diff --git a/dependency-check-ant/NOTICE.txt b/dependency-check-ant/NOTICE.txt
index 88093e021..01bb3831d 100644
--- a/dependency-check-ant/NOTICE.txt
+++ b/dependency-check-ant/NOTICE.txt
@@ -1,9 +1,6 @@
------------------------------
----begin dependency-check----
------------------------------
-dependency-check
+OWASP dependency-check
-Copyright (c) 2012-2013 Jeremy Long. All Rights Reserved.
+Copyright (c) 2012-2015 Jeremy Long. All Rights Reserved.
The licenses for the software listed below can be found in the META-INF/licenses/[dependency name].
@@ -19,11 +16,3 @@ An original copy of the license agreement can be found at: http://www.h2database
This product includes data from the Common Weakness Enumeration (CWE): http://cwe.mitre.org/
This product downloads and utilizes data from the National Vulnerability Database hosted by NIST: http://nvd.nist.gov/download.cfm
-
------------------------------
----end dependency-check------
------------------------------
-
-Notices below are from dependent libraries and have been included via maven-shade-plugin.
-
------------------------------
\ No newline at end of file
diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index 57ccb527b..2f3eade42 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -192,28 +192,38 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
org.apache.maven.plugins
- maven-shade-plugin
- 2.4.1
+ maven-compiler-plugin
+
+
+ org.apache.maven.plugins
+ maven-jar-plugin
-
-
-
- META-INF/NOTICE.txt
-
-
- META-INF/NOTICE
-
-
- META-INF/LICENSE
-
-
+
+
+ true
+ lib/
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-assembly-plugin
+
+ false
+ create-distribution
package
- shade
+ single
+
+
+ src/main/assembly/release.xml
+
+
@@ -221,9 +231,6 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
org.codehaus.mojo
cobertura-maven-plugin
-
85
85
diff --git a/dependency-check-ant/src/main/assembly/release.xml b/dependency-check-ant/src/main/assembly/release.xml
index 519d9947a..f154353e3 100644
--- a/dependency-check-ant/src/main/assembly/release.xml
+++ b/dependency-check-ant/src/main/assembly/release.xml
@@ -14,7 +14,7 @@
false
- /
+ dependency-check
${project.build.directory}
dependency-check*.jar
@@ -23,7 +23,7 @@
- /lib
+ dependency-check/lib
runtime
diff --git a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java
similarity index 63%
rename from dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java
rename to dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java
index 71fa3cb16..dc08572cc 100644
--- a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java
+++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java
@@ -19,11 +19,9 @@ package org.owasp.dependencycheck.taskdefs;
import java.io.File;
import java.io.IOException;
-import java.io.InputStream;
import java.util.List;
import org.apache.tools.ant.BuildException;
import org.apache.tools.ant.Project;
-import org.apache.tools.ant.Task;
import org.apache.tools.ant.types.EnumeratedAttribute;
import org.apache.tools.ant.types.Reference;
import org.apache.tools.ant.types.Resource;
@@ -47,12 +45,8 @@ import org.slf4j.impl.StaticLoggerBinder;
*
* @author Jeremy Long
*/
-public class DependencyCheckTask extends Task {
+public class Check extends Update {
- /**
- * The properties file location.
- */
- private static final String PROPERTIES_FILE = "task.properties";
/**
* System specific new line character.
*/
@@ -61,7 +55,7 @@ public class DependencyCheckTask extends Task {
/**
* Construct a new DependencyCheckTask.
*/
- public DependencyCheckTask() {
+ public Check() {
super();
// Call this before Dependency Check Core starts logging anything - this way, all SLF4J messages from
// core end up coming through this tasks logger
@@ -168,7 +162,7 @@ public class DependencyCheckTask extends Task {
this.applicationName = applicationName;
}
- private String projectName = "Dependency-Check";
+ private String projectName = "dependency-check";
/**
* Get the value of projectName.
@@ -178,7 +172,7 @@ public class DependencyCheckTask extends Task {
public String getProjectName() {
if (applicationName != null) {
log("Configuration 'applicationName' has been deprecated, please use 'projectName' instead", Project.MSG_WARN);
- if ("Dependency-Check".equals(projectName)) {
+ if ("dependency-check".equals(projectName)) {
projectName = applicationName;
}
}
@@ -194,28 +188,6 @@ public class DependencyCheckTask extends Task {
this.projectName = projectName;
}
- /**
- * The location of the data directory that contains
- */
- private String dataDirectory = null;
-
- /**
- * Get the value of dataDirectory.
- *
- * @return the value of dataDirectory
- */
- public String getDataDirectory() {
- return dataDirectory;
- }
-
- /**
- * Set the value of dataDirectory.
