mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-15 00:03:43 +01:00
Compare commits
14 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
3553489f2e | ||
|
|
f74efd5b96 | ||
|
|
ba887fdf21 | ||
|
|
3995cd64da | ||
|
|
9fdf22a475 | ||
|
|
5980d0a6fa | ||
|
|
21f8b0b553 | ||
|
|
d98ca9d21f | ||
|
|
fe2cdfe81a | ||
|
|
878d9ad8d9 | ||
|
|
e25961f40c | ||
|
|
7987800567 | ||
|
|
daec4c2e4e | ||
|
|
5ea52b47ab |
@@ -22,7 +22,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
|
||||
<parent>
|
||||
<groupId>org.owasp</groupId>
|
||||
<artifactId>dependency-check-parent</artifactId>
|
||||
<version>1.0.3</version>
|
||||
<version>1.0.4</version>
|
||||
</parent>
|
||||
|
||||
<artifactId>dependency-check-ant</artifactId>
|
||||
|
||||
@@ -23,7 +23,6 @@ import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.util.List;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.LogManager;
|
||||
import java.util.logging.Logger;
|
||||
import org.apache.tools.ant.BuildException;
|
||||
import org.apache.tools.ant.Task;
|
||||
@@ -38,6 +37,7 @@ import org.owasp.dependencycheck.dependency.Dependency;
|
||||
import org.owasp.dependencycheck.dependency.Vulnerability;
|
||||
import org.owasp.dependencycheck.reporting.ReportGenerator;
|
||||
import org.owasp.dependencycheck.reporting.ReportGenerator.Format;
|
||||
import org.owasp.dependencycheck.utils.LogUtils;
|
||||
import org.owasp.dependencycheck.utils.Settings;
|
||||
|
||||
/**
|
||||
@@ -345,41 +345,33 @@ public class DependencyCheckTask extends Task {
|
||||
public void setConnectionTimeout(String connectionTimeout) {
|
||||
this.connectionTimeout = connectionTimeout;
|
||||
}
|
||||
/**
|
||||
* The file path used for verbose logging.
|
||||
*/
|
||||
private String logFile = null;
|
||||
|
||||
/**
|
||||
* Configures the logger for use by the application.
|
||||
* Get the value of logFile.
|
||||
*
|
||||
* @return the value of logFile
|
||||
*/
|
||||
private static void prepareLogger() {
|
||||
InputStream in = null;
|
||||
try {
|
||||
in = DependencyCheckTask.class.getClassLoader().getResourceAsStream(LOG_PROPERTIES_FILE);
|
||||
LogManager.getLogManager().reset();
|
||||
LogManager.getLogManager().readConfiguration(in);
|
||||
//TODO add code to disable fine grained log file.
|
||||
// Logger logger = LogManager.getLogManager().getLogger("");
|
||||
// for (Handler h : logger.getHandlers()) {
|
||||
// if (h.getFormatter(). h.toString());
|
||||
// }
|
||||
} catch (IOException ex) {
|
||||
System.err.println(ex.toString());
|
||||
Logger.getLogger(DependencyCheckTask.class.getName()).log(Level.SEVERE, null, ex);
|
||||
} catch (SecurityException ex) {
|
||||
Logger.getLogger(DependencyCheckTask.class.getName()).log(Level.SEVERE, null, ex);
|
||||
} finally {
|
||||
if (in != null) {
|
||||
try {
|
||||
in.close();
|
||||
} catch (Exception ex) {
|
||||
//noinspection UnusedAssignment
|
||||
in = null;
|
||||
}
|
||||
}
|
||||
}
|
||||
public String getLogFile() {
|
||||
return logFile;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the value of logFile.
