Check.java
- /*
- * This file is part of dependency-check-ant.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
- */
- package org.owasp.dependencycheck.taskdefs;
- import java.io.File;
- import java.util.ArrayList;
- import java.util.List;
- import java.util.stream.Collectors;
- import java.util.stream.Stream;
- import javax.annotation.concurrent.NotThreadSafe;
- import org.apache.tools.ant.BuildException;
- import org.apache.tools.ant.Project;
- import org.apache.tools.ant.types.EnumeratedAttribute;
- import org.apache.tools.ant.types.Reference;
- import org.apache.tools.ant.types.Resource;
- import org.apache.tools.ant.types.ResourceCollection;
- import org.apache.tools.ant.types.resources.FileProvider;
- import org.apache.tools.ant.types.resources.Resources;
- import org.owasp.dependencycheck.Engine;
- import org.owasp.dependencycheck.agent.DependencyCheckScanAgent;
- import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
- import org.owasp.dependencycheck.dependency.Dependency;
- import org.owasp.dependencycheck.dependency.Vulnerability;
- import org.owasp.dependencycheck.dependency.naming.Identifier;
- import org.owasp.dependencycheck.exception.ExceptionCollection;
- import org.owasp.dependencycheck.exception.ReportException;
- import org.owasp.dependencycheck.reporting.ReportGenerator.Format;
- import org.owasp.dependencycheck.utils.Downloader;
- import org.owasp.dependencycheck.utils.InvalidSettingException;
- import org.owasp.dependencycheck.utils.Settings;
- import org.owasp.dependencycheck.utils.SeverityUtil;
- import org.slf4j.impl.StaticLoggerBinder;
- //CSOFF: MethodCount
- /**
- * An Ant task definition to execute dependency-check during an Ant build.
- *
- * @author Jeremy Long
- */
- @NotThreadSafe
- public class Check extends Update {
- /**
- * System specific new line character.
- */
- private static final String NEW_LINE = System.getProperty("line.separator", "\n").intern();
- /**
- * Whether the ruby gemspec analyzer should be enabled.
- */
- private Boolean rubygemsAnalyzerEnabled;
- /**
- * Whether or not the Node.js Analyzer is enabled.
- */
- private Boolean nodeAnalyzerEnabled;
- /**
- * Whether or not the Node Audit Analyzer is enabled.
- */
- private Boolean nodeAuditAnalyzerEnabled;
- /**
- * Whether or not the Yarn Audit Analyzer is enabled.
- */
- private Boolean yarnAuditAnalyzerEnabled;
- /**
- * Whether or not the Pnpm Audit Analyzer is enabled.
- */
- private Boolean pnpmAuditAnalyzerEnabled;
- /**
- * Sets whether or not the Node Audit Analyzer should use a local cache.
- */
- private Boolean nodeAuditAnalyzerUseCache;
- /**
- * Sets whether or not the Node Package Analyzer should skip dev
- * dependencies.
- */
- private Boolean nodePackageSkipDevDependencies;
- /**
- * Sets whether or not the Node Audit Analyzer should use a local cache.
- */
- private Boolean nodeAuditSkipDevDependencies;
- /**
- * The list of filters (regular expressions) used by the RetireJS Analyzer
- * to exclude files that contain matching content..
- */
- @SuppressWarnings("CanBeFinal")
- private final List<String> retirejsFilters = new ArrayList<>();
- /**
- * Whether or not the RetireJS Analyzer filters non-vulnerable JS files from
- * the report; default is false.
- */
- private Boolean retirejsFilterNonVulnerable;
- /**
- * Whether or not the Ruby Bundle Audit Analyzer is enabled.
- */
- private Boolean bundleAuditAnalyzerEnabled;
- /**
- * Whether the CMake analyzer should be enabled.
- */
- private Boolean cmakeAnalyzerEnabled;
- /**
- * Whether or not the Open SSL analyzer is enabled.
