View Javadoc
1   /*
2    * This file is part of dependency-check-cli.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck;
19  
20  import java.io.File;
21  import java.io.FileNotFoundException;
22  import java.io.IOException;
23  import java.io.InputStream;
24  import java.util.List;
25  import java.util.logging.Level;
26  import java.util.logging.Logger;
27  import org.apache.commons.cli.ParseException;
28  import org.owasp.dependencycheck.cli.CliParser;
29  import org.owasp.dependencycheck.data.nvdcve.CveDB;
30  import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
31  import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
32  import org.owasp.dependencycheck.dependency.Dependency;
33  import org.owasp.dependencycheck.reporting.ReportGenerator;
34  import org.owasp.dependencycheck.utils.LogUtils;
35  import org.owasp.dependencycheck.utils.Settings;
36  
37  /**
38   * The command line interface for the DependencyCheck application.
39   *
40   * @author Jeremy Long <jeremy.long@owasp.org>
41   */
42  public class App {
43  
44      /**
45       * The location of the log properties configuration file.
46       */
47      private static final String LOG_PROPERTIES_FILE = "log.properties";
48  
49      /**
50       * The main method for the application.
51       *
52       * @param args the command line arguments
53       */
54      public static void main(String[] args) {
55          final App app = new App();
56          app.run(args);
57      }
58  
59      /**
60       * Main CLI entry-point into the application.
61       *
62       * @param args the command line arguments
63       */
64      public void run(String[] args) {
65  
66          final CliParser cli = new CliParser();
67          try {
68              cli.parse(args);
69          } catch (FileNotFoundException ex) {
70              System.err.println(ex.getMessage());
71              cli.printHelp();
72              return;
73          } catch (ParseException ex) {
74              System.err.println(ex.getMessage());
75              cli.printHelp();
76              return;
77          }
78  
79          final InputStream in = App.class.getClassLoader().getResourceAsStream(LOG_PROPERTIES_FILE);
80          LogUtils.prepareLogger(in, cli.getVerboseLog());
81  
82          if (cli.isGetVersion()) {
83              cli.printVersionInfo();
84          } else if (cli.isRunScan()) {
85              updateSettings(cli);
86              runScan(cli.getReportDirectory(), cli.getReportFormat(), cli.getApplicationName(), cli.getScanFiles());
87          } else {
88              cli.printHelp();
89          }
90      }
91  
92      /**
93       * Scans the specified directories and writes the dependency reports to the reportDirectory.
94       *
95       * @param reportDirectory the path to the directory where the reports will be written
96       * @param outputFormat the output format of the report
97       * @param applicationName the application name for the report
98       * @param files the files/directories to scan
99       */
100     private void runScan(String reportDirectory, String outputFormat, String applicationName, String[] files) {
101         final Engine scanner = new Engine();
102 
103         for (String file : files) {
104             scanner.scan(file);
105         }
106 
107         scanner.analyzeDependencies();
108         final List<Dependency> dependencies = scanner.getDependencies();
109         DatabaseProperties prop = null;
110         CveDB cve = null;
111         try {
112             cve = new CveDB();
113             cve.open();
114             prop = cve.getDatabaseProperties();
115         } catch (DatabaseException ex) {
116             Logger.getLogger(App.class.getName()).log(Level.FINE, "Unable to retrieve DB Properties", ex);
117         } finally {
118             if (cve != null) {
119                 cve.close();
120             }
121         }
122         final ReportGenerator report = new ReportGenerator(applicationName, dependencies, scanner.getAnalyzers(), prop);
123         try {
124             report.generateReports(reportDirectory, outputFormat);
125         } catch (IOException ex) {
126             Logger.getLogger(App.class.getName()).log(Level.SEVERE, "There was an IO error while attempting to generate the report.");
127             Logger.getLogger(App.class.getName()).log(Level.INFO, null, ex);
128         } catch (Exception ex) {
129             Logger.getLogger(App.class.getName()).log(Level.SEVERE, "There was an error while attempting to generate the report.");
130             Logger.getLogger(App.class.getName()).log(Level.INFO, null, ex);
131         }
132     }
133 
134     /**
135      * Updates the global Settings.
136      *
137      * @param cli a reference to the CLI Parser that contains the command line arguments used to set the corresponding
138      * settings in the core engine.