|
||||
*
|
||||
* @param logFile new value of logFile
|
||||
*/
|
||||
public void setLogFile(String logFile) {
|
||||
this.logFile = logFile;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void execute() throws BuildException {
|
||||
prepareLogger();
|
||||
final InputStream in = DependencyCheckTask.class.getClassLoader().getResourceAsStream(LOG_PROPERTIES_FILE);
|
||||
LogUtils.prepareLogger(in, logFile);
|
||||
|
||||
dealWithReferences();
|
||||
validateConfiguration();
|
||||
@@ -512,6 +504,7 @@ public class DependencyCheckTask extends Task {
|
||||
*
|
||||
* @return the list of values for the report format
|
||||
*/
|
||||
@Override
|
||||
public String[] getValues() {
|
||||
int i = 0;
|
||||
final Format[] formats = Format.values();
|
||||
|
||||
@@ -22,7 +22,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
|
||||
<parent>
|
||||
<groupId>org.owasp</groupId>
|
||||
<artifactId>dependency-check-parent</artifactId>
|
||||
<version>1.0.3</version>
|
||||
<version>1.0.4</version>
|
||||
</parent>
|
||||
|
||||
<artifactId>dependency-check-cli</artifactId>
|
||||
|
||||
@@ -24,12 +24,12 @@ import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.util.List;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.LogManager;
|
||||
import java.util.logging.Logger;
|
||||
import org.apache.commons.cli.ParseException;
|
||||
import org.owasp.dependencycheck.reporting.ReportGenerator;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
import org.owasp.dependencycheck.cli.CliParser;
|
||||
import org.owasp.dependencycheck.utils.LogUtils;
|
||||
import org.owasp.dependencycheck.utils.Settings;
|
||||
|
||||
/*
|
||||
@@ -67,35 +67,10 @@ public class App {
|
||||
* @param args the command line arguments
|
||||
*/
|
||||
public static void main(String[] args) {
|
||||
prepareLogger();
|
||||
final App app = new App();
|
||||
app.run(args);
|
||||
}
|
||||
|
||||
/**
|
||||
* Configures the logger for use by the application.
|
||||
*/
|
||||
private static void prepareLogger() {
|
||||
InputStream in = null;
|
||||
try {
|
||||
in = App.class.getClassLoader().getResourceAsStream(LOG_PROPERTIES_FILE);
|
||||
LogManager.getLogManager().reset();
|
||||
LogManager.getLogManager().readConfiguration(in);
|
||||
} catch (IOException ex) {
|
||||
Logger.getLogger(App.class.getName()).log(Level.FINE, "IO Error preparing the logger", ex);
|
||||
} catch (SecurityException ex) {
|
||||
Logger.getLogger(App.class.getName()).log(Level.FINE, "Error preparing the logger", ex);
|
||||
} finally {
|
||||
if (in != null) {
|
||||
try {
|
||||
in.close();
|
||||
} catch (Exception ex) {
|
||||
Logger.getLogger(App.class.getName()).log(Level.FINEST, "Error closing resource stream", ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Main CLI entry-point into the application.