- */
- private Boolean opensslAnalyzerEnabled;
- /**
- * Whether the python package analyzer should be enabled.
- */
- private Boolean pyPackageAnalyzerEnabled;
- /**
- * Whether the python distribution analyzer should be enabled.
- */
- private Boolean pyDistributionAnalyzerEnabled;
- /**
- * Whether or not the mix audit analyzer is enabled.
- */
- private Boolean mixAuditAnalyzerEnabled;
- /**
- * Whether or not the central analyzer is enabled.
- */
- private Boolean centralAnalyzerEnabled;
- /**
- * Whether or not the Central Analyzer should use a local cache.
- */
- private Boolean centralAnalyzerUseCache;
- /**
- * Whether or not the nexus analyzer is enabled.
- */
- private Boolean nexusAnalyzerEnabled;
- /**
- * The URL of a Nexus server's REST API end point
- * (http://domain/nexus/service/local).
- */
- private String nexusUrl;
- /**
- * The username to authenticate to the Nexus Server's REST API Endpoint.
- */
- private String nexusUser;
- /**
- * The password to authenticate to the Nexus Server's REST API Endpoint.
- */
- private String nexusPassword;
- /**
- * Whether or not the defined proxy should be used when connecting to Nexus.
- */
- private Boolean nexusUsesProxy;
- /**
- * Sets whether the Golang Dependency analyzer is enabled. Default is true.
- */
- private Boolean golangDepEnabled;
- /**
- * Sets whether Golang Module Analyzer is enabled; this requires `go` to be
- * installed. Default is true.
- */
- private Boolean golangModEnabled;
- /**
- * Sets the path to `go`.
- */
- private String pathToGo;
- /**
- * Sets whether the Dart analyzer is enabled. Default is true.
- */
- private Boolean dartAnalyzerEnabled;
- /**
- * The path to `yarn`.
- */
- private String pathToYarn;
- /**
- * The path to `pnpm`.
- */
- private String pathToPnpm;
- /**
- * Additional ZIP File extensions to add analyze. This should be a
- * comma-separated list of file extensions to treat like ZIP files.
- */
- private String zipExtensions;
- /**
- * The path to dotnet core for .NET assembly analysis.
- */
- private String pathToCore;
- /**
- * The name of the project being analyzed.
- */
- private String projectName = "dependency-check";
- /**
- * Specifies the destination directory for the generated Dependency-Check
- * report.
- */
- private String reportOutputDirectory = ".";
- /**
- * If using the JUNIT report format the junitFailOnCVSS sets the CVSS score
- * threshold that is considered a failure. The default is 0.
- */
- private float junitFailOnCVSS = 0;
- /**
- * Specifies if the build should be failed if a CVSS score above a specified
- * level is identified. The default is 11 which means since the CVSS scores
- * are 0-10, by default the build will never fail and the CVSS score is set
- * to 11. The valid range for the fail build on CVSS is 0 to 11, where
- * anything above 10 will not cause the build to fail.
- */
- private float failBuildOnCVSS = 11;
- /**
- * Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not
- * recommended that this be turned to false. Default is true.
- */
- private Boolean autoUpdate;
- /**
- * The report format to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF,
- * JENKINS, GITLAB, ALL). Default is HTML.
- */
- private String reportFormat = "HTML";
- /**
- * The report format to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF,
- * JENKINS, GITLAB, ALL). Default is HTML.
- */
- private final List<String> reportFormats = new ArrayList<>();
- /**
- * Whether the JSON and XML reports should be pretty printed; the default is
- * false.
- */
- private Boolean prettyPrint = null;
- /**
- * Suppression file paths.
- */
- @SuppressWarnings("CanBeFinal")
- private final List<String> suppressionFiles = new ArrayList<>();
- /**
- * The path to the suppression file.
- */
- private String hintsFile;
- /**
- * flag indicating whether or not to show a summary of findings.
- */
- private boolean showSummary = true;
- /**
- * Whether experimental analyzers are enabled.
