View Javadoc
1   /*
2    * This file is part of dependency-check-maven.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2015 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.maven;
19  
20  import java.io.File;
21  import java.io.IOException;
22  import java.util.Locale;
23  import org.apache.maven.plugin.MojoExecutionException;
24  import org.apache.maven.plugin.MojoFailureException;
25  import org.apache.maven.plugins.annotations.LifecyclePhase;
26  import org.apache.maven.plugins.annotations.Mojo;
27  import org.apache.maven.plugins.annotations.ResolutionScope;
28  import org.owasp.dependencycheck.utils.Settings;
29  
30  /**
31   * Maven Plugin that purges the local copy of the NVD data.
32   *
33   * @author Jeremy Long
34   */
35  @Mojo(
36          name = "purge",
37          defaultPhase = LifecyclePhase.GENERATE_RESOURCES,
38          threadSafe = false,
39          requiresDependencyResolution = ResolutionScope.NONE,
40          requiresOnline = true,
41          aggregator = true
42  )
43  public class PurgeMojo extends BaseDependencyCheckMojo {
44  
45      /**
46       * Returns false; this mojo cannot generate a report.
47       *
48       * @return <code>false</code>
49       */
50      @Override
51      public boolean canGenerateReport() {
52          return false;
53      }
54  
55      /**
56       * Purges the local copy of the NVD.
57       *
58       * @throws MojoExecutionException thrown if there is an exception executing
59       * the goal
60       * @throws MojoFailureException thrown if dependency-check is configured to
61       * fail the build
62       */
63      @Override
64      public void runCheck() throws MojoExecutionException, MojoFailureException {
65  
66          if (getConnectionString() != null && !getConnectionString().isEmpty()) {
67              final String msg = "Unable to purge the local NVD when using a non-default connection string";
68              if (this.isFailOnError()) {
69                  throw new MojoFailureException(msg);
70              }
71              getLog().error(msg);
72          } else {
73              populateSettings();
74              File db;
75              try {
76                  db = new File(Settings.getDataDirectory(), "dc.h2.db");
77                  if (db.exists()) {
78                      if (db.delete()) {
79                          getLog().info("Database file purged; local copy of the NVD has been removed");
80                      } else {
81                          final String msg = String.format("Unable to delete '%s'; please delete the file manually", db.getAbsolutePath());
82                          if (this.isFailOnError()) {
83                              throw new MojoFailureException(msg);
84                          }
85                          getLog().error(msg);
86                      }
87                  } else {
88                      final String msg = String.format("Unable to purge database; the database file does not exists: %s", db.getAbsolutePath());
89                      if (this.isFailOnError()) {
90                          throw new MojoFailureException(msg);
91                      }
92                      getLog().error(msg);
93                  }
94              } catch (IOException ex) {
95                  final String msg = "Unable to delete the database";
96                  if (this.isFailOnError()) {
97                      throw new MojoExecutionException(msg, ex);
98                  }
99                  getLog().error(msg);
100             }
101             Settings.cleanup();
102         }
103     }
104 
105     /**
106      * Returns the report name.
107      *
108      * @param locale the location
109      * @return the report name
110      */
111     @Override
112     public String getName(Locale locale) {
113         return "dependency-check-purge";
114     }
115 
116     /**
117      * Gets the description of the Dependency-Check report to be displayed in
118      * the Maven Generated Reports page.
119      *
120      * @param locale The Locale to get the description for
121      * @return the description
122      */
123     @Override
124     public String getDescription(Locale locale) {
125         return "Purges the local cache of the NVD dataT.";
126     }
127 
128 }