View Javadoc

1   /*
2    * This file is part of dependency-check-cli.
3    *
4    * Dependency-check-cli is free software: you can redistribute it and/or modify it
5    * under the terms of the GNU General Public License as published by the Free
6    * Software Foundation, either version 3 of the License, or (at your option) any
7    * later version.
8    *
9    * Dependency-check-cli is distributed in the hope that it will be useful, but
10   * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11   * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
12   * details.
13   *
14   * You should have received a copy of the GNU General Public License along with
15   * dependency-check-cli. If not, see http://www.gnu.org/licenses/.
16   *
17   * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
18   */
19  package org.owasp.dependencycheck;
20  
21  import java.io.File;
22  import java.io.FileNotFoundException;
23  import java.io.IOException;
24  import java.io.InputStream;
25  import java.util.List;
26  import java.util.logging.Level;
27  import java.util.logging.Logger;
28  import org.apache.commons.cli.ParseException;
29  import org.owasp.dependencycheck.reporting.ReportGenerator;
30  import org.owasp.dependencycheck.dependency.Dependency;
31  import org.owasp.dependencycheck.cli.CliParser;
32  import org.owasp.dependencycheck.utils.LogUtils;
33  import org.owasp.dependencycheck.utils.Settings;
34  
35  /*
36   * This file is part of App.
37   *
38   * App is free software: you can redistribute it and/or modify it under the
39   * terms of the GNU General Public License as published by the Free Software
40   * Foundation, either version 3 of the License, or (at your option) any later
41   * version.
42   *
43   * App is distributed in the hope that it will be useful, but WITHOUT ANY
44   * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
45   * A PARTICULAR PURPOSE. See the GNU General Public License for more details.
46   *
47   * You should have received a copy of the GNU General Public License along with
48   * App. If not, see http://www.gnu.org/licenses/.
49   *
50   * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
51   */
52  /**
53   * The command line interface for the DependencyCheck application.
54   *
55   * @author Jeremy Long (jeremy.long@owasp.org)
56   */
57  public class App {
58  
59      /**
60       * The location of the log properties configuration file.
61       */
62      private static final String LOG_PROPERTIES_FILE = "log.properties";
63  
64      /**
65       * The main method for the application.
66       *
67       * @param args the command line arguments
68       */
69      public static void main(String[] args) {
70          final App app = new App();
71          app.run(args);
72      }
73  
74      /**
75       * Main CLI entry-point into the application.
76       *
77       * @param args the command line arguments
78       */
79      public void run(String[] args) {
80  
81          final CliParser cli = new CliParser();
82          try {
83              cli.parse(args);
84          } catch (FileNotFoundException ex) {
85              System.err.println(ex.getMessage());
86              cli.printHelp();
87              return;
88          } catch (ParseException ex) {
89              System.err.println(ex.getMessage());
90              cli.printHelp();
91              return;
92          }
93  
94          final InputStream in = App.class.getClassLoader().getResourceAsStream(LOG_PROPERTIES_FILE);
95          LogUtils.prepareLogger(in, cli.getVerboseLog());
96  
97          if (cli.isGetVersion()) {
98              cli.printVersionInfo();
99          } else if (cli.isRunScan()) {
100             updateSettings(cli.isAutoUpdate(), cli.getConnectionTimeout(), cli.getProxyUrl(),
101                     cli.getProxyPort(), cli.getProxyUsername(), cli.getProxyPassword(),
102                     cli.getDataDirectory(), cli.getPropertiesFile(), cli.getSuppressionFile());
103             runScan(cli.getReportDirectory(), cli.getReportFormat(), cli.getApplicationName(), cli.getScanFiles());
104         } else {
105             cli.printHelp();
106         }
107     }
108 
109     /**
110      * Scans the specified directories and writes the dependency reports to the
111      * reportDirectory.