- *
- * @param dataDirectory new value of dataDirectory
- */
- public void setDataDirectory(String dataDirectory) {
- this.dataDirectory = dataDirectory;
- }
/**
* Specifies the destination directory for the generated Dependency-Check report.
*/
@@ -330,139 +302,6 @@ public class DependencyCheckTask extends Task {
public void setReportFormat(ReportFormats reportFormat) {
this.reportFormat = reportFormat.getValue();
}
- /**
- * The Proxy Server.
- */
- private String proxyServer;
-
- /**
- * Get the value of proxyServer.
- *
- * @return the value of proxyServer
- */
- public String getProxyServer() {
- return proxyServer;
- }
-
- /**
- * Set the value of proxyServer.
- *
- * @param server new value of proxyServer
- */
- public void setProxyServer(String server) {
- this.proxyServer = server;
- }
-
- /**
- * Get the value of proxyServer.
- *
- * @return the value of proxyServer
- * @deprecated use {@link org.owasp.dependencycheck.taskdefs.DependencyCheckTask#getProxyServer()} instead
- */
- @Deprecated
- public String getProxyUrl() {
- return proxyServer;
- }
-
- /**
- * Set the value of proxyServer.
- *
- * @param proxyUrl new value of proxyServer
- * @deprecated use {@link org.owasp.dependencycheck.taskdefs.DependencyCheckTask#setProxyServer(java.lang.String)} instead
- */
- @Deprecated
- public void setProxyUrl(String proxyUrl) {
- log("A deprecated configuration option 'proxyUrl' was detected; use 'proxyServer' instead.", Project.MSG_WARN);
- this.proxyServer = proxyUrl;
- }
- /**
- * The Proxy Port.
- */
- private String proxyPort;
-
- /**
- * Get the value of proxyPort.
- *
- * @return the value of proxyPort
- */
- public String getProxyPort() {
- return proxyPort;
- }
-
- /**
- * Set the value of proxyPort.
- *
- * @param proxyPort new value of proxyPort
- */
- public void setProxyPort(String proxyPort) {
- this.proxyPort = proxyPort;
- }
- /**
- * The Proxy username.
- */
- private String proxyUsername;
-
- /**
- * Get the value of proxyUsername.
- *
- * @return the value of proxyUsername
- */
- public String getProxyUsername() {
- return proxyUsername;
- }
-
- /**
- * Set the value of proxyUsername.
- *
- * @param proxyUsername new value of proxyUsername
- */
- public void setProxyUsername(String proxyUsername) {
- this.proxyUsername = proxyUsername;
- }
- /**
- * The Proxy password.
- */
- private String proxyPassword;
-
- /**
- * Get the value of proxyPassword.
- *
- * @return the value of proxyPassword
- */
- public String getProxyPassword() {
- return proxyPassword;
- }
-
- /**
- * Set the value of proxyPassword.
- *
- * @param proxyPassword new value of proxyPassword
- */
- public void setProxyPassword(String proxyPassword) {
- this.proxyPassword = proxyPassword;
- }
- /**
- * The Connection Timeout.
- */
- private String connectionTimeout;
-
- /**
- * Get the value of connectionTimeout.
- *
- * @return the value of connectionTimeout
- */
- public String getConnectionTimeout() {
- return connectionTimeout;
- }
-
- /**
- * Set the value of connectionTimeout.
- *
- * @param connectionTimeout new value of connectionTimeout
- */
- public void setConnectionTimeout(String connectionTimeout) {
- this.connectionTimeout = connectionTimeout;
- }
/**
* The path to the suppression file.
*/
@@ -508,6 +347,20 @@ public class DependencyCheckTask extends Task {
this.showSummary = showSummary;
}
+ /**
+ * Whether or not the Jar Analyzer is enabled.
+ */
+ private boolean jarAnalyzerEnabled = true;
+
+ /**
+ * Returns whether or not the analyzer is enabled.
+ *
+ * @return true if the analyzer is enabled
+ */
+ public boolean isJarAnalyzerEnabled() {
+ return jarAnalyzerEnabled;
+ }
+
/**
* Sets whether or not the analyzer is enabled.
*
@@ -605,29 +458,6 @@ public class DependencyCheckTask extends Task {
this.centralAnalyzerEnabled = centralAnalyzerEnabled;
}
- /**
- * Whether or not the local copy of the NVD should be purged.
- */
- private boolean purge = false;
-
- /**
- * Used to determine if the local copy of the NVD should be purged.
- *
- * @return true if the local copy of the NVD should be purged
- */
- public boolean isPurge() {
- return purge;
- }
-
- /**
- * Set whether or not the local copy of the NVD should be purged.
- *
- * @param purge setting to true will cause the local copy of the NVD to be deleted.
- */
- public void setPurge(boolean purge) {
- this.purge = purge;
- }
-
/**
* Whether or not the nexus analyzer is enabled.