|
||||
*
|
||||
@@ -116,10 +91,14 @@ public class App {
|
||||
return;
|
||||
}
|
||||
|
||||
final InputStream in = App.class.getClassLoader().getResourceAsStream(LOG_PROPERTIES_FILE);
|
||||
LogUtils.prepareLogger(in, cli.getVerboseLog());
|
||||
|
||||
if (cli.isGetVersion()) {
|
||||
cli.printVersionInfo();
|
||||
} else if (cli.isRunScan()) {
|
||||
updateSettings(cli.isAutoUpdate(), cli.getConnectionTimeout(), cli.getProxyUrl(), cli.getProxyPort(), cli.getDataDirectory());
|
||||
updateSettings(cli.isAutoUpdate(), cli.getConnectionTimeout(), cli.getProxyUrl(),
|
||||
cli.getProxyPort(), cli.getDataDirectory(), cli.getPropertiesFile());
|
||||
runScan(cli.getReportDirectory(), cli.getReportFormat(), cli.getApplicationName(), cli.getScanFiles());
|
||||
} else {
|
||||
cli.printHelp();
|
||||
@@ -168,8 +147,24 @@ public class App {
|
||||
* @param proxyPort the proxy port (null or blank means no port will be
|
||||
* used)
|
||||
* @param dataDirectory the directory to store/retrieve persistent data from
|
||||
* @param propertiesFile the properties file to utilize
|
||||
*/
|
||||
private void updateSettings(boolean autoUpdate, String connectionTimeout, String proxyUrl, String proxyPort, String dataDirectory) {
|
||||
private void updateSettings(boolean autoUpdate, String connectionTimeout, String proxyUrl,
|
||||
String proxyPort, String dataDirectory, File propertiesFile) {
|
||||
|
||||
if (propertiesFile != null) {
|
||||
try {
|
||||
Settings.mergeProperties(propertiesFile);
|
||||
} catch (FileNotFoundException ex) {
|
||||
final String msg = String.format("Unable to load properties file '%s'", propertiesFile.getPath());
|
||||
Logger.getLogger(App.class.getName()).log(Level.SEVERE, msg);
|
||||
Logger.getLogger(App.class.getName()).log(Level.FINE, null, ex);
|
||||
} catch (IOException ex) {
|
||||
final String msg = String.format("Unable to find properties file '%s'", propertiesFile.getPath());
|
||||
Logger.getLogger(App.class.getName()).log(Level.SEVERE, msg);
|
||||
Logger.getLogger(App.class.getName()).log(Level.FINE, null, ex);
|
||||
}
|
||||
}
|
||||
if (dataDirectory != null) {
|
||||
Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDirectory);
|
||||
} else if (System.getProperty("basedir") != null) {
|
||||
@@ -182,8 +177,6 @@ public class App {
|
||||
final File dataDir = new File(base, sub);
|
||||
Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath());
|
||||
}
|
||||
|
||||
|
||||
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
|
||||
if (proxyUrl != null && !proxyUrl.isEmpty()) {
|
||||
Settings.setString(Settings.KEYS.PROXY_URL, proxyUrl);
|
||||
|
||||
@@ -195,6 +195,10 @@ public final class CliParser {
|
||||
.withDescription("The output format to write to (XML, HTML, VULN, ALL). The default is HTML.")
|
||||
.create(ArgumentName.OUTPUT_FORMAT_SHORT);
|
||||
|
||||
final Option verboseLog = OptionBuilder.withArgName("file").hasArg().withLongOpt(ArgumentName.VERBOSE_LOG)
|
||||
.withDescription("The file path to write verbose logging information.")
|
||||
.create(ArgumentName.VERBOSE_LOG_SHORT);
|
||||
|
||||
final OptionGroup og = new OptionGroup();
|
||||
og.addOption(path);
|
||||
|
||||
@@ -208,6 +212,7 @@ public final class CliParser {
|
||||
opts.addOption(noUpdate);
|
||||
opts.addOption(props);
|
||||
opts.addOption(data);
|
||||
opts.addOption(verboseLog);
|
||||
opts.addOption(proxyPort);
|
||||
opts.addOption(proxyUrl);
|
||||
opts.addOption(connectionTimeout);
|
||||
@@ -334,6 +339,28 @@ public final class CliParser {
|
||||
return line.getOptionValue(ArgumentName.DATA_DIRECTORY);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the properties file specified on the command line.
|
||||
*
|
||||
* @return the properties file specified on the command line
|
||||
*/
|
||||
public File getPropertiesFile() {
|
||||
final String path = line.getOptionValue(ArgumentName.PROP);
|
||||
if (path != null) {
|
||||
return new File(path);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the path to the verbose log file.
|
||||
*
|
||||
* @return the path to the verbose log file
|
||||
*/
|
||||
public String getVerboseLog() {
|
||||
return line.getOptionValue(ArgumentName.VERBOSE_LOG);
|
||||
}
|
||||
|
||||
/**
|
||||
* <p>Prints the manifest information to standard output.</p>
|
||||
* <ul><li>Implementation-Title: ${pom.name}</li>
|
||||
@@ -469,5 +496,14 @@ public final class CliParser {
|
||||
* directory.
