Coverage Report

Coverage Report - org.owasp.dependencycheck.maven.MavenEngine

Classes in this File

Line Coverage

Branch Coverage

Complexity

MavenEngine

0/70

0/50

3.727

 /*
  * This file is part of dependency-check-maven.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2014 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.maven;
 
 import java.util.List;
 import org.apache.maven.project.MavenProject;
 import org.owasp.dependencycheck.analyzer.Analyzer;
 import org.owasp.dependencycheck.analyzer.CPEAnalyzer;
 import org.owasp.dependencycheck.analyzer.FileTypeAnalyzer;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 import org.owasp.dependencycheck.data.update.exception.UpdateException;
 import org.owasp.dependencycheck.exception.ExceptionCollection;
 import org.owasp.dependencycheck.exception.InitializationException;
 import org.owasp.dependencycheck.utils.Settings;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 /**
  * A modified version of the core engine specifically designed to persist some
  * data between multiple executions of a multi-module Maven project.
  *
  * @author Jeremy Long
  */
 public class MavenEngine extends org.owasp.dependencycheck.Engine {
 
     /**
      * The logger.
      */
     private static final transient Logger LOGGER = LoggerFactory.getLogger(MavenEngine.class);
     /**
      * A key used to persist an object in the MavenProject.
      */
     private static final String CPE_ANALYZER_KEY = "dependency-check-CPEAnalyzer";
     /**
      * The current MavenProject.
      */
     private MavenProject currentProject;
     /**
      * The list of MavenProjects that are part of the current build.
      */
     private List<MavenProject> reactorProjects;
     /**
      * Key used in the MavenProject context values to note whether or not an
      * update has been executed.
      */
     public static final String UPDATE_EXECUTED_FLAG = "dependency-check-update-executed";
 
     /**
      * Creates a new Engine to perform analysis on dependencies.
      *
      * @param project the current Maven project
      * @param reactorProjects the reactor projects for the current Maven
      * execution
      * @throws DatabaseException thrown if there is an issue connecting to the
      * database
      */
     public MavenEngine(MavenProject project, List<MavenProject> reactorProjects) throws DatabaseException {
         this.currentProject = project;
         this.reactorProjects = reactorProjects;
         initializeEngine();
     }
 
     /**
      * Runs the analyzers against all of the dependencies.
      *
      * @throws ExceptionCollection thrown if an exception occurred; contains a
      * collection of exceptions that occurred during analysis.
      */
     @Override
     public void analyzeDependencies() throws ExceptionCollection {
         final MavenProject root = getExecutionRoot();
         if (root != null) {
             LOGGER.debug("Checking root project, {}, if updates have already been completed", root.getArtifactId());
         } else {
             LOGGER.debug("Checking root project, null, if updates have already been completed");
         }
         if (root != null && root.getContextValue(UPDATE_EXECUTED_FLAG) != null) {
             System.setProperty(Settings.KEYS.AUTO_UPDATE, Boolean.FALSE.toString());
         }
         super.analyzeDependencies();
         if (root != null) {
             root.setContextValue(UPDATE_EXECUTED_FLAG, Boolean.TRUE);
         }
     }
 
     /**
      * Runs the update steps of dependency-check.
      *
      * @throws UpdateException thrown if there is an exception
      */
     public void update() throws UpdateException {
         final MavenProject root = getExecutionRoot();
         if (root != null && root.getContextValue(UPDATE_EXECUTED_FLAG) != null) {
             System.setProperty(Settings.KEYS.AUTO_UPDATE, Boolean.FALSE.toString());
         }
         this.doUpdates();
     }
 
     /**
      * This constructor should not be called. Use Engine(MavenProject) instead.
      *
      * @throws DatabaseException thrown if there is an issue connecting to the
      * database
      */
     private MavenEngine() throws DatabaseException {
     }
 