*/
@@ -696,119 +526,6 @@ public class DependencyCheckTask extends Task {
this.nexusUsesProxy = nexusUsesProxy;
}
- /**
- * The database driver name; such as org.h2.Driver.
- */
- private String databaseDriverName;
-
- /**
- * Get the value of databaseDriverName.
- *
- * @return the value of databaseDriverName
- */
- public String getDatabaseDriverName() {
- return databaseDriverName;
- }
-
- /**
- * Set the value of databaseDriverName.
- *
- * @param databaseDriverName new value of databaseDriverName
- */
- public void setDatabaseDriverName(String databaseDriverName) {
- this.databaseDriverName = databaseDriverName;
- }
-
- /**
- * The path to the database driver JAR file if it is not on the class path.
- */
- private String databaseDriverPath;
-
- /**
- * Get the value of databaseDriverPath.
- *
- * @return the value of databaseDriverPath
- */
- public String getDatabaseDriverPath() {
- return databaseDriverPath;
- }
-
- /**
- * Set the value of databaseDriverPath.
- *
- * @param databaseDriverPath new value of databaseDriverPath
- */
- public void setDatabaseDriverPath(String databaseDriverPath) {
- this.databaseDriverPath = databaseDriverPath;
- }
- /**
- * The database connection string.
- */
- private String connectionString;
-
- /**
- * Get the value of connectionString.
- *
- * @return the value of connectionString
- */
- public String getConnectionString() {
- return connectionString;
- }
-
- /**
- * Set the value of connectionString.
- *
- * @param connectionString new value of connectionString
- */
- public void setConnectionString(String connectionString) {
- this.connectionString = connectionString;
- }
- /**
- * The user name for connecting to the database.
- */
- private String databaseUser;
-
- /**
- * Get the value of databaseUser.
- *
- * @return the value of databaseUser
- */
- public String getDatabaseUser() {
- return databaseUser;
- }
-
- /**
- * Set the value of databaseUser.
- *
- * @param databaseUser new value of databaseUser
- */
- public void setDatabaseUser(String databaseUser) {
- this.databaseUser = databaseUser;
- }
-
- /**
- * The password to use when connecting to the database.
- */
- private String databasePassword;
-
- /**
- * Get the value of databasePassword.
- *
- * @return the value of databasePassword
- */
- public String getDatabasePassword() {
- return databasePassword;
- }
-
- /**
- * Set the value of databasePassword.
- *
- * @param databasePassword new value of databasePassword
- */
- public void setDatabasePassword(String databasePassword) {
- this.databasePassword = databasePassword;
- }
-
/**
* Additional ZIP File extensions to add analyze. This should be a comma-separated list of file extensions to treat like ZIP
* files.
@@ -833,97 +550,6 @@ public class DependencyCheckTask extends Task {
this.zipExtensions = zipExtensions;
}
- /**
- * The url for the modified NVD CVE (1.2 schema).
- */
- private String cveUrl12Modified;
-
- /**
- * Get the value of cveUrl12Modified.
- *
- * @return the value of cveUrl12Modified
- */
- public String getCveUrl12Modified() {
- return cveUrl12Modified;
- }
-
- /**
- * Set the value of cveUrl12Modified.
- *
- * @param cveUrl12Modified new value of cveUrl12Modified
- */
- public void setCveUrl12Modified(String cveUrl12Modified) {
- this.cveUrl12Modified = cveUrl12Modified;
- }
-
- /**
- * The url for the modified NVD CVE (2.0 schema).
- */
- private String cveUrl20Modified;
-
- /**
- * Get the value of cveUrl20Modified.
- *
- * @return the value of cveUrl20Modified
- */
- public String getCveUrl20Modified() {
- return cveUrl20Modified;
- }
-
- /**
- * Set the value of cveUrl20Modified.
- *
- * @param cveUrl20Modified new value of cveUrl20Modified
- */
- public void setCveUrl20Modified(String cveUrl20Modified) {
- this.cveUrl20Modified = cveUrl20Modified;
- }
-
- /**
- * Base Data Mirror URL for CVE 1.2.
- */
- private String cveUrl12Base;
-
- /**
- * Get the value of cveUrl12Base.
- *
- * @return the value of cveUrl12Base
- */
- public String getCveUrl12Base() {
- return cveUrl12Base;
- }
-
- /**
- * Set the value of cveUrl12Base.
- *
- * @param cveUrl12Base new value of cveUrl12Base
- */
- public void setCveUrl12Base(String cveUrl12Base) {
- this.cveUrl12Base = cveUrl12Base;
- }
-
- /**
- * Data Mirror URL for CVE 2.0.
- */
- private String cveUrl20Base;
-
- /**
- * Get the value of cveUrl20Base.