- */
- private Boolean enableExperimental;
- /**
- * Whether retired analyzers are enabled.
- */
- private Boolean enableRetired;
- /**
- * Whether or not the Jar Analyzer is enabled.
- */
- private Boolean jarAnalyzerEnabled;
- /**
- * Whether or not the Archive Analyzer is enabled.
- */
- private Boolean archiveAnalyzerEnabled;
- /**
- * Whether or not the .NET Nuspec Analyzer is enabled.
- */
- private Boolean nuspecAnalyzerEnabled;
- /**
- * Whether or not the .NET Nuget packages.config file Analyzer is enabled.
- */
- private Boolean nugetconfAnalyzerEnabled;
- /**
- * Whether or not the Libman Analyzer is enabled.
- */
- private Boolean libmanAnalyzerEnabled;
- /**
- * Whether or not the PHP Composer Analyzer is enabled.
- */
- private Boolean composerAnalyzerEnabled;
- /**
- * Whether or not the PHP Composer Analyzer will skip "packages-dev".
- */
- private Boolean composerAnalyzerSkipDev;
- /**
- * Whether or not the Perl CPAN File Analyzer is enabled.
- */
- private Boolean cpanfileAnalyzerEnabled;
- /**
- * Whether or not the .NET Assembly Analyzer is enabled.
- */
- private Boolean assemblyAnalyzerEnabled;
- /**
- * Whether or not the MS Build Assembly Analyzer is enabled.
- */
- private Boolean msbuildAnalyzerEnabled;
- /**
- * Whether the autoconf analyzer should be enabled.
- */
- private Boolean autoconfAnalyzerEnabled;
- /**
- * Whether the pip analyzer should be enabled.
- */
- private Boolean pipAnalyzerEnabled;
- /**
- * Whether the Maven install.json analyzer should be enabled.
- */
- private Boolean mavenInstallAnalyzerEnabled;
- /**
- * Whether the pipfile analyzer should be enabled.
- */
- private Boolean pipfileAnalyzerEnabled;
- /**
- * Whether the Poetry analyzer should be enabled.
- */
- private Boolean poetryAnalyzerEnabled;
- /**
- * Sets the path for the mix_audit binary.
- */
- private String mixAuditPath;
- /**
- * Sets the path for the bundle-audit binary.
- */
- private String bundleAuditPath;
- /**
- * Sets the path for the working directory that the bundle-audit binary
- * should be executed from.
- */
- private String bundleAuditWorkingDirectory;
- /**
- * Whether or not the CocoaPods Analyzer is enabled.
- */
- private Boolean cocoapodsAnalyzerEnabled;
- /**
- * Whether or not the Carthage Analyzer is enabled.
- */
- private Boolean carthageAnalyzerEnabled;
- /**
- * Whether or not the Swift package Analyzer is enabled.
- */
- private Boolean swiftPackageManagerAnalyzerEnabled;
- /**
- * Whether or not the Swift package Analyzer is enabled.
- */
- private Boolean swiftPackageResolvedAnalyzerEnabled;
- /**
- * Whether or not the Sonatype OSS Index analyzer is enabled.
- */
- private Boolean ossindexAnalyzerEnabled;
- /**
- * Whether or not the Sonatype OSS Index analyzer should cache results.
- */
- private Boolean ossindexAnalyzerUseCache;
- /**
- * URL of the Sonatype OSS Index service.
- */
- private String ossindexAnalyzerUrl;
- /**
- * The username to use for the Sonatype OSS Index service.
- */
- private String ossindexAnalyzerUsername;
- /**
- * The password to use for the Sonatype OSS Index service.
- */
- private String ossindexAnalyzerPassword;
- /**
- * Whether we should only warn about Sonatype OSS Index remote errors
- * instead of failing completely.
- */
- private Boolean ossIndexAnalyzerWarnOnlyOnRemoteErrors;
- /**
- * Whether or not the Artifactory Analyzer is enabled.
- */
- private Boolean artifactoryAnalyzerEnabled;
- /**
- * The URL to Artifactory.