|
||||
*/
|
||||
public static final String DATA_DIRECTORY_SHORT = "d";
|
||||
/**
|
||||
* The CLI argument name for setting the location of the data directory.
|
||||
*/
|
||||
public static final String VERBOSE_LOG = "log";
|
||||
/**
|
||||
* The short CLI argument name for setting the location of the data
|
||||
* directory.
|
||||
*/
|
||||
public static final String VERBOSE_LOG_SHORT = "l";
|
||||
}
|
||||
}
|
||||
|
||||
@@ -7,8 +7,6 @@ handlers=java.util.logging.ConsoleHandler
|
||||
# Configure the ConsoleHandler.
|
||||
java.util.logging.ConsoleHandler.level=INFO
|
||||
|
||||
org.owasp.dependencycheck.data.nvdcve.xml
|
||||
|
||||
# Configure the FileHandler.
|
||||
java.util.logging.FileHandler.formatter=java.util.logging.SimpleFormatter
|
||||
java.util.logging.FileHandler.level=FINE
|
||||
@@ -21,4 +19,4 @@ java.util.logging.FileHandler.level=FINE
|
||||
# %g - generation number for rotating logs
|
||||
# %u - unique number to avoid conflicts
|
||||
# FileHandler writes to %h/demo0.log by default.
|
||||
java.util.logging.FileHandler.pattern=./logs/DependencyCheck.log
|
||||
java.util.logging.FileHandler.pattern=./dependency-check.log
|
||||
@@ -22,7 +22,7 @@ along with Dependency-Check. If not, see <http://www.gnu.org/licenses />.
|
||||
<parent>
|
||||
<groupId>org.owasp</groupId>
|
||||
<artifactId>dependency-check-parent</artifactId>
|
||||
<version>1.0.3</version>
|
||||
<version>1.0.4</version>
|
||||
</parent>
|
||||
|
||||
<artifactId>dependency-check-core</artifactId>
|
||||
|
||||
@@ -282,11 +282,13 @@ public class Engine {
|
||||
final List<Analyzer> analyzerList = analyzers.get(phase);
|
||||
for (Analyzer a : analyzerList) {
|
||||
try {
|
||||
final String msg = String.format("Initializing %s", a.getName());
|
||||
Logger.getLogger(Engine.class.getName()).log(Level.FINE, msg);
|
||||
a.initialize();
|
||||
} catch (Exception ex) {
|
||||
final String msg = String.format("\"Exception occurred initializing \"%s\".\"", a.getName());
|
||||
final String msg = String.format("Exception occurred initializing %s.", a.getName());
|
||||
Logger.getLogger(Engine.class.getName()).log(Level.SEVERE, msg);
|
||||
Logger.getLogger(Engine.class.getName()).log(Level.INFO, msg, ex);
|
||||
Logger.getLogger(Engine.class.getName()).log(Level.INFO, null, ex);
|
||||
try {
|
||||
a.close();
|
||||
} catch (Exception ex1) {
|
||||
@@ -305,9 +307,13 @@ public class Engine {
|
||||
* analyzers may modify it. This prevents ConcurrentModificationExceptions.
|
||||
* This is okay for adds/deletes because it happens per analyzer.