- *
- * @return the value of cveUrl20Base
- */
- public String getCveUrl20Base() {
- return cveUrl20Base;
- }
-
- /**
- * Set the value of cveUrl20Base.
- *
- * @param cveUrl20Base new value of cveUrl20Base
- */
- public void setCveUrl20Base(String cveUrl20Base) {
- this.cveUrl20Base = cveUrl20Base;
- }
/**
* The path to Mono for .NET assembly analysis on non-windows systems.
*/
@@ -952,28 +578,11 @@ public class DependencyCheckTask extends Task {
dealWithReferences();
validateConfiguration();
populateSettings();
- if (purge) {
- File db;
- try {
- db = new File(Settings.getDataDirectory(), "dc.h2.db");
- if (db.exists()) {
- if (db.delete()) {
- log("Database file purged; local copy of the NVD has been removed", Project.MSG_INFO);
- } else {
- log(String.format("Unable to delete '%s'; please delete the file manually", db.getAbsolutePath()), Project.MSG_ERR);
- }
- } else {
- log(String.format("Unable to purge database; the database file does not exists: %s", db.getAbsolutePath()), Project.MSG_ERR);
- }
- } catch (IOException ex) {
- log("Unable to delete the database", Project.MSG_ERR);
- }
- }
Engine engine = null;
try {
- engine = new Engine(DependencyCheckTask.class.getClassLoader());
- //todo - should this be its own task?
- if (updateOnly) {
+ engine = new Engine(Check.class.getClassLoader());
+ if (isUpdateOnly()) {
+ log("Deprecated 'UpdateOnly' property set; please use the UpdateTask instead", Project.MSG_WARN);
engine.doUpdates();
} else {
try {
@@ -1046,50 +655,11 @@ public class DependencyCheckTask extends Task {
* Takes the properties supplied and updates the dependency-check settings. Additionally, this sets the system properties
* required to change the proxy server, port, and connection timeout.
*/
- private void populateSettings() {
- Settings.initialize();
- InputStream taskProperties = null;
- try {
- taskProperties = this.getClass().getClassLoader().getResourceAsStream(PROPERTIES_FILE);
- Settings.mergeProperties(taskProperties);
- } catch (IOException ex) {
- log("Unable to load the dependency-check ant task.properties file.", ex, Project.MSG_WARN);
- } finally {
- if (taskProperties != null) {
- try {
- taskProperties.close();
- } catch (IOException ex) {
- log("", ex, Project.MSG_DEBUG);
- }
- }
- }
- if (dataDirectory != null) {
- Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDirectory);
- } else {
- final File jarPath = new File(DependencyCheckTask.class.getProtectionDomain().getCodeSource().getLocation().getPath());
- final File base = jarPath.getParentFile();
- final String sub = Settings.getString(Settings.KEYS.DATA_DIRECTORY);
- final File dataDir = new File(base, sub);
- Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath());
- }
-
+ @Override
+ protected void populateSettings() {
+ super.populateSettings();
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
- if (proxyServer != null && !proxyServer.isEmpty()) {
- Settings.setString(Settings.KEYS.PROXY_SERVER, proxyServer);
- }
- if (proxyPort != null && !proxyPort.isEmpty()) {
- Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort);
- }
- if (proxyUsername != null && !proxyUsername.isEmpty()) {
- Settings.setString(Settings.KEYS.PROXY_USERNAME, proxyUsername);
- }
- if (proxyPassword != null && !proxyPassword.isEmpty()) {
- Settings.setString(Settings.KEYS.PROXY_PASSWORD, proxyPassword);
- }
- if (connectionTimeout != null && !connectionTimeout.isEmpty()) {
- Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout);
- }
if (suppressionFile != null && !suppressionFile.isEmpty()) {
Settings.setString(Settings.KEYS.SUPPRESSION_FILE, suppressionFile);
}
@@ -1117,34 +687,6 @@ public class DependencyCheckTask extends Task {
if (pathToMono != null && !pathToMono.isEmpty()) {
Settings.setString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, pathToMono);
}
-
- if (databaseDriverName != null && !databaseDriverName.isEmpty()) {
- Settings.setString(Settings.KEYS.DB_DRIVER_NAME, databaseDriverName);
- }
- if (databaseDriverPath != null && !databaseDriverPath.isEmpty()) {
- Settings.setString(Settings.KEYS.DB_DRIVER_PATH, databaseDriverPath);
- }
- if (connectionString != null && !connectionString.isEmpty()) {
- Settings.setString(Settings.KEYS.DB_CONNECTION_STRING, connectionString);
- }
- if (databaseUser != null && !databaseUser.isEmpty()) {
- Settings.setString(Settings.KEYS.DB_USER, databaseUser);
- }
- if (databasePassword != null && !databasePassword.isEmpty()) {
- Settings.setString(Settings.KEYS.DB_PASSWORD, databasePassword);
- }
- if (cveUrl12Modified != null && !cveUrl12Modified.isEmpty()) {
- Settings.setString(Settings.KEYS.CVE_MODIFIED_12_URL, cveUrl12Modified);
- }
- if (cveUrl20Modified != null && !cveUrl20Modified.isEmpty()) {
- Settings.setString(Settings.KEYS.CVE_MODIFIED_20_URL, cveUrl20Modified);
- }
- if (cveUrl12Base != null && !cveUrl12Base.isEmpty()) {
- Settings.setString(Settings.KEYS.CVE_SCHEMA_1_2, cveUrl12Base);
- }
- if (cveUrl20Base != null && !cveUrl20Base.isEmpty()) {
- Settings.setString(Settings.KEYS.CVE_SCHEMA_2_0, cveUrl20Base);
- }
}
/**
@@ -1236,18 +778,4 @@ public class DependencyCheckTask extends Task {
return values;
}
}
-
- /**
- * Whether or not the Jar Analyzer is enabled.