112      *
113      * @param reportDirectory the path to the directory where the reports will
114      * be written
115      * @param outputFormat the output format of the report
116      * @param applicationName the application name for the report
117      * @param files the files/directories to scan
118      */
119     private void runScan(String reportDirectory, String outputFormat, String applicationName, String[] files) {
120         final Engine scanner = new Engine();
121 
122         for (String file : files) {
123             scanner.scan(file);
124         }
125 
126         scanner.analyzeDependencies();
127         final List<Dependency> dependencies = scanner.getDependencies();
128 
129         final ReportGenerator report = new ReportGenerator(applicationName, dependencies, scanner.getAnalyzers());
130         try {
131             report.generateReports(reportDirectory, outputFormat);
132         } catch (IOException ex) {
133             Logger.getLogger(App.class.getName()).log(Level.SEVERE, "There was an IO error while attempting to generate the report.");
134             Logger.getLogger(App.class.getName()).log(Level.INFO, null, ex);
135         } catch (Exception ex) {
136             Logger.getLogger(App.class.getName()).log(Level.SEVERE, "There was an error while attempting to generate the report.");
137             Logger.getLogger(App.class.getName()).log(Level.INFO, null, ex);
138         }
139     }
140 
141     /**
142      * Updates the global Settings.
143      *
144      * @param autoUpdate whether or not to update cached web data sources
145      * @param connectionTimeout the timeout to use when downloading resources
146      * (null or blank will use default)
147      * @param proxyUrl the proxy url (null or blank means no proxy will be used)
148      * @param proxyPort the proxy port (null or blank means no port will be
149      * used)
150      * @param proxyUser the proxy user name
151      * @param proxyPass the password for the proxy
152      * @param dataDirectory the directory to store/retrieve persistent data from
153      * @param propertiesFile the properties file to utilize
154      * @param suppressionFile the path to the suppression file
155      */
156     private void updateSettings(boolean autoUpdate, String connectionTimeout, String proxyUrl, String proxyPort,
157             String proxyUser, String proxyPass, String dataDirectory, File propertiesFile,
158             String suppressionFile) {
159 
160         if (propertiesFile != null) {
161             try {
162                 Settings.mergeProperties(propertiesFile);
163             } catch (FileNotFoundException ex) {
164                 final String msg = String.format("Unable to load properties file '%s'", propertiesFile.getPath());
165                 Logger.getLogger(App.class.getName()).log(Level.SEVERE, msg);
166                 Logger.getLogger(App.class.getName()).log(Level.FINE, null, ex);
167             } catch (IOException ex) {
168                 final String msg = String.format("Unable to find properties file '%s'", propertiesFile.getPath());
169                 Logger.getLogger(App.class.getName()).log(Level.SEVERE, msg);
170                 Logger.getLogger(App.class.getName()).log(Level.FINE, null, ex);
171             }
172         }
173         if (dataDirectory != null) {
174             Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDirectory);
175         } else if (System.getProperty("basedir") != null) {
176             final File dataDir = new File(System.getProperty("basedir"), "data");
177             Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath());
178         } else {
179             final File jarPath = new File(App.class.getProtectionDomain().getCodeSource().getLocation().getPath());
180             final File base = jarPath.getParentFile();
181             final String sub = Settings.getString(Settings.KEYS.DATA_DIRECTORY);
182             final File dataDir = new File(base, sub);
183             Settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath());
184         }
185         Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
186         if (proxyUrl != null && !proxyUrl.isEmpty()) {
187             Settings.setString(Settings.KEYS.PROXY_URL, proxyUrl);
188         }
189         if (proxyPort != null && !proxyPort.isEmpty()) {
190             Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort);
191         }
192         if (proxyUser != null && !proxyUser.isEmpty()) {
193             Settings.setString(Settings.KEYS.PROXY_USERNAME, proxyUser);
194         }
195         if (proxyPass != null && !proxyPass.isEmpty()) {
196             Settings.setString(Settings.KEYS.PROXY_PASSWORD, proxyPass);
197         }
198         if (connectionTimeout != null && !connectionTimeout.isEmpty()) {
199             Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout);
200         }
201         if (suppressionFile != null && !suppressionFile.isEmpty()) {
202             Settings.setString(Settings.KEYS.SUPPRESSION_FILE, suppressionFile);
203         }
204     }
205 }