Coverage Report - org.owasp.dependencycheck.maven.CheckMojo
 
Classes in this File Line Coverage Branch Coverage Complexity
CheckMojo
0%
0/28
0%
0/8
2.5
 
 1   
 /*
 2   
  * This file is part of dependency-check-maven.
 3   
  *
 4   
  * Licensed under the Apache License, Version 2.0 (the "License");
 5   
  * you may not use this file except in compliance with the License.
 6   
  * You may obtain a copy of the License at
 7   
  *
 8   
  *     http://www.apache.org/licenses/LICENSE-2.0
 9   
  *
 10   
  * Unless required by applicable law or agreed to in writing, software
 11   
  * distributed under the License is distributed on an "AS IS" BASIS,
 12   
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13   
  * See the License for the specific language governing permissions and
 14   
  * limitations under the License.
 15   
  *
 16   
  * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
 17   
  */
 18   
 package org.owasp.dependencycheck.maven;
 19   
 
 20   
 import java.util.Locale;
 21   
 import org.apache.maven.artifact.Artifact;
 22   
 import org.apache.maven.plugin.MojoExecutionException;
 23   
 import org.apache.maven.plugin.MojoFailureException;
 24   
 import org.apache.maven.plugins.annotations.LifecyclePhase;
 25   
 import org.apache.maven.plugins.annotations.Mojo;
 26   
 import org.apache.maven.plugins.annotations.Parameter;
 27   
 import org.apache.maven.plugins.annotations.ResolutionScope;
 28   
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 29   
 import org.owasp.dependencycheck.utils.Settings;
 30   
 
 31   
 /**
 32   
  * Maven Plugin that checks the project dependencies to see if they have any known published vulnerabilities.
 33   
  *
 34   
  * @author Jeremy Long
 35   
  */
 36   
 @Mojo(
 37   
         name = "check",
 38   
         defaultPhase = LifecyclePhase.VERIFY,
 39   
         threadSafe = false,
 40   
         requiresDependencyResolution = ResolutionScope.COMPILE_PLUS_RUNTIME,
 41   
         requiresOnline = true
 42   
 )
 43  0 
 public class CheckMojo extends BaseDependencyCheckMojo {
 44   
 
 45   
     /**
 46   
      * Returns whether or not a the report can be generated.
 47   
      *
 48   
      * @return <code>true</code> if the report can be generated; otherwise <code>false</code>
 49   
      */
 50   
     @Override
 51   
     public boolean canGenerateReport() {
 52  0 
         boolean isCapable = false;
 53  0 
         for (Artifact a : getProject().getArtifacts()) {
 54  0 
             if (!excludeFromScan(a)) {
 55  0 
                 isCapable = true;
 56  0 
                 break;
 57   
             }
 58  0 
         }
 59  0 
         return isCapable;
 60   
     }
 61   
 
 62   
     /**
 63   
      * Executes the dependency-check engine on the project's dependencies and generates the report.
 64   
      *
 65   
      * @throws MojoExecutionException thrown if there is an exception executing the goal
 66   
      * @throws MojoFailureException thrown if dependency-check is configured to fail the build
 67   
      */
 68   
     @Override
 69   
     public void runCheck() throws MojoExecutionException, MojoFailureException {
 70   
         final Engine engine;
 71   
         try {
 72  0 
             engine = initializeEngine();
 73  0 
         } catch (DatabaseException ex) {
 74  0 
             if (getLog().isDebugEnabled()) {
 75  0 
                 getLog().debug("Database connection error", ex);
 76   
             }
 77  0 
             throw new MojoExecutionException("An exception occured connecting to the local database. Please see the log file for more details.", ex);
 78  0 
         }
 79  0 
         scanArtifacts(getProject(), engine);
 80  0 
         if (engine.getDependencies().isEmpty()) {
 81  0 
             getLog().info("No dependencies were identified that could be analyzed by dependency-check");
 82   
         } else {
 83  0 
             engine.analyzeDependencies();
 84  0 
             writeReports(engine, getProject(), getCorrectOutputDirectory());
 85  0 
             writeDataFile(getProject(), null, engine.getDependencies());
 86  0 
             showSummary(getProject(), engine.getDependencies());
 87  0 
             checkForFailure(engine.getDependencies());
 88   
         }
 89  0 
         engine.cleanup();
 90  0 
         Settings.cleanup();
 91  0 
     }
 92   
 
 93   
     /**
 94   
      * The name of the report in the site.
 95   
      */
 96  0 
     @SuppressWarnings("CanBeFinal")
 97   
     @Parameter(property = "name", defaultValue = "dependency-check", required = true)
 98   
     private String name = "dependency-check";
 99   
 
 100   
     /**
 101   
      * Returns the report name.
 102   
      *
 103   
      * @param locale the location
 104   
      * @return the report name
 105   
      */
 106   
     @Override
 107   
     public String getName(Locale locale) {
 108  0 
         return name;
 109   
     }
 110   
 
 111   
     /**
 112   
      * Gets the description of the Dependency-Check report to be displayed in the Maven Generated Reports page.
 113   
      *
 114   
      * @param locale The Locale to get the description for
 115   
      * @return the description
 116   
      */
 117   
     @Override
 118   
     public String getDescription(Locale locale) {
 119  0 
         return "Generates a report providing details on any published vulnerabilities within project dependencies. "
 120   
                 + "This report is a best effort and may contain false positives and false negatives.";
 121   
     }
 122   
 
 123   
 }
Report generated by Cobertura 2.1.1 on 4/9/16 8:12 PM.