- */
- private boolean jarAnalyzerEnabled = true;
-
- /**
- * Returns whether or not the analyzer is enabled.
- *
- * @return true if the analyzer is enabled
- */
- public boolean isJarAnalyzerEnabled() {
- return jarAnalyzerEnabled;
- }
}
diff --git a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java
new file mode 100644
index 000000000..ce28b0645
--- /dev/null
+++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java
@@ -0,0 +1,127 @@
+/*
+ * This file is part of dependency-check-ant.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2015 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.taskdefs;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import org.apache.tools.ant.BuildException;
+import org.apache.tools.ant.Project;
+import org.apache.tools.ant.Task;
+import org.owasp.dependencycheck.utils.Settings;
+import org.slf4j.impl.StaticLoggerBinder;
+
+/**
+ * An Ant task definition to execute dependency-check during an Ant build.
+ *
+ * @author Jeremy Long
+ */
+public class Purge extends Task {
+
+ /**
+ * The properties file location.
+ */
+ private static final String PROPERTIES_FILE = "task.properties";
+
+ /**
+ * Construct a new DependencyCheckTask.
+ */
+ public Purge() {
+ super();
+ // Call this before Dependency Check Core starts logging anything - this way, all SLF4J messages from
+ // core end up coming through this tasks logger
+ StaticLoggerBinder.getSingleton().setTask(this);
+ }
+
+ /**
+ * The location of the data directory that contains
+ */
+ private String dataDirectory = null;
+
+ /**
+ * Get the value of dataDirectory.
+ *
+ * @return the value of dataDirectory
+ */
+ public String getDataDirectory() {
+ return dataDirectory;
+ }
+
+ /**
+ * Set the value of dataDirectory.
+ *
+ * @param dataDirectory new value of dataDirectory
+ */
+ public void setDataDirectory(String dataDirectory) {
+ this.dataDirectory = dataDirectory;
+ }
+
+ @Override
+ public void execute() throws BuildException {
+ populateSettings();
+ File db;
+ try {
+ db = new File(Settings.getDataDirectory(), "dc.h2.db");
+ if (db.exists()) {
+ if (db.delete()) {
+ log("Database file purged; local copy of the NVD has been removed", Project.MSG_INFO);
+ } else {
+ log(String.format("Unable to delete '%s'; please delete the file manually", db.getAbsolutePath()), Project.MSG_ERR);
+ }
+ } else {
+ log(String.format("Unable to purge database; the database file does not exists: %s", db.getAbsolutePath()), Project.MSG_ERR);
+ }
+ } catch (IOException ex) {
+ log("Unable to delete the database", Project.MSG_ERR);
+ } finally {
+ Settings.cleanup(true);
+ }
+ }
+
+ /**
+ * Takes the properties supplied and updates the dependency-check settings. Additionally, this sets the system properties
+ * required to change the proxy server, port, and connection timeout.
