Coverage Report - org.owasp.dependencycheck.maven.CheckMojo
 
Classes in this File Line Coverage Branch Coverage Complexity
CheckMojo
0%
0/27
0%
0/6
2.25
 
 1   
 /*
 2   
  * This file is part of dependency-check-maven.
 3   
  *
 4   
  * Licensed under the Apache License, Version 2.0 (the "License");
 5   
  * you may not use this file except in compliance with the License.
 6   
  * You may obtain a copy of the License at
 7   
  *
 8   
  *     http://www.apache.org/licenses/LICENSE-2.0
 9   
  *
 10   
  * Unless required by applicable law or agreed to in writing, software
 11   
  * distributed under the License is distributed on an "AS IS" BASIS,
 12   
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13   
  * See the License for the specific language governing permissions and
 14   
  * limitations under the License.
 15   
  *
 16   
  * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
 17   
  */
 18   
 package org.owasp.dependencycheck.maven;
 19   
 
 20   
 import java.util.Locale;
 21   
 import java.util.logging.Level;
 22   
 import java.util.logging.Logger;
 23   
 import org.apache.maven.artifact.Artifact;
 24   
 import org.apache.maven.plugin.MojoExecutionException;
 25   
 import org.apache.maven.plugin.MojoFailureException;
 26   
 import org.apache.maven.plugins.annotations.LifecyclePhase;
 27   
 import org.apache.maven.plugins.annotations.Mojo;
 28   
 import org.apache.maven.plugins.annotations.ResolutionScope;
 29   
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 30   
 import org.owasp.dependencycheck.utils.Settings;
 31   
 
 32   
 /**
 33   
  * Maven Plugin that checks the project dependencies to see if they have any known published vulnerabilities.
 34   
  *
 35   
  * @author Jeremy Long <jeremy.long@owasp.org>
 36   
  */
 37   
 @Mojo(
 38   
         name = "check",
 39   
         defaultPhase = LifecyclePhase.COMPILE,
 40   
         threadSafe = true,
 41   
         requiresDependencyResolution = ResolutionScope.COMPILE_PLUS_RUNTIME,
 42   
         requiresOnline = true
 43   
 )
 44  0 
 public class CheckMojo extends BaseDependencyCheckMojo {
 45   
 
 46   
     /**
 47   
      * Logger field reference.
 48   
      */
 49  0 
     private static final Logger LOGGER = Logger.getLogger(CheckMojo.class.getName());
 50   
 
 51   
     /**
 52   
      * Returns whether or not a the report can be generated.
 53   
      *
 54   
      * @return <code>true</code> if the report can be generated; otherwise <code>false</code>
 55   
      */
 56   
     @Override
 57   
     public boolean canGenerateReport() {
 58  0 
         boolean isCapable = false;
 59  0 
         for (Artifact a : getProject().getArtifacts()) {
 60  0 
             if (!excludeFromScan(a)) {
 61  0 
                 isCapable = true;
 62  0 
                 break;
 63   
             }
 64  0 
         }
 65  0 
         return isCapable;
 66   
     }
 67   
 
 68   
     /**
 69   
      * Executes the dependency-check engine on the project's dependencies and generates the report.
 70   
      *
 71   
      * @throws MojoExecutionException thrown if there is an exception executing the goal
 72   
      * @throws MojoFailureException thrown if dependency-check is configured to fail the build
 73   
      */
 74   
     @Override
 75   
     public void runCheck() throws MojoExecutionException, MojoFailureException {
 76   
         final Engine engine;
 77   
         try {
 78  0 
             engine = initializeEngine();
 79  0 
         } catch (DatabaseException ex) {
 80  0 
             LOGGER.log(Level.FINE, "Database connection error", ex);
 81  0 
             throw new MojoExecutionException("An exception occured connecting to the local database. Please see the log file for more details.", ex);
 82  0 
         }
 83  0 
         scanArtifacts(getProject(), engine);
 84  0 
         if (engine.getDependencies().isEmpty()) {
 85  0 
             LOGGER.info("No dependencies were identified that could be analyzed by dependency-check");
 86   
         } else {
 87  0 
             engine.analyzeDependencies();
 88  0 
             writeReports(engine, getProject(), getCorrectOutputDirectory());
 89  0 
             writeDataFile(getProject(), null, engine.getDependencies());
 90  0 
             showSummary(getProject(), engine.getDependencies());
 91  0 
             checkForFailure(engine.getDependencies());
 92   
         }
 93  0 
         engine.cleanup();
 94  0 
         Settings.cleanup();
 95  0 
     }
 96   
 
 97   
     /**
 98   
      * Returns the report name.
 99   
      *
 100   
      * @param locale the location
 101   
      * @return the report name
 102   
      */
 103   
     public String getName(Locale locale) {
 104  0 
         return "dependency-check";
 105   
     }
 106   
 
 107   
     /**
 108   
      * Gets the description of the Dependency-Check report to be displayed in the Maven Generated Reports page.
 109   
      *
 110   
      * @param locale The Locale to get the description for
 111   
      * @return the description
 112   
      */
 113   
     public String getDescription(Locale locale) {
 114  0 
         return "Generates a report providing details on any published vulnerabilities within project dependencies. "
 115   
                 + "This report is a best effort and may contain false positives and false negatives.";
 116   
     }
 117   
 
 118   
 }
Report generated by Cobertura 2.0.3 on 3/6/15 6:10 AM.