|
||||
*/
|
||||
final String msg = String.format("Begin Analyzer '%s'", a.getName());
|
||||
Logger.getLogger(Engine.class.getName()).log(Level.FINE, msg);
|
||||
final Set<Dependency> dependencySet = new HashSet<Dependency>();
|
||||
dependencySet.addAll(dependencies);
|
||||
for (Dependency d : dependencySet) {
|
||||
final String msgFile = String.format("Begin Analysis of '%s'", d.getActualFilePath());
|
||||
Logger.getLogger(Engine.class.getName()).log(Level.FINE, msgFile);
|
||||
if (a.supportsExtension(d.getFileExtension())) {
|
||||
try {
|
||||
a.analyze(d, this);
|
||||
@@ -323,6 +329,8 @@ public class Engine {
|
||||
for (AnalysisPhase phase : AnalysisPhase.values()) {
|
||||
final List<Analyzer> analyzerList = analyzers.get(phase);
|
||||
for (Analyzer a : analyzerList) {
|
||||
final String msg = String.format("Closing Analyzer '%s'", a.getName());
|
||||
Logger.getLogger(Engine.class.getName()).log(Level.FINE, msg);
|
||||
try {
|
||||
a.close();
|
||||
} catch (Exception ex) {
|
||||
|
||||
@@ -145,7 +145,10 @@ public class ArchiveAnalyzer extends AbstractAnalyzer implements Analyzer {
|
||||
public void initialize() throws Exception {
|
||||
final File baseDir = Settings.getTempDirectory();
|
||||
if (!baseDir.exists()) {
|
||||
baseDir.mkdirs();
|
||||
if (!baseDir.mkdirs()) {
|
||||
final String msg = String.format("Unable to make a temporary folder '%s'", baseDir.getPath());
|
||||
throw new AnalysisException(msg);
|
||||
}
|
||||
}
|
||||
tempFileLocation = File.createTempFile("check", "tmp", baseDir);
|
||||
if (!tempFileLocation.delete()) {
|
||||
|
||||
@@ -444,6 +444,9 @@ public class CPEAnalyzer implements Analyzer {
|
||||
//</editor-fold>
|
||||
|
||||
//TODO - likely need to change the split... not sure if this will work for CPE with special chars
|
||||
if (text == null) {
|
||||
return false;
|
||||
}
|
||||
final String[] words = text.split("[\\s_-]");
|
||||
final List<String> list = new ArrayList<String>();
|
||||
String tempWord = null;
|
||||
|
||||
@@ -0,0 +1,44 @@
|
||||
/*
|
||||
* This file is part of dependency-check-core.
|
||||
*
|
||||
* Dependency-check-core is free software: you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the Free
|
||||
* Software Foundation, either version 3 of the License, or (at your option) any
|
||||
* later version.
|
||||
*
|
||||
* Dependency-check-core is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
||||
* details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along with
|
||||
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
|
||||
*
|
||||
* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.owasp.dependencycheck.utils;
|
||||
|
||||
import java.util.logging.Filter;
|
||||
import java.util.logging.LogRecord;
|
||||
|
||||
/**
|
||||
* A simple log filter to limit the entries written to the verbose log file. The
|
||||
* verbose log file uses the root logger as I couldn't get anything else to
|
||||
* work; as such, this filter limits the log entries to specific classes.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class LogFilter implements Filter {
|
||||
|
||||
/**
|
||||
* Determines if the record should be logged.
|
||||
*
|
||||
* @param record a log record to examine
|
||||
* @return true if the record should be logged, otherwise false
|
||||
*/
|
||||
@Override
|
||||
public boolean isLoggable(LogRecord record) {
|
||||
final String name = record.getSourceClassName();
|
||||
return name.startsWith("org.owasp.dependencycheck") && !name.contains("generated") && !name.contains("VelocityLoggerRedirect");
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,75 @@
|
||||
/*
|
||||
* This file is part of dependency-check-core.
|
||||
*
|
||||
* Dependency-check-core is free software: you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the Free
|
||||
* Software Foundation, either version 3 of the License, or (at your option) any
|
||||
* later version.
|
||||
*
|
||||
* Dependency-check-core is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
||||
* details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along with
|
||||
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
|
||||
*
|
||||
* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.owasp.dependencycheck.utils;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.util.logging.FileHandler;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.LogManager;
|
||||
import java.util.logging.Logger;
|
||||
import java.util.logging.SimpleFormatter;
|
||||
|
||||
/**
|
||||
* A utility class to aide in the setup of the logging mechanism.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public final class LogUtils {
|
||||
|
||||
/**
|
||||
* Private constructor for a utility class.
