date: Fri, 14 Feb 2014 12:14:06 +0100 Subject: [PATCH 1/2] Skipped Scope parametized Former-commit-id: 562654d1679b4a6ad59fd5f93c3f1d2a75d8e32b --- .../owasp/dependencycheck/utils/Settings.java | 12 +++++++ .../maven/DependencyCheckMojo.java | 31 +++++++++++++++-- .../src/site/markdown/configuration.md | 7 ++-- .../src/site/markdown/usage.md.vm | 33 +++++++++++++++++++ 4 files changed, 79 insertions(+), 4 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java index 4fea0ae6b..ea0badc26 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -153,6 +153,18 @@ public final class Settings { * The additional configured zip file extensions, if available. */ public static final String ADDITIONAL_ZIP_EXTENSIONS = "extensions.zip"; + /** + * The properties key for whether Test Scope dependencies should be skipped. + */ + public static final String SKIP_TEST_SCOPE = "skip.test.scope"; + /** + * The properties key for whether Runtime Scope dependencies should be skipped. + */ + public static final String SKIP_RUNTIME_SCOPE = "skip.runtime.scope"; + /** + * The properties key for whether Provided Scope dependencies should be skipped. + */ + public static final String SKIP_PROVIDED_SCOPE = "skip.provide.scope"; } /** * The properties file location. diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java index 9e806b1b8..784ea9eb2 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java @@ -233,6 +233,23 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR */ @Parameter(property = "zipExtensions", required = false) private String zipExtensions; + /** + * Skip Analisys for Test Scope Dependencies + */ + @Parameter(property = "skipTestScope", defaultValue = "true", required = false) + private boolean skipTestScope = true; + /** + * Skip Analisys for Runtime Scope Dependencies + */ + @Parameter(property = "skipRuntimeScope", defaultValue = "false", required = false) + private boolean skipRuntimeScope = false; + /** + * Skip Analisys for Provided Scope Dependencies + */ + @Parameter(property = "skipProvidedScope", defaultValue = "false", required = false) + private boolean skipProvidedScope = false; + + // /** * Executes the Dependency-Check on the dependent libraries. @@ -248,9 +265,16 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR final Engine engine = new Engine(); final Set artifacts = project.getArtifacts(); for (Artifact a : artifacts) { - if (!Artifact.SCOPE_TEST.equals(a.getScope()) && !Artifact.SCOPE_PROVIDED.equals(a.getScope()) && !Artifact.SCOPE_RUNTIME.equals(a.getScope())) { + if (skipTestScope && Artifact.SCOPE_TEST.equals(a.getScope())) + continue; + + if (skipProvidedScope && Artifact.SCOPE_PROVIDED.equals(a.getScope())) + continue; + + if (skipRuntimeScope && !Artifact.SCOPE_RUNTIME.equals(a.getScope())) + continue; + engine.scan(a.getFile().getAbsolutePath()); - } } engine.analyzeDependencies(); return engine; @@ -710,6 +734,9 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR if (zipExtensions != null && !zipExtensions.isEmpty()) { Settings.setString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, zipExtensions); } + Settings.setBoolean(Settings.KEYS.SKIP_TEST_SCOPE, skipTestScope); + Settings.setBoolean(Settings.KEYS.SKIP_RUNTIME_SCOPE, skipRuntimeScope); + Settings.setBoolean(Settings.KEYS.SKIP_PROVIDED_SCOPE, skipProvidedScope); } /** diff --git a/dependency-check-maven/src/site/markdown/configuration.md b/dependency-check-maven/src/site/markdown/configuration.md index f1b753653..99427a1b7 100644 --- a/dependency-check-maven/src/site/markdown/configuration.md +++ b/dependency-check-maven/src/site/markdown/configuration.md @@ -15,11 +15,14 @@ proxyUrl | The Proxy URL. | proxyPort | The Proxy Port. | proxyUsername | Defines the proxy user name. | proxyPassword | Defines the proxy password. | -nexusAnalyzerEnabled | The connection timeout used when downloading data files from the Internet. | -nexusUrl | The connection timeout used when downloading data files from the Internet. | +nexusAnalyzerEnabled | Sets whether Nexus Analyzer will be used. | +nexusUrl | Defines the Nexus URL. | databaseDriverName | The name of the database driver. Example: org.h2.Driver. | databaseDriverPath | The path to the database driver JAR file; only used if the driver is not in the class path. | connectionString | The connection string used to connect to the database. | databaseUser | The username used when connecting to the database. | databasePassword | The password used when connecting to the database. | zipExtensions | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. | +skipTestScope | Should be skip analysis for artifacts with Test Scope (default: true) | +skipProvidedScope | Should be skip analysis for artifacts with Provided Scope (default: false) | +skipRuntimeScope | Should be skip analysis for artifacts with Runtime Scope (default: false) | diff --git a/dependency-check-maven/src/site/markdown/usage.md.vm b/dependency-check-maven/src/site/markdown/usage.md.vm index 03ee81e6d..dc1ffc1b0 100644 --- a/dependency-check-maven/src/site/markdown/usage.md.vm +++ b/dependency-check-maven/src/site/markdown/usage.md.vm @@ -103,3 +103,36 @@ Create the dependency-check report within the site ... ``` +Example 4: +--------------------- +Create the DependencyCheck-report.html and skip artifacts no bundled in distribution (Provided and Runtime scope) + +```xml + + + + ... + + org.owasp + dependency-check-maven + ${project.version} + + true + true + + + + + check + + + + + ... + + ... + + ... + +``` + From 9387b09a19f04d24f4e2b08f62d0f90cdd8f517a Mon Sep 17 00:00:00 2001 From: Henri Gomez Date: Fri, 14 Feb 2014 12:16:17 +0100 Subject: [PATCH 2/2] tipo Former-commit-id: 995ba8bbdbab4f05148d9460f406837fd6218024 --- .../src/main/java/org/owasp/dependencycheck/utils/Settings.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java index ea0badc26..0a54a5ed9 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -164,7 +164,7 @@ public final class Settings { /** * The properties key for whether Provided Scope dependencies should be skipped. */ - public static final String SKIP_PROVIDED_SCOPE = "skip.provide.scope"; + public static final String SKIP_PROVIDED_SCOPE = "skip.provided.scope"; } /** * The properties file location.