     /**
      * Initializes the given analyzer. This skips the initialization of the
      * CPEAnalyzer if it has been initialized by a previous execution.
      *
      * @param analyzer the analyzer to initialize
      * @return the initialized analyzer
      */
     @Override
     protected Analyzer initializeAnalyzer(Analyzer analyzer) throws InitializationException {
         if (analyzer instanceof CPEAnalyzer) {
             CPEAnalyzer cpe = getPreviouslyLoadedCPEAnalyzer();
             if (cpe != null && cpe.isOpen()) {
                 return cpe;
             }
             cpe = (CPEAnalyzer) super.initializeAnalyzer(analyzer);
             storeCPEAnalyzer(cpe);
         }
         return super.initializeAnalyzer(analyzer);
     }
 
     /**
      * Releases resources used by the analyzers by calling close() on each
      * analyzer.
      */
     @Override
     public void cleanup() {
         super.cleanup();
         if (currentProject == null || reactorProjects == null) {
             return;
         }
         if (this.currentProject == reactorProjects.get(reactorProjects.size() - 1)) {
             final CPEAnalyzer cpe = getPreviouslyLoadedCPEAnalyzer();
             if (cpe != null) {
                 cpe.close();
             }
         }
     }
 
     /**
      * Closes the given analyzer. This skips closing the CPEAnalyzer.
      *
      * @param analyzer the analyzer to close
      */
     @Override
     protected void closeAnalyzer(Analyzer analyzer) {
         if (analyzer instanceof CPEAnalyzer) {
             if (getPreviouslyLoadedCPEAnalyzer() == null) {
                 super.closeAnalyzer(analyzer);
             }
         } else {
             super.closeAnalyzer(analyzer);
         }
     }
 
     /**
      * Gets the CPEAnalyzer from the root Maven Project.
      *
      * @return an initialized CPEAnalyzer
      */
     private CPEAnalyzer getPreviouslyLoadedCPEAnalyzer() {
         CPEAnalyzer cpe = null;
         final MavenProject project = getExecutionRoot();
         if (project != null) {
             final Object obj = project.getContextValue(CPE_ANALYZER_KEY);
             if (obj != null && obj instanceof CPEAnalyzer) {
                 cpe = (CPEAnalyzer) project.getContextValue(CPE_ANALYZER_KEY);
             }
         }
         return cpe;
     }
 
     /**
      * Stores a CPEAnalyzer in the root Maven Project.
      *
      * @param cpe the CPEAnalyzer to store
      */
     private void storeCPEAnalyzer(CPEAnalyzer cpe) {
         final MavenProject p = getExecutionRoot();
         if (p != null) {
             p.setContextValue(CPE_ANALYZER_KEY, cpe);
         }
     }
 
     /**
      * Returns the root Maven Project.
      *
      * @return the root Maven Project
      */
     MavenProject getExecutionRoot() {
         if (reactorProjects == null) {
             return null;
         }
         for (MavenProject p : reactorProjects) {
             if (p.isExecutionRoot()) {
                 return p;
             }
         }
         //the following should  never run, but leaving it as a failsafe.
         if (this.currentProject == null) {
             return null;
         }
         MavenProject p = this.currentProject;
         while (p.getParent() != null) {
             p = p.getParent();
         }
         return p;
     }
 
     /**
      * Resets the file type analyzers so that they can be re-used to scan
      * additional directories. Without the reset the analyzer might be disabled
      * because the first scan/analyze did not identify any files that could be
      * processed by the analyzer.
      */
     public void resetFileTypeAnalyzers() {
         for (FileTypeAnalyzer a : getFileTypeAnalyzers()) {
             a.reset();
         }
     }
 }