+ */
+ protected void populateSettings() {
+ Settings.initialize();
+ InputStream taskProperties = null;
+ try {
+ taskProperties = this.getClass().getClassLoader().getResourceAsStream(PROPERTIES_FILE);
+ Settings.mergeProperties(taskProperties);
+ } catch (IOException ex) {
+ log("Unable to load the dependency-check ant task.properties file.", ex, Project.MSG_WARN);
+ } finally {
+ if (taskProperties != null) {
+ try {
+ taskProperties.close();
+ } catch (IOException ex) {
+ log("", ex, Project.MSG_DEBUG);
+ }
+ }
+ }
+ if (dataDirectory != null) {
+ Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDirectory);
+ } else {
+ final File jarPath = new File(Purge.class.getProtectionDomain().getCodeSource().getLocation().getPath());
+ final File base = jarPath.getParentFile();
+ final String sub = Settings.getString(Settings.KEYS.DATA_DIRECTORY);
+ final File dataDir = new File(base, sub);
+ Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath());
+ }
+ }
+}
diff --git a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Update.java b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Update.java
new file mode 100644
index 000000000..101685686
--- /dev/null
+++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Update.java
@@ -0,0 +1,434 @@
+/*
+ * This file is part of dependency-check-ant.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2015 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.taskdefs;
+
+import org.apache.tools.ant.BuildException;
+import org.apache.tools.ant.Project;
+import org.owasp.dependencycheck.Engine;
+import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
+import org.owasp.dependencycheck.utils.Settings;
+import org.slf4j.impl.StaticLoggerBinder;
+
+/**
+ * An Ant task definition to execute dependency-check update. This will download the latest data from the National Vulnerability
+ * Database (NVD) and store a copy in the local database.
+ *
+ * @author Jeremy Long
+ */
+public class Update extends Purge {
+
+ /**
+ * Construct a new UpdateTask.
+ */
+ public Update() {
+ super();
+ // Call this before Dependency Check Core starts logging anything - this way, all SLF4J messages from
+ // core end up coming through this tasks logger
+ StaticLoggerBinder.getSingleton().setTask(this);
+ }
+
+ /**
+ * The Proxy Server.
+ */
+ private String proxyServer;
+
+ /**
+ * Get the value of proxyServer.
+ *
+ * @return the value of proxyServer
+ */
+ public String getProxyServer() {
+ return proxyServer;
+ }
+
+ /**
+ * Set the value of proxyServer.
+ *
+ * @param server new value of proxyServer
+ */
+ public void setProxyServer(String server) {
+ this.proxyServer = server;
+ }
+
+ /**
+ * The Proxy Port.
+ */
+ private String proxyPort;
+
+ /**
+ * Get the value of proxyPort.
+ *
+ * @return the value of proxyPort
+ */
+ public String getProxyPort() {
+ return proxyPort;
+ }
+
+ /**
+ * Set the value of proxyPort.
+ *
+ * @param proxyPort new value of proxyPort
+ */
+ public void setProxyPort(String proxyPort) {
+ this.proxyPort = proxyPort;
+ }
+ /**
+ * The Proxy username.
+ */
+ private String proxyUsername;
+
+ /**
+ * Get the value of proxyUsername.
+ *
+ * @return the value of proxyUsername
+ */
+ public String getProxyUsername() {
+ return proxyUsername;
+ }
+
+ /**
+ * Set the value of proxyUsername.
+ *
+ * @param proxyUsername new value of proxyUsername
+ */
+ public void setProxyUsername(String proxyUsername) {
+ this.proxyUsername = proxyUsername;
+ }
+ /**
+ * The Proxy password.
+ */
+ private String proxyPassword;
+
+ /**
+ * Get the value of proxyPassword.
+ *
+ * @return the value of proxyPassword
+ */
+ public String getProxyPassword() {
+ return proxyPassword;
+ }
+
+ /**
+ * Set the value of proxyPassword.
+ *
+ * @param proxyPassword new value of proxyPassword
+ */
+ public void setProxyPassword(String proxyPassword) {
+ this.proxyPassword = proxyPassword;
+ }
+ /**
+ * The Connection Timeout.
+ */
+ private String connectionTimeout;
+
+ /**
+ * Get the value of connectionTimeout.
+ *
+ * @return the value of connectionTimeout
+ */
+ public String getConnectionTimeout() {
+ return connectionTimeout;
+ }
+
+ /**
+ * Set the value of connectionTimeout.
+ *
+ * @param connectionTimeout new value of connectionTimeout
+ */
+ public void setConnectionTimeout(String connectionTimeout) {
+ this.connectionTimeout = connectionTimeout;
+ }
+ /**
+ * The database driver name; such as org.h2.Driver.
+ */
+ private String databaseDriverName;
+
+ /**
+ * Get the value of databaseDriverName.
+ *
+ * @return the value of databaseDriverName
+ */
+ public String getDatabaseDriverName() {
+ return databaseDriverName;
+ }
+
+ /**
+ * Set the value of databaseDriverName.
+ *
+ * @param databaseDriverName new value of databaseDriverName
+ */
+ public void setDatabaseDriverName(String databaseDriverName) {
+ this.databaseDriverName = databaseDriverName;
+ }
+
+ /**
+ * The path to the database driver JAR file if it is not on the class path.
+ */
+ private String databaseDriverPath;
+
+ /**
+ * Get the value of databaseDriverPath.
+ *
+ * @return the value of databaseDriverPath
+ */
+ public String getDatabaseDriverPath() {
+ return databaseDriverPath;
+ }
+
+ /**
+ * Set the value of databaseDriverPath.
+ *
+ * @param databaseDriverPath new value of databaseDriverPath
+ */
+ public void setDatabaseDriverPath(String databaseDriverPath) {
+ this.databaseDriverPath = databaseDriverPath;
+ }
+ /**
+ * The database connection string.
+ */
+ private String connectionString;
+
+ /**
+ * Get the value of connectionString.
+ *
+ * @return the value of connectionString
+ */
+ public String getConnectionString() {
+ return connectionString;
+ }
+
+ /**
+ * Set the value of connectionString.
+ *
+ * @param connectionString new value of connectionString
+ */
+ public void setConnectionString(String connectionString) {
+ this.connectionString = connectionString;
+ }
+ /**
+ * The user name for connecting to the database.
+ */
+ private String databaseUser;
+
+ /**
+ * Get the value of databaseUser.
+ *
+ * @return the value of databaseUser
+ */
+ public String getDatabaseUser() {
+ return databaseUser;
+ }
+
+ /**
+ * Set the value of databaseUser.
+ *
+ * @param databaseUser new value of databaseUser
+ */
+ public void setDatabaseUser(String databaseUser) {
+ this.databaseUser = databaseUser;
+ }
+
+ /**
+ * The password to use when connecting to the database.
+ */
+ private String databasePassword;
+
+ /**
+ * Get the value of databasePassword.
+ *
+ * @return the value of databasePassword
+ */
+ public String getDatabasePassword() {
+ return databasePassword;
+ }
+
+ /**
+ * Set the value of databasePassword.
+ *
+ * @param databasePassword new value of databasePassword
+ */
+ public void setDatabasePassword(String databasePassword) {
+ this.databasePassword = databasePassword;
+ }
+
+ /**
+ * The url for the modified NVD CVE (1.2 schema).
+ */
+ private String cveUrl12Modified;
+
+ /**
+ * Get the value of cveUrl12Modified.
+ *
+ * @return the value of cveUrl12Modified
+ */
+ public String getCveUrl12Modified() {
+ return cveUrl12Modified;
+ }
+
+ /**
+ * Set the value of cveUrl12Modified.
+ *
+ * @param cveUrl12Modified new value of cveUrl12Modified
+ */
+ public void setCveUrl12Modified(String cveUrl12Modified) {
+ this.cveUrl12Modified = cveUrl12Modified;
+ }
+
+ /**
+ * The url for the modified NVD CVE (2.0 schema).
+ */
+ private String cveUrl20Modified;
+
+ /**
+ * Get the value of cveUrl20Modified.
+ *
+ * @return the value of cveUrl20Modified
+ */
+ public String getCveUrl20Modified() {
+ return cveUrl20Modified;
+ }
+
+ /**
+ * Set the value of cveUrl20Modified.
+ *
+ * @param cveUrl20Modified new value of cveUrl20Modified
+ */
+ public void setCveUrl20Modified(String cveUrl20Modified) {
+ this.cveUrl20Modified = cveUrl20Modified;
+ }
+
+ /**
+ * Base Data Mirror URL for CVE 1.2.
+ */
+ private String cveUrl12Base;
+
+ /**
+ * Get the value of cveUrl12Base.
+ *
+ * @return the value of cveUrl12Base
+ */
+ public String getCveUrl12Base() {
+ return cveUrl12Base;
+ }
+
+ /**
+ * Set the value of cveUrl12Base.
+ *
+ * @param cveUrl12Base new value of cveUrl12Base
+ */
+ public void setCveUrl12Base(String cveUrl12Base) {
+ this.cveUrl12Base = cveUrl12Base;
+ }
+
+ /**
+ * Data Mirror URL for CVE 2.0.
+ */
+ private String cveUrl20Base;
+
+ /**
+ * Get the value of cveUrl20Base.
+ *
+ * @return the value of cveUrl20Base
+ */
+ public String getCveUrl20Base() {
+ return cveUrl20Base;
+ }
+
+ /**
+ * Set the value of cveUrl20Base.
+ *
+ * @param cveUrl20Base new value of cveUrl20Base
+ */
+ public void setCveUrl20Base(String cveUrl20Base) {
+ this.cveUrl20Base = cveUrl20Base;
+ }
+
+ /**
+ * Executes the update by initializing the settings, downloads the NVD XML data, and then processes the data storing it in the
+ * local database.
+ *
+ * @throws BuildException thrown if a connection to the local database cannot be made.
+ */
+ @Override
+ public void execute() throws BuildException {
+ populateSettings();
+ Engine engine = null;
+ try {
+ engine = new Engine(Update.class.getClassLoader());
+ engine.doUpdates();
+ } catch (DatabaseException ex) {
+ throw new BuildException("Unable to connect to the dependency-check database; unable to update the NVD data", ex);
+ } finally {
+ Settings.cleanup(true);
+ if (engine != null) {
+ engine.cleanup();
+ }
+ }
+ }
+
+ /**
+ * Takes the properties supplied and updates the dependency-check settings. Additionally, this sets the system properties
+ * required to change the proxy server, port, and connection timeout.
+ */
+ @Override
+ protected void populateSettings() {
+ super.populateSettings();
+ if (proxyServer != null && !proxyServer.isEmpty()) {
+ Settings.setString(Settings.KEYS.PROXY_SERVER, proxyServer);
+ }
+ if (proxyPort != null && !proxyPort.isEmpty()) {
+ Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort);
+ }
+ if (proxyUsername != null && !proxyUsername.isEmpty()) {
+ Settings.setString(Settings.KEYS.PROXY_USERNAME, proxyUsername);
+ }
+ if (proxyPassword != null && !proxyPassword.isEmpty()) {
+ Settings.setString(Settings.KEYS.PROXY_PASSWORD, proxyPassword);
+ }
+ if (connectionTimeout != null && !connectionTimeout.isEmpty()) {
+ Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout);
+ }
+ if (databaseDriverName != null && !databaseDriverName.isEmpty()) {
+ Settings.setString(Settings.KEYS.DB_DRIVER_NAME, databaseDriverName);
+ }
+ if (databaseDriverPath != null && !databaseDriverPath.isEmpty()) {
+ Settings.setString(Settings.KEYS.DB_DRIVER_PATH, databaseDriverPath);
+ }
+ if (connectionString != null && !connectionString.isEmpty()) {
+ Settings.setString(Settings.KEYS.DB_CONNECTION_STRING, connectionString);
+ }
+ if (databaseUser != null && !databaseUser.isEmpty()) {
+ Settings.setString(Settings.KEYS.DB_USER, databaseUser);
+ }
+ if (databasePassword != null && !databasePassword.isEmpty()) {
+ Settings.setString(Settings.KEYS.DB_PASSWORD, databasePassword);
+ }
+ if (cveUrl12Modified != null && !cveUrl12Modified.isEmpty()) {
+ Settings.setString(Settings.KEYS.CVE_MODIFIED_12_URL, cveUrl12Modified);
+ }
+ if (cveUrl20Modified != null && !cveUrl20Modified.isEmpty()) {
+ Settings.setString(Settings.KEYS.CVE_MODIFIED_20_URL, cveUrl20Modified);
+ }
+ if (cveUrl12Base != null && !cveUrl12Base.isEmpty()) {
+ Settings.setString(Settings.KEYS.CVE_SCHEMA_1_2, cveUrl12Base);
+ }
+ if (cveUrl20Base != null && !cveUrl20Base.isEmpty()) {
+ Settings.setString(Settings.KEYS.CVE_SCHEMA_2_0, cveUrl20Base);
+ }
+ }
+}
diff --git a/dependency-check-ant/src/main/resources/dependency-check-taskdefs.properties b/dependency-check-ant/src/main/resources/dependency-check-taskdefs.properties
new file mode 100644
index 000000000..5d0743186
--- /dev/null
+++ b/dependency-check-ant/src/main/resources/dependency-check-taskdefs.properties
@@ -0,0 +1,3 @@
+dependency-check=org.owasp.dependencycheck.taskdefs.Check
+dependency-check-purge=org.owasp.dependencycheck.taskdefs.Purge
+dependency-check-update=org.owasp.dependencycheck.taskdefs.Update
diff --git a/dependency-check-ant/src/main/resources/task.properties b/dependency-check-ant/src/main/resources/task.properties
index 5224197b6..348493abf 100644
--- a/dependency-check-ant/src/main/resources/task.properties
+++ b/dependency-check-ant/src/main/resources/task.properties
@@ -1,2 +1,2 @@
# the path to the data directory
-data.directory=dependency-check-data
+data.directory=data
diff --git a/dependency-check-ant/src/main/resources/taskdefs.properties b/dependency-check-ant/src/main/resources/taskdefs.properties
deleted file mode 100644
index 990ea1129..000000000
--- a/dependency-check-ant/src/main/resources/taskdefs.properties
+++ /dev/null
@@ -1,3 +0,0 @@
-# define custom tasks here
-
-dependencycheck=org.owasp.dependencycheck.taskdefs.DependencyCheckTask
diff --git a/dependency-check-ant/src/test/resources/build.xml b/dependency-check-ant/src/test/resources/build.xml
index d4db32190..4cc90e346 100644
--- a/dependency-check-ant/src/test/resources/build.xml
+++ b/dependency-check-ant/src/test/resources/build.xml
@@ -1,7 +1,7 @@
-
+