Coverage Report

Coverage Report - org.owasp.dependencycheck.App

Classes in this File

Line Coverage

Branch Coverage

Complexity

App

0/75

0/36

7.5

 /*
  * This file is part of dependency-check-cli.
  *
  * Dependency-check-cli is free software: you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the Free
  * Software Foundation, either version 3 of the License, or (at your option) any
  * later version.
  *
  * Dependency-check-cli is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  * details.
  *
  * You should have received a copy of the GNU General Public License along with
  * dependency-check-cli. If not, see http://www.gnu.org/licenses/.
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck;
 
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import org.apache.commons.cli.ParseException;
 import org.owasp.dependencycheck.reporting.ReportGenerator;
 import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.cli.CliParser;
 import org.owasp.dependencycheck.utils.LogUtils;
 import org.owasp.dependencycheck.utils.Settings;
 
 /*
  * This file is part of App.
  *
  * App is free software: you can redistribute it and/or modify it under the
  * terms of the GNU General Public License as published by the Free Software
  * Foundation, either version 3 of the License, or (at your option) any later
  * version.
  *
  * App is distributed in the hope that it will be useful, but WITHOUT ANY
  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
  * A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License along with
  * App. If not, see http://www.gnu.org/licenses/.
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
 /**
  * The command line interface for the DependencyCheck application.
  *
  * @author Jeremy Long (jeremy.long@owasp.org)
  */
 public class App {
 
     /**
      * The location of the log properties configuration file.
      */
     private static final String LOG_PROPERTIES_FILE = "log.properties";
 
     /**
      * The main method for the application.
      *
      * @param args the command line arguments
      */
     public static void main(String[] args) {
         final App app = new App();
         app.run(args);
     }
 
     /**
      * Main CLI entry-point into the application.
      *
      * @param args the command line arguments
      */
     public void run(String[] args) {
 
         final CliParser cli = new CliParser();
         try {
             cli.parse(args);
         } catch (FileNotFoundException ex) {
             System.err.println(ex.getMessage());
             cli.printHelp();
             return;
         } catch (ParseException ex) {
             System.err.println(ex.getMessage());
             cli.printHelp();
             return;
         }
 
         final InputStream in = App.class.getClassLoader().getResourceAsStream(LOG_PROPERTIES_FILE);
         LogUtils.prepareLogger(in, cli.getVerboseLog());
 
         if (cli.isGetVersion()) {
             cli.printVersionInfo();
         } else if (cli.isRunScan()) {
             updateSettings(cli.isAutoUpdate(), cli.getConnectionTimeout(), cli.getProxyUrl(),
                     cli.getProxyPort(), cli.getProxyUsername(), cli.getProxyPassword(),
                     cli.getDataDirectory(), cli.getPropertiesFile(), cli.getSuppressionFile());
             runScan(cli.getReportDirectory(), cli.getReportFormat(), cli.getApplicationName(), cli.getScanFiles());
         } else {
             cli.printHelp();
         }
     }
 
     /**
      * Scans the specified directories and writes the dependency reports to the
      * reportDirectory.
      *
      * @param reportDirectory the path to the directory where the reports will
      * be written
      * @param outputFormat the output format of the report
      * @param applicationName the application name for the report
      * @param files the files/directories to scan
      */
     private void runScan(String reportDirectory, String outputFormat, String applicationName, String[] files) {
         final Engine scanner = new Engine();
 
         for (String file : files) {
             scanner.scan(file);
         }
 
         scanner.analyzeDependencies();
         final List<Dependency> dependencies = scanner.getDependencies();
 
         final ReportGenerator report = new ReportGenerator(applicationName, dependencies, scanner.getAnalyzers());
         try {
             report.generateReports(reportDirectory, outputFormat);
         } catch (IOException ex) {
             Logger.getLogger(App.class.getName()).log(Level.SEVERE, "There was an IO error while attempting to generate the report.");
             Logger.getLogger(App.class.getName()).log(Level.INFO, null, ex);
         } catch (Exception ex) {
             Logger.getLogger(App.class.getName()).log(Level.SEVERE, "There was an error while attempting to generate the report.");
             Logger.getLogger(App.class.getName()).log(Level.INFO, null, ex);
         }
     }
 