139      */
140     private void updateSettings(CliParser cli) {
141 
142         final boolean autoUpdate = cli.isAutoUpdate();
143         final String connectionTimeout = cli.getConnectionTimeout();
144         final String proxyUrl = cli.getProxyUrl();
145         final String proxyPort = cli.getProxyPort();
146         final String proxyUser = cli.getProxyUsername();
147         final String proxyPass = cli.getProxyPassword();
148         final String dataDirectory = cli.getDataDirectory();
149         final File propertiesFile = cli.getPropertiesFile();
150         final String suppressionFile = cli.getSuppressionFile();
151         final boolean nexusDisabled = cli.isNexusDisabled();
152         final String nexusUrl = cli.getNexusUrl();
153         final String databaseDriverName = cli.getDatabaseDriverName();
154         final String databaseDriverPath = cli.getDatabaseDriverPath();
155         final String connectionString = cli.getConnectionString();
156         final String databaseUser = cli.getDatabaseUser();
157         final String databasePassword = cli.getDatabasePassword();
158 
159         if (propertiesFile != null) {
160             try {
161                 Settings.mergeProperties(propertiesFile);
162             } catch (FileNotFoundException ex) {
163                 final String msg = String.format("Unable to load properties file '%s'", propertiesFile.getPath());
164                 Logger.getLogger(App.class.getName()).log(Level.SEVERE, msg);
165                 Logger.getLogger(App.class.getName()).log(Level.FINE, null, ex);
166             } catch (IOException ex) {
167                 final String msg = String.format("Unable to find properties file '%s'", propertiesFile.getPath());
168                 Logger.getLogger(App.class.getName()).log(Level.SEVERE, msg);
169                 Logger.getLogger(App.class.getName()).log(Level.FINE, null, ex);
170             }
171         }
172         if (dataDirectory != null) {
173             Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDirectory);
174         } else if (System.getProperty("basedir") != null) {
175             final File dataDir = new File(System.getProperty("basedir"), "data");
176             Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath());
177         } else {
178             final File jarPath = new File(App.class.getProtectionDomain().getCodeSource().getLocation().getPath());
179             final File base = jarPath.getParentFile();
180             final String sub = Settings.getString(Settings.KEYS.DATA_DIRECTORY);
181             final File dataDir = new File(base, sub);
182             Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath());
183         }
184         Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
185         if (proxyUrl != null && !proxyUrl.isEmpty()) {
186             Settings.setString(Settings.KEYS.PROXY_URL, proxyUrl);
187         }
188         if (proxyPort != null && !proxyPort.isEmpty()) {
189             Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort);
190         }
191         if (proxyUser != null && !proxyUser.isEmpty()) {
192             Settings.setString(Settings.KEYS.PROXY_USERNAME, proxyUser);
193         }
194         if (proxyPass != null && !proxyPass.isEmpty()) {
195             Settings.setString(Settings.KEYS.PROXY_PASSWORD, proxyPass);
196         }
197         if (connectionTimeout != null && !connectionTimeout.isEmpty()) {
198             Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout);
199         }
200         if (suppressionFile != null && !suppressionFile.isEmpty()) {
201             Settings.setString(Settings.KEYS.SUPPRESSION_FILE, suppressionFile);
202         }
203         Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, !nexusDisabled);
204         if (nexusUrl != null && !nexusUrl.isEmpty()) {
205             Settings.setString(Settings.KEYS.ANALYZER_NEXUS_URL, nexusUrl);
206         }
207 
208         if (databaseDriverName != null && !databaseDriverName.isEmpty()) {
209             Settings.setString(Settings.KEYS.DB_DRIVER_NAME, databaseDriverName);
210         }
211         if (databaseDriverPath != null && !databaseDriverPath.isEmpty()) {
212             Settings.setString(Settings.KEYS.DB_DRIVER_PATH, databaseDriverPath);
213         }
214         if (connectionString != null && !connectionString.isEmpty()) {
215             Settings.setString(Settings.KEYS.DB_CONNECTION_STRING, connectionString);
216         }
217         if (databaseUser != null && !databaseUser.isEmpty()) {
218             Settings.setString(Settings.KEYS.DB_USER, databaseUser);
219         }
220         if (databasePassword != null && !databasePassword.isEmpty()) {
221             Settings.setString(Settings.KEYS.DB_PASSWORD, databasePassword);
222         }
223     }
224 }