- */
- private String artifactoryAnalyzerUrl;
- /**
- * Whether or not Artifactory analysis should use the proxy..
- */
- private Boolean artifactoryAnalyzerUseProxy;
- /**
- * Whether or not Artifactory analysis should be parallelized.
- */
- private Boolean artifactoryAnalyzerParallelAnalysis;
- /**
- * The Artifactory username needed to connect.
- */
- private String artifactoryAnalyzerUsername;
- /**
- * The Artifactory API token needed to connect.
- */
- private String artifactoryAnalyzerApiToken;
- /**
- * The Artifactory bearer token.
- */
- private String artifactoryAnalyzerBearerToken;
- /**
- * Whether the version check is enabled
- */
- private Boolean versionCheckEnabled;
- /**
- * whether an unsused suppression rule should get force the build to fail
- */
- private boolean failBuildOnUnusedSuppressionRule = false;
- /**
- * The username to download user-authored suppression files from an HTTP Basic auth protected location.
- */
- private String suppressionFileUser;
- /**
- * The password to download user-authored suppression files from an HTTP Basic auth protected location.
- */
- private String suppressionFilePassword;
- /**
- * The token to download user-authored suppression files from an HTTP Bearer auth protected location.
- */
- private String suppressionFileBearerToken;
- //region Code copied from org.apache.tools.ant.taskdefs.PathConvert
- //The following code was copied Apache Ant PathConvert
- /**
- * Path to be converted
- */
- private Resources path = null;
- /**
- * Reference to path/file set to convert
- */
- private Reference refId = null;
- /**
- * Add an arbitrary ResourceCollection.
- *
- * @param rc the ResourceCollection to add.
- * @since Ant 1.7
- */
- public void add(ResourceCollection rc) {
- if (isReference()) {
- throw new BuildException("Nested elements are not allowed when using the refId attribute.");
- }
- getPath().add(rc);
- }
- /**
- * Returns the path. If the path has not been initialized yet, this class is
- * synchronized, and will instantiate the path object.
- *
- * @return the path
- */
- private synchronized Resources getPath() {
- if (path == null) {
- path = new Resources(getProject());
- path.setCache(true);
- }
- return path;
- }
- /**
- * Learn whether the refId attribute of this element been set.
- *
- * @return true if refId is valid.
- */
- public boolean isReference() {
- return refId != null;
- }
- /**
- * Add a reference to a Path, FileSet, DirSet, or FileList defined
- * elsewhere.
- *
- * @param r the reference to a path, fileset, dirset or filelist.
- */
- public synchronized void setRefId(Reference r) {
- if (path != null) {
- throw new BuildException("Nested elements are not allowed when using the refId attribute.");
- }
- refId = r;
- }
- /**
- * If this is a reference, this method will add the referenced resource
- * collection to the collection of paths.
- *
- * @throws BuildException if the reference is not to a resource collection
- */
- //declaring a throw that extends runtime exception may be a bad practice
- //but seems to be an ingrained practice within Ant as even the base `Task`
- //contains an `execute() throws BuildExecption`.
- @SuppressWarnings("squid:RedundantThrowsDeclarationCheck")
- private void dealWithReferences() throws BuildException {
- if (isReference()) {
- final Object o = refId.getReferencedObject(getProject());
- if (!(o instanceof ResourceCollection)) {
- throw new BuildException("refId '" + refId.getRefId()
- + "' does not refer to a resource collection.");
- }
- getPath().add((ResourceCollection) o);
- }
- }
- //endregion COPIED from org.apache.tools.ant.taskdefs
- /**
- * Construct a new DependencyCheckTask.
- */
- public Check() {
- super();
- // Call this before Dependency Check Core starts logging anything - this way, all SLF4J messages from
- // core end up coming through this tasks logger
- StaticLoggerBinder.getSingleton().setTask(this);
- }
- /**
- * Add a suppression file.