     /**
      * Updates the global Settings.
      *
      * @param autoUpdate whether or not to update cached web data sources
      * @param connectionTimeout the timeout to use when downloading resources
      * (null or blank will use default)
      * @param proxyUrl the proxy url (null or blank means no proxy will be used)
      * @param proxyPort the proxy port (null or blank means no port will be
      * used)
      * @param proxyUser the proxy user name
      * @param proxyPass the password for the proxy
      * @param dataDirectory the directory to store/retrieve persistent data from
      * @param propertiesFile the properties file to utilize
      * @param suppressionFile the path to the suppression file
      */
     private void updateSettings(boolean autoUpdate, String connectionTimeout, String proxyUrl, String proxyPort,
             String proxyUser, String proxyPass, String dataDirectory, File propertiesFile,
             String suppressionFile) {
 
         if (propertiesFile != null) {
             try {
                 Settings.mergeProperties(propertiesFile);
             } catch (FileNotFoundException ex) {
                 final String msg = String.format("Unable to load properties file '%s'", propertiesFile.getPath());
                 Logger.getLogger(App.class.getName()).log(Level.SEVERE, msg);
                 Logger.getLogger(App.class.getName()).log(Level.FINE, null, ex);
             } catch (IOException ex) {
                 final String msg = String.format("Unable to find properties file '%s'", propertiesFile.getPath());
                 Logger.getLogger(App.class.getName()).log(Level.SEVERE, msg);
                 Logger.getLogger(App.class.getName()).log(Level.FINE, null, ex);
             }
         }
         if (dataDirectory != null) {
             Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDirectory);
         } else if (System.getProperty("basedir") != null) {
             final File dataDir = new File(System.getProperty("basedir"), "data");
             Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath());
         } else {
             final File jarPath = new File(App.class.getProtectionDomain().getCodeSource().getLocation().getPath());
             final File base = jarPath.getParentFile();
             final String sub = Settings.getString(Settings.KEYS.DATA_DIRECTORY);
             final File dataDir = new File(base, sub);
             Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath());
         }
         Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
         if (proxyUrl != null && !proxyUrl.isEmpty()) {
             Settings.setString(Settings.KEYS.PROXY_URL, proxyUrl);
         }
         if (proxyPort != null && !proxyPort.isEmpty()) {
             Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort);
         }
         if (proxyUser != null && !proxyUser.isEmpty()) {
             Settings.setString(Settings.KEYS.PROXY_USERNAME, proxyUser);
         }
         if (proxyPass != null && !proxyPass.isEmpty()) {
             Settings.setString(Settings.KEYS.PROXY_PASSWORD, proxyPass);
         }
         if (connectionTimeout != null && !connectionTimeout.isEmpty()) {
             Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout);
         }
         if (suppressionFile != null && !suppressionFile.isEmpty()) {
             Settings.setString(Settings.KEYS.SUPPRESSION_FILE, suppressionFile);
         }
     }
 }

1		/*
2		* This file is part of dependency-check-cli.
3		*
4		* Dependency-check-cli is free software: you can redistribute it and/or modify it
5		* under the terms of the GNU General Public License as published by the Free
6		* Software Foundation, either version 3 of the License, or (at your option) any
7		* later version.
8		*
9		* Dependency-check-cli is distributed in the hope that it will be useful, but
10		* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11		* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
12		* details.
13		*
14		* You should have received a copy of the GNU General Public License along with
15		* dependency-check-cli. If not, see http://www.gnu.org/licenses/.
16		*
17		* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
18		*/
19		package org.owasp.dependencycheck;
20
21		import java.io.File;
22		import java.io.FileNotFoundException;
23		import java.io.IOException;
24		import java.io.InputStream;
25		import java.util.List;
26		import java.util.logging.Level;
27		import java.util.logging.Logger;
28		import org.apache.commons.cli.ParseException;
29		import org.owasp.dependencycheck.reporting.ReportGenerator;
30		import org.owasp.dependencycheck.dependency.Dependency;
31		import org.owasp.dependencycheck.cli.CliParser;
32		import org.owasp.dependencycheck.utils.LogUtils;
33		import org.owasp.dependencycheck.utils.Settings;
34
35		/*
36		* This file is part of App.
37		*
38		* App is free software: you can redistribute it and/or modify it under the
39		* terms of the GNU General Public License as published by the Free Software
40		* Foundation, either version 3 of the License, or (at your option) any later
41		* version.
42		*
43		* App is distributed in the hope that it will be useful, but WITHOUT ANY
44		* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
45		* A PARTICULAR PURPOSE. See the GNU General Public License for more details.
46		*
47		* You should have received a copy of the GNU General Public License along with
48		* App. If not, see http://www.gnu.org/licenses/.
49		*
50		* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
51		*/
52		/**
53		* The command line interface for the DependencyCheck application.
54		*
55		* @author Jeremy Long (jeremy.long@owasp.org)
56		*/
57	0	public class App {
58
59		/**
60		* The location of the log properties configuration file.
61		*/
62		private static final String LOG_PROPERTIES_FILE = "log.properties";
63
64		/**
65		* The main method for the application.
66		*
67		* @param args the command line arguments
68		*/
69		public static void main(String[] args) {
70	0	final App app = new App();
71	0	app.run(args);
72	0	}
73
74		/**
75		* Main CLI entry-point into the application.
76		*
77		* @param args the command line arguments
78		*/
79		public void run(String[] args) {
80
81	0	final CliParser cli = new CliParser();
82		try {
83	0	cli.parse(args);
84	0	} catch (FileNotFoundException ex) {
85	0	System.err.println(ex.getMessage());
86	0	cli.printHelp();
87	0	return;
88	0	} catch (ParseException ex) {
89	0	System.err.println(ex.getMessage());
90	0	cli.printHelp();
91	0	return;
92	0	}
93
94	0	final InputStream in = App.class.getClassLoader().getResourceAsStream(LOG_PROPERTIES_FILE);
95	0	LogUtils.prepareLogger(in, cli.getVerboseLog());
96
97	0	if (cli.isGetVersion()) {
98	0	cli.printVersionInfo();
99	0	} else if (cli.isRunScan()) {
100	0	updateSettings(cli.isAutoUpdate(), cli.getConnectionTimeout(), cli.getProxyUrl(),
101		cli.getProxyPort(), cli.getProxyUsername(), cli.getProxyPassword(),
102		cli.getDataDirectory(), cli.getPropertiesFile(), cli.getSuppressionFile());
103	0	runScan(cli.getReportDirectory(), cli.getReportFormat(), cli.getApplicationName(), cli.getScanFiles());
104		} else {
105	0	cli.printHelp();
106		}
107	0	}
108
109		/**
110		* Scans the specified directories and writes the dependency reports to the
111		* reportDirectory.
112		*
113		* @param reportDirectory the path to the directory where the reports will
114		* be written
115		* @param outputFormat the output format of the report
116		* @param applicationName the application name for the report
117		* @param files the files/directories to scan
118		*/