|
||||
*/
|
||||
private LogUtils() {
|
||||
}
|
||||
|
||||
/**
|
||||
* Configures the logger for use by the application.
|
||||
*
|
||||
* @param in the input stream to read the log settings from
|
||||
* @param verboseLogFile the file path for the verbose log
|
||||
*/
|
||||
public static void prepareLogger(InputStream in, String verboseLogFile) {
|
||||
try {
|
||||
LogManager.getLogManager().reset();
|
||||
LogManager.getLogManager().readConfiguration(in);
|
||||
if (verboseLogFile != null && !verboseLogFile.isEmpty()) {
|
||||
final Logger logger = Logger.getLogger("");
|
||||
final FileHandler handler = new FileHandler(verboseLogFile, true);
|
||||
handler.setFormatter(new SimpleFormatter());
|
||||
handler.setLevel(Level.FINE);
|
||||
handler.setFilter(new LogFilter());
|
||||
logger.addHandler(handler);
|
||||
logger.setLevel(Level.FINE);
|
||||
}
|
||||
} catch (IOException ex) {
|
||||
Logger.getLogger(LogUtils.class.getName()).log(Level.FINE, "IO Error preparing the logger", ex);
|
||||
} catch (SecurityException ex) {
|
||||
Logger.getLogger(LogUtils.class.getName()).log(Level.FINE, "Error preparing the logger", ex);
|
||||
} finally {
|
||||
if (in != null) {
|
||||
try {
|
||||
in.close();
|
||||
} catch (Exception ex) {
|
||||
Logger.getLogger(LogUtils.class.getName()).log(Level.FINEST, "Error closing resource stream", ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -195,6 +195,23 @@ public final class Settings {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Merges a new properties file into the current properties. This method
|
||||
* allows for the loading of a user provided properties file.<br/><br/>
|
||||
* Note: even if using this method - system properties will be loaded before
|
||||
* properties loaded from files.
|
||||
*
|
||||
* @param filePath the path to the properties file to merge.
|
||||
* @throws FileNotFoundException is thrown when the filePath points to a
|
||||
* non-existent file
|
||||
* @throws IOException is thrown when there is an exception loading/merging
|
||||
* the properties
|
||||
*/
|
||||
public static void mergeProperties(File filePath) throws FileNotFoundException, IOException {
|
||||
final FileInputStream fis = new FileInputStream(filePath);
|
||||
mergeProperties(fis);
|
||||
}
|
||||
|
||||
/**
|
||||
* Merges a new properties file into the current properties. This method
|
||||
* allows for the loading of a user provided properties file.<br/><br/>
|
||||
|
||||
@@ -26,7 +26,7 @@ cve.url.modified.validfordays=7
|
||||
# the path to the modified nvd cve xml file.
|
||||
cve.url-1.2.modified=http://nvd.nist.gov/download/nvdcve-modified.xml
|
||||
cve.url-2.0.modified=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml
|
||||
cve.startyear=2002
|
||||
cve.startyear=2013
|
||||
cve.url-2.0.base=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml
|
||||
cve.url-1.2.base=http://nvd.nist.gov/download/nvdcve-%d.xml
|
||||
#cve.url-2.0.base=file:///C:/data/xml/nvdcve-2.0-%d.xml
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
<parent>
|
||||
<groupId>org.owasp</groupId>
|
||||
<artifactId>dependency-check-parent</artifactId>
|
||||
<version>1.0.3</version>
|
||||
<version>1.0.4</version>
|
||||
</parent>
|
||||
|
||||
<groupId>org.owasp</groupId>
|
||||
|
||||
@@ -24,7 +24,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
|
||||
<parent>
|
||||
<groupId>org.owasp</groupId>
|
||||
<artifactId>dependency-check-parent</artifactId>
|
||||
<version>1.0.3</version>
|
||||
<version>1.0.4</version>
|
||||
</parent>
|
||||
|
||||
<artifactId>dependency-check-maven</artifactId>
|
||||
|
||||
@@ -34,7 +34,6 @@ import org.apache.maven.plugin.AbstractMojo;
|
||||
import org.apache.maven.plugin.MojoExecutionException;
|
||||
import org.apache.maven.project.MavenProject;
|
||||
import java.util.Set;
|
||||
import java.util.logging.LogManager;
|
||||
import org.apache.maven.artifact.Artifact;
|
||||
import org.apache.maven.plugins.annotations.Component;
|
||||
import org.apache.maven.plugins.annotations.LifecyclePhase;
|
||||
@@ -54,6 +53,7 @@ import org.owasp.dependencycheck.dependency.Reference;
|
||||
import org.owasp.dependencycheck.dependency.Vulnerability;
|
||||
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
|
||||
import org.owasp.dependencycheck.reporting.ReportGenerator;
|
||||
import org.owasp.dependencycheck.utils.LogUtils;
|
||||
import org.owasp.dependencycheck.utils.Settings;
|
||||
|
||||
/**
|
||||
@@ -90,6 +90,11 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
|
||||
*/
|
||||
@Parameter(property = "report-name", defaultValue = "dependency-check-report")
|
||||
private String reportName;
|
||||
/**
|
||||
* The path to the verbose log
|
||||
*/
|
||||
@Parameter(property = "logfile", defaultValue = "")
|
||||
private String logFile;
|
||||
/**
|
||||
* The name of the report to be displayed in the Maven Generated Reports
|
||||
* page
|
||||
@@ -163,44 +168,16 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
|
||||
private String connectionTimeout = null;
|
||||
|
||||
// </editor-fold>
|
||||
/**
|
||||
* Configures the logger for use by the application.
|
||||
*/
|
||||
private static void prepareLogger() {
|
||||
InputStream in = null;
|
||||
try {
|
||||
in = DependencyCheckMojo.class.getClassLoader().getResourceAsStream(LOG_PROPERTIES_FILE);
|
||||
LogManager.getLogManager().reset();
|
||||
LogManager.getLogManager().readConfiguration(in);
|
||||
//TODO add code to disable fine grained log file.
|
||||
// Logger logger = LogManager.getLogManager().getLogger("");
|
||||
// for (Handler h : logger.getHandlers()) {
|
||||
// if (h.getFormatter(). h.toString());
|
||||
// }
|
||||
} catch (IOException ex) {
|
||||
System.err.println(ex.toString());
|
||||
Logger.getLogger(DependencyCheckMojo.class.getName()).log(Level.SEVERE, null, ex);
|
||||
} catch (SecurityException ex) {
|
||||
Logger.getLogger(DependencyCheckMojo.class.getName()).log(Level.SEVERE, null, ex);
|
||||
} finally {
|
||||
if (in != null) {
|
||||
try {
|
||||
in.close();
|
||||
} catch (Exception ex) {
|
||||
//noinspection UnusedAssignment
|
||||
in = null;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Executes the Dependency-Check on the dependent libraries.
|
||||
*
|
||||
* @return the Engine used to scan the dependencies.
|
||||
*/
|
||||
private Engine executeDependencyCheck() {
|
||||
prepareLogger();
|
||||
|
||||
final InputStream in = DependencyCheckMojo.class.getClassLoader().getResourceAsStream(LOG_PROPERTIES_FILE);
|
||||
LogUtils.prepareLogger(in, logFile);
|
||||
|
||||
populateSettings();
|
||||
final Engine engine = new Engine();
|
||||
final Set<Artifact> artifacts = project.getArtifacts();
|
||||
|
||||
Reference in New Issue
Block a user