1		/*
2		* This file is part of dependency-check-maven.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.maven;
19
20		import java.util.List;
21		import org.apache.maven.project.MavenProject;
22		import org.owasp.dependencycheck.analyzer.Analyzer;
23		import org.owasp.dependencycheck.analyzer.CPEAnalyzer;
24		import org.owasp.dependencycheck.analyzer.FileTypeAnalyzer;
25		import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
26		import org.owasp.dependencycheck.data.update.exception.UpdateException;
27		import org.owasp.dependencycheck.exception.ExceptionCollection;
28		import org.owasp.dependencycheck.exception.InitializationException;
29		import org.owasp.dependencycheck.utils.Settings;
30		import org.slf4j.Logger;
31		import org.slf4j.LoggerFactory;
32
33		/**
34		* A modified version of the core engine specifically designed to persist some
35		* data between multiple executions of a multi-module Maven project.
36		*
37		* @author Jeremy Long
38		*/
39		public class MavenEngine extends org.owasp.dependencycheck.Engine {
40
41		/**
42		* The logger.
43		*/
44	0	private static final transient Logger LOGGER = LoggerFactory.getLogger(MavenEngine.class);
45		/**
46		* A key used to persist an object in the MavenProject.
47		*/
48		private static final String CPE_ANALYZER_KEY = "dependency-check-CPEAnalyzer";
49		/**
50		* The current MavenProject.
51		*/
52		private MavenProject currentProject;
53		/**
54		* The list of MavenProjects that are part of the current build.
55		*/
56		private List<MavenProject> reactorProjects;
57		/**
58		* Key used in the MavenProject context values to note whether or not an
59		* update has been executed.
60		*/
61		public static final String UPDATE_EXECUTED_FLAG = "dependency-check-update-executed";
62
63		/**
64		* Creates a new Engine to perform analysis on dependencies.
65		*
66		* @param project the current Maven project
67		* @param reactorProjects the reactor projects for the current Maven
68		* execution
69		* @throws DatabaseException thrown if there is an issue connecting to the
70		* database
71		*/
72	0	public MavenEngine(MavenProject project, List<MavenProject> reactorProjects) throws DatabaseException {
73	0	this.currentProject = project;
74	0	this.reactorProjects = reactorProjects;
75	0	initializeEngine();
76	0	}
77
78		/**
79		* Runs the analyzers against all of the dependencies.
80		*
81		* @throws ExceptionCollection thrown if an exception occurred; contains a
82		* collection of exceptions that occurred during analysis.
83		*/
84		@Override
85		public void analyzeDependencies() throws ExceptionCollection {
86	0	final MavenProject root = getExecutionRoot();
87	0	if (root != null) {
88	0	LOGGER.debug("Checking root project, {}, if updates have already been completed", root.getArtifactId());
89		} else {
90	0	LOGGER.debug("Checking root project, null, if updates have already been completed");
91		}
92	0	if (root != null && root.getContextValue(UPDATE_EXECUTED_FLAG) != null) {
93	0	System.setProperty(Settings.KEYS.AUTO_UPDATE, Boolean.FALSE.toString());
94		}
95	0	super.analyzeDependencies();
96	0	if (root != null) {
97	0	root.setContextValue(UPDATE_EXECUTED_FLAG, Boolean.TRUE);
98		}
99	0	}
100
101		/**
102		* Runs the update steps of dependency-check.
103		*
104		* @throws UpdateException thrown if there is an exception
105		*/
106		public void update() throws UpdateException {
107	0	final MavenProject root = getExecutionRoot();
108	0	if (root != null && root.getContextValue(UPDATE_EXECUTED_FLAG) != null) {
109	0	System.setProperty(Settings.KEYS.AUTO_UPDATE, Boolean.FALSE.toString());
110		}
111	0	this.doUpdates();
112	0	}
113
114		/**
115		* This constructor should not be called. Use Engine(MavenProject) instead.
116		*
117		* @throws DatabaseException thrown if there is an issue connecting to the
118		* database
119		*/
120	0	private MavenEngine() throws DatabaseException {
121	0	}
122
123		/**
124		* Initializes the given analyzer. This skips the initialization of the
125		* CPEAnalyzer if it has been initialized by a previous execution.
126		*
127		* @param analyzer the analyzer to initialize
128		* @return the initialized analyzer
129		*/
130		@Override
131		protected Analyzer initializeAnalyzer(Analyzer analyzer) throws InitializationException {
132	0	if (analyzer instanceof CPEAnalyzer) {
133	0	CPEAnalyzer cpe = getPreviouslyLoadedCPEAnalyzer();
134	0	if (cpe != null && cpe.isOpen()) {
135	0	return cpe;
136		}
137	0	cpe = (CPEAnalyzer) super.initializeAnalyzer(analyzer);
138	0	storeCPEAnalyzer(cpe);
139		}
140	0	return super.initializeAnalyzer(analyzer);
141		}
142
143		/**
144		* Releases resources used by the analyzers by calling close() on each
145		* analyzer.
146		*/
147		@Override
148		public void cleanup() {
149	0	super.cleanup();
150	0	if (currentProject == null \|\| reactorProjects == null) {
151	0	return;
152		}
153	0	if (this.currentProject == reactorProjects.get(reactorProjects.size() - 1)) {
154	0	final CPEAnalyzer cpe = getPreviouslyLoadedCPEAnalyzer();
155	0	if (cpe != null) {
156	0	cpe.close();
157		}
158		}
159	0	}
160
161		/**
162		* Closes the given analyzer. This skips closing the CPEAnalyzer.
163		*
164		* @param analyzer the analyzer to close
165		*/
166		@Override
167		protected void closeAnalyzer(Analyzer analyzer) {
168	0	if (analyzer instanceof CPEAnalyzer) {
169	0	if (getPreviouslyLoadedCPEAnalyzer() == null) {
170	0	super.closeAnalyzer(analyzer);
171		}
172		} else {
173	0	super.closeAnalyzer(analyzer);
174		}
175	0	}
176
177		/**
178		* Gets the CPEAnalyzer from the root Maven Project.
179		*
180		* @return an initialized CPEAnalyzer
181		*/
182		private CPEAnalyzer getPreviouslyLoadedCPEAnalyzer() {
183	0	CPEAnalyzer cpe = null;
184	0	final MavenProject project = getExecutionRoot();
185	0	if (project != null) {
186	0	final Object obj = project.getContextValue(CPE_ANALYZER_KEY);
187	0	if (obj != null && obj instanceof CPEAnalyzer) {
188	0	cpe = (CPEAnalyzer) project.getContextValue(CPE_ANALYZER_KEY);
189		}
190		}
191	0	return cpe;
192		}
193
194		/**
195		* Stores a CPEAnalyzer in the root Maven Project.
196		*
197		* @param cpe the CPEAnalyzer to store
198		*/
199		private void storeCPEAnalyzer(CPEAnalyzer cpe) {
200	0	final MavenProject p = getExecutionRoot();
201	0	if (p != null) {
202	0	p.setContextValue(CPE_ANALYZER_KEY, cpe);
203		}
204	0	}
205
206		/**
207		* Returns the root Maven Project.
208		*
209		* @return the root Maven Project
210		*/
211		MavenProject getExecutionRoot() {
212	0	if (reactorProjects == null) {
213	0	return null;
214		}
215	0	for (MavenProject p : reactorProjects) {
216	0	if (p.isExecutionRoot()) {
217	0	return p;
218		}
219	0	}
220		//the following should never run, but leaving it as a failsafe.
221	0	if (this.currentProject == null) {
222	0	return null;
223		}
224	0	MavenProject p = this.currentProject;
225	0	while (p.getParent() != null) {
226	0	p = p.getParent();
227		}
228	0	return p;
229		}
230
231		/**
232		* Resets the file type analyzers so that they can be re-used to scan
233		* additional directories. Without the reset the analyzer might be disabled
234		* because the first scan/analyze did not identify any files that could be
235		* processed by the analyzer.
236		*/
237		public void resetFileTypeAnalyzers() {
238	0	for (FileTypeAnalyzer a : getFileTypeAnalyzers()) {
239	0	a.reset();
240	0	}
241	0	}
242		}