119		private void runScan(String reportDirectory, String outputFormat, String applicationName, String[] files) {
120	0	final Engine scanner = new Engine();
121
122	0	for (String file : files) {
123	0	scanner.scan(file);
124		}
125
126	0	scanner.analyzeDependencies();
127	0	final List<Dependency> dependencies = scanner.getDependencies();
128
129	0	final ReportGenerator report = new ReportGenerator(applicationName, dependencies, scanner.getAnalyzers());
130		try {
131	0	report.generateReports(reportDirectory, outputFormat);
132	0	} catch (IOException ex) {
133	0	Logger.getLogger(App.class.getName()).log(Level.SEVERE, "There was an IO error while attempting to generate the report.");
134	0	Logger.getLogger(App.class.getName()).log(Level.INFO, null, ex);
135	0	} catch (Exception ex) {
136	0	Logger.getLogger(App.class.getName()).log(Level.SEVERE, "There was an error while attempting to generate the report.");
137	0	Logger.getLogger(App.class.getName()).log(Level.INFO, null, ex);
138	0	}
139	0	}
140
141		/**
142		* Updates the global Settings.
143		*
144		* @param autoUpdate whether or not to update cached web data sources
145		* @param connectionTimeout the timeout to use when downloading resources
146		* (null or blank will use default)
147		* @param proxyUrl the proxy url (null or blank means no proxy will be used)
148		* @param proxyPort the proxy port (null or blank means no port will be
149		* used)
150		* @param proxyUser the proxy user name
151		* @param proxyPass the password for the proxy
152		* @param dataDirectory the directory to store/retrieve persistent data from
153		* @param propertiesFile the properties file to utilize
154		* @param suppressionFile the path to the suppression file
155		*/
156		private void updateSettings(boolean autoUpdate, String connectionTimeout, String proxyUrl, String proxyPort,
157		String proxyUser, String proxyPass, String dataDirectory, File propertiesFile,
158		String suppressionFile) {
159
160	0	if (propertiesFile != null) {
161		try {
162	0	Settings.mergeProperties(propertiesFile);
163	0	} catch (FileNotFoundException ex) {
164	0	final String msg = String.format("Unable to load properties file '%s'", propertiesFile.getPath());
165	0	Logger.getLogger(App.class.getName()).log(Level.SEVERE, msg);
166	0	Logger.getLogger(App.class.getName()).log(Level.FINE, null, ex);
167	0	} catch (IOException ex) {
168	0	final String msg = String.format("Unable to find properties file '%s'", propertiesFile.getPath());
169	0	Logger.getLogger(App.class.getName()).log(Level.SEVERE, msg);
170	0	Logger.getLogger(App.class.getName()).log(Level.FINE, null, ex);
171	0	}
172		}
173	0	if (dataDirectory != null) {
174	0	Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDirectory);
175	0	} else if (System.getProperty("basedir") != null) {
176	0	final File dataDir = new File(System.getProperty("basedir"), "data");
177	0	Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath());
178	0	} else {
179	0	final File jarPath = new File(App.class.getProtectionDomain().getCodeSource().getLocation().getPath());
180	0	final File base = jarPath.getParentFile();
181	0	final String sub = Settings.getString(Settings.KEYS.DATA_DIRECTORY);
182	0	final File dataDir = new File(base, sub);
183	0	Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath());
184		}
185	0	Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
186	0	if (proxyUrl != null && !proxyUrl.isEmpty()) {
187	0	Settings.setString(Settings.KEYS.PROXY_URL, proxyUrl);
188		}
189	0	if (proxyPort != null && !proxyPort.isEmpty()) {
190	0	Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort);
191		}
192	0	if (proxyUser != null && !proxyUser.isEmpty()) {
193	0	Settings.setString(Settings.KEYS.PROXY_USERNAME, proxyUser);
194		}
195	0	if (proxyPass != null && !proxyPass.isEmpty()) {
196	0	Settings.setString(Settings.KEYS.PROXY_PASSWORD, proxyPass);
197		}
198	0	if (connectionTimeout != null && !connectionTimeout.isEmpty()) {
199	0	Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout);
200		}
201	0	if (suppressionFile != null && !suppressionFile.isEmpty()) {
202	0	Settings.setString(Settings.KEYS.SUPPRESSION_FILE, suppressionFile);
203		}
204	0	}
205		}