- * <p>
- * This is called by Ant with the configured {@link SuppressionFile}.
- *
- * @param suppressionFile the suppression file to add.
- */
- public void addConfiguredSuppressionFile(final SuppressionFile suppressionFile) {
- suppressionFiles.add(suppressionFile.getPath());
- }
- /**
- * Add a report format.
- * <p>
- * This is called by Ant with the configured {@link ReportFormat}.
- *
- * @param reportFormat the reportFormat to add.
- */
- public void addConfiguredReportFormat(final ReportFormat reportFormat) {
- reportFormats.add(reportFormat.getFormat());
- }
- /**
- * Sets whether the version check is enabled.
- *
- * @param versionCheckEnabled a Boolean indicating if the version check is
- * enabled.
- */
- public void setVersionCheckEnabled(Boolean versionCheckEnabled) {
- this.versionCheckEnabled = versionCheckEnabled;
- }
- /**
- * Get the value of projectName.
- *
- * @return the value of projectName
- */
- public String getProjectName() {
- if (projectName == null) {
- projectName = "";
- }
- return projectName;
- }
- /**
- * Set the value of projectName.
- *
- * @param projectName new value of projectName
- */
- public void setProjectName(String projectName) {
- this.projectName = projectName;
- }
- /**
- * Set the value of reportOutputDirectory.
- *
- * @param reportOutputDirectory new value of reportOutputDirectory
- */
- public void setReportOutputDirectory(String reportOutputDirectory) {
- this.reportOutputDirectory = reportOutputDirectory;
- }
- /**
- * Set the value of failBuildOnCVSS.
- *
- * @param failBuildOnCVSS new value of failBuildOnCVSS
- */
- public void setFailBuildOnCVSS(float failBuildOnCVSS) {
- this.failBuildOnCVSS = failBuildOnCVSS;
- }
- /**
- * Set the value of junitFailOnCVSS.
- *
- * @param junitFailOnCVSS new value of junitFailOnCVSS
- */
- public void setJunitFailOnCVSS(float junitFailOnCVSS) {
- this.junitFailOnCVSS = junitFailOnCVSS;
- }
- /**
- * Set the value of autoUpdate.
- *
- * @param autoUpdate new value of autoUpdate
- */
- public void setAutoUpdate(Boolean autoUpdate) {
- this.autoUpdate = autoUpdate;
- }
- /**
- * Set the value of prettyPrint.
- *
- * @param prettyPrint new value of prettyPrint
- */
- public void setPrettyPrint(boolean prettyPrint) {
- this.prettyPrint = prettyPrint;
- }
- /**
- * Set the value of reportFormat.
- *
- * @param reportFormat new value of reportFormat
- */
- public void setReportFormat(ReportFormats reportFormat) {
- this.reportFormat = reportFormat.getValue();
- this.reportFormats.add(this.reportFormat);
- }
- /**
- * Get the value of reportFormats.
- *
- * @return the value of reportFormats
- */
- public List<String> getReportFormats() {
- if (reportFormats.isEmpty()) {
- this.reportFormats.add(this.reportFormat);
- }
- return this.reportFormats;
- }
- /**
- * Set the value of suppressionFile.
- *
- * @param suppressionFile new value of suppressionFile
- */
- public void setSuppressionFile(String suppressionFile) {
- suppressionFiles.add(suppressionFile);
- }
- /**
- * Sets the username to download user-authored suppression files from an HTTP Basic auth protected location.
- *
- * @param suppressionFileUser The username
- */
- public void setSuppressionFileUser(String suppressionFileUser) {
- this.suppressionFileUser = suppressionFileUser;
- }
- /**
- * Sets the password/token to download user-authored suppression files from an HTTP Basic auth protected location.
- *
- * @param suppressionFilePassword The password/token
- */
- public void setSuppressionFilePassword(String suppressionFilePassword) {
- this.suppressionFilePassword = suppressionFilePassword;
- }
- /**
- * Sets the token to download user-authored suppression files from an HTTP Bearer auth protected location.
- *
- * @param suppressionFileBearerToken The token
- */
- public void setSuppressionFileBearerToken(String suppressionFileBearerToken) {
- this.suppressionFileBearerToken = suppressionFileBearerToken;
- }
- /**
- * Set the value of hintsFile.
- *
- * @param hintsFile new value of hintsFile
- */
- public void setHintsFile(String hintsFile) {
- this.hintsFile = hintsFile;
- }
- /**
- * Set the value of showSummary.
- *
- * @param showSummary new value of showSummary
- */
- public void setShowSummary(boolean showSummary) {
- this.showSummary = showSummary;
- }
- /**
- * Set the value of enableExperimental.
- *
- * @param enableExperimental new value of enableExperimental
- */
- public void setEnableExperimental(Boolean enableExperimental) {
- this.enableExperimental = enableExperimental;
- }
- /**
- * Set the value of enableRetired.
- *
- * @param enableRetired new value of enableRetired
- */
- public void setEnableRetired(Boolean enableRetired) {
- this.enableRetired = enableRetired;
- }
- /**
- * Sets whether or not the analyzer is enabled.
- *
- * @param jarAnalyzerEnabled the value of the new setting
- */
- public void setJarAnalyzerEnabled(Boolean jarAnalyzerEnabled) {
- this.jarAnalyzerEnabled = jarAnalyzerEnabled;
- }
- /**
- * Sets whether the analyzer is enabled.
- *
- * @param archiveAnalyzerEnabled the value of the new setting
- */
- public void setArchiveAnalyzerEnabled(Boolean archiveAnalyzerEnabled) {
- this.archiveAnalyzerEnabled = archiveAnalyzerEnabled;
- }
- /**
- * Sets whether or not the analyzer is enabled.
- *
- * @param assemblyAnalyzerEnabled the value of the new setting
- */
- public void setAssemblyAnalyzerEnabled(Boolean assemblyAnalyzerEnabled) {
- this.assemblyAnalyzerEnabled = assemblyAnalyzerEnabled;
- }
- /**
- * Sets whether or not the analyzer is enabled.
- *
- * @param msbuildAnalyzerEnabled the value of the new setting
- */
- public void setMSBuildAnalyzerEnabled(Boolean msbuildAnalyzerEnabled) {
- this.msbuildAnalyzerEnabled = msbuildAnalyzerEnabled;
- }
- /**
- * Sets whether or not the analyzer is enabled.
- *
- * @param nuspecAnalyzerEnabled the value of the new setting
- */
- public void setNuspecAnalyzerEnabled(Boolean nuspecAnalyzerEnabled) {
- this.nuspecAnalyzerEnabled = nuspecAnalyzerEnabled;
- }
- /**
- * Sets whether or not the analyzer is enabled.
- *
- * @param nugetconfAnalyzerEnabled the value of the new setting
- */
- public void setNugetconfAnalyzerEnabled(Boolean nugetconfAnalyzerEnabled) {
- this.nugetconfAnalyzerEnabled = nugetconfAnalyzerEnabled;
- }
- /**
- * Sets whether or not the analyzer is enabled.
- *
- * @param libmanAnalyzerEnabled the value of the new setting
- */
- public void setLibmanAnalyzerEnabled(Boolean libmanAnalyzerEnabled) {
- this.libmanAnalyzerEnabled = libmanAnalyzerEnabled;
- }
- /**
- * Set the value of composerAnalyzerEnabled.
- *
- * @param composerAnalyzerEnabled new value of composerAnalyzerEnabled
- */
- public void setComposerAnalyzerEnabled(Boolean composerAnalyzerEnabled) {
- this.composerAnalyzerEnabled = composerAnalyzerEnabled;
- }
- /**
- * Set the value of composerAnalyzerSkipDev.
- *
- * @param composerAnalyzerSkipDev new value of composerAnalyzerSkipDev
- */
- public void setComposerAnalyzerSkipDev(Boolean composerAnalyzerSkipDev) {
- this.composerAnalyzerSkipDev = composerAnalyzerSkipDev;
- }
- /**
- * Set the value of cpanfileAnalyzerEnabled.
- *
- * @param cpanfileAnalyzerEnabled new value of cpanfileAnalyzerEnabled
- */
- public void setCpanfileAnalyzerEnabled(Boolean cpanfileAnalyzerEnabled) {
- this.cpanfileAnalyzerEnabled = cpanfileAnalyzerEnabled;
- }
- /**
- * Set the value of autoconfAnalyzerEnabled.
- *
- * @param autoconfAnalyzerEnabled new value of autoconfAnalyzerEnabled
- */
- public void setAutoconfAnalyzerEnabled(Boolean autoconfAnalyzerEnabled) {
- this.autoconfAnalyzerEnabled = autoconfAnalyzerEnabled;
- }
- /**
- * Set the value of pipAnalyzerEnabled.
- *
- * @param pipAnalyzerEnabled new value of pipAnalyzerEnabled
- */
- public void setPipAnalyzerEnabled(Boolean pipAnalyzerEnabled) {
- this.pipAnalyzerEnabled = pipAnalyzerEnabled;
- }
- /**
- * Set the value of pipfileAnalyzerEnabled.
- *
- * @param pipfileAnalyzerEnabled new value of pipfileAnalyzerEnabled
- */
- public void setPipfileAnalyzerEnabled(Boolean pipfileAnalyzerEnabled) {
- this.pipfileAnalyzerEnabled = pipfileAnalyzerEnabled;
- }
- /**
- * Set the value of poetryAnalyzerEnabled.
- *
- * @param poetryAnalyzerEnabled new value of poetryAnalyzerEnabled
- */
- public void setPoetryAnalyzerEnabled(Boolean poetryAnalyzerEnabled) {
- this.poetryAnalyzerEnabled = poetryAnalyzerEnabled;
- }
- /**
- * Sets if the Bundle Audit Analyzer is enabled.
- *
- * @param bundleAuditAnalyzerEnabled whether or not the analyzer should be
- * enabled
- */
- public void setBundleAuditAnalyzerEnabled(Boolean bundleAuditAnalyzerEnabled) {
- this.bundleAuditAnalyzerEnabled = bundleAuditAnalyzerEnabled;
- }
- /**
- * Sets the path to the bundle audit executable.
- *
- * @param bundleAuditPath the path to the bundle audit executable
- */
- public void setBundleAuditPath(String bundleAuditPath) {
- this.bundleAuditPath = bundleAuditPath;
- }
- /**
- * Sets the path to the working directory that the bundle audit executable
- * should be executed from.
- *
- * @param bundleAuditWorkingDirectory the path to the working directory that
- * the bundle audit executable should be executed from.
- */
- public void setBundleAuditWorkingDirectory(String bundleAuditWorkingDirectory) {
- this.bundleAuditWorkingDirectory = bundleAuditWorkingDirectory;
- }
- /**
- * Sets whether or not the cocoapods analyzer is enabled.
- *
- * @param cocoapodsAnalyzerEnabled the state of the cocoapods analyzer
- */
- public void setCocoapodsAnalyzerEnabled(Boolean cocoapodsAnalyzerEnabled) {
- this.cocoapodsAnalyzerEnabled = cocoapodsAnalyzerEnabled;
- }
- /**
- * Sets whether or not the Carthage analyzer is enabled.
- *
- * @param carthageAnalyzerEnabled the state of the Carthage analyzer
- */
- public void setCarthageAnalyzerEnabled(Boolean carthageAnalyzerEnabled) {
- this.carthageAnalyzerEnabled = carthageAnalyzerEnabled;
- }
- /**
- * Sets the enabled state of the swift package manager analyzer.
- *
- * @param swiftPackageManagerAnalyzerEnabled the enabled state of the swift
- * package manager
- */
- public void setSwiftPackageManagerAnalyzerEnabