View Javadoc
1   /*
2    * This file is part of dependency-check-maven.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.maven;
19  
20  import java.util.Locale;
21  import java.util.logging.Level;
22  import java.util.logging.Logger;
23  import org.apache.maven.plugin.MojoExecutionException;
24  import org.apache.maven.plugin.MojoFailureException;
25  import org.apache.maven.plugins.annotations.LifecyclePhase;
26  import org.apache.maven.plugins.annotations.Mojo;
27  import org.apache.maven.plugins.annotations.ResolutionScope;
28  import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
29  import org.owasp.dependencycheck.utils.Settings;
30  
31  /**
32   * Maven Plugin that checks the project dependencies to see if they have any known published vulnerabilities.
33   *
34   * @author Jeremy Long
35   */
36  @Mojo(
37          name = "update-only",
38          defaultPhase = LifecyclePhase.GENERATE_RESOURCES,
39          threadSafe = true,
40          requiresDependencyResolution = ResolutionScope.NONE,
41          requiresOnline = true
42  )
43  public class UpdateMojo extends BaseDependencyCheckMojo {
44  
45      /**
46       * Logger field reference.
47       */
48      private static final Logger LOGGER = Logger.getLogger(UpdateMojo.class.getName());
49  
50      /**
51       * Returns false; this mojo cannot generate a report.
52       *
53       * @return <code>false</code>
54       */
55      @Override
56      public boolean canGenerateReport() {
57          return false;
58      }
59  
60      /**
61       * Executes the dependency-check engine on the project's dependencies and generates the report.
62       *
63       * @throws MojoExecutionException thrown if there is an exception executing the goal
64       * @throws MojoFailureException thrown if dependency-check is configured to fail the build
65       */
66      @Override
67      public void runCheck() throws MojoExecutionException, MojoFailureException {
68          final Engine engine;
69          try {
70              engine = initializeEngine();
71              engine.update();
72          } catch (DatabaseException ex) {
73              LOGGER.log(Level.FINE, "Database connection error", ex);
74              throw new MojoExecutionException("An exception occured connecting to the local database. Please see the log file for more details.", ex);
75          }
76          engine.cleanup();
77          Settings.cleanup();
78      }
79  
80      /**
81       * Returns the report name.
82       *
83       * @param locale the location
84       * @return the report name
85       */
86      public String getName(Locale locale) {
87          return "dependency-check-update";
88      }
89  
90      /**
91       * Gets the description of the Dependency-Check report to be displayed in the Maven Generated Reports page.
92       *
93       * @param locale The Locale to get the description for
94       * @return the description
95       */
96      public String getDescription(Locale locale) {
97          return "Updates the local cache of the NVD data from NIST.";
98      }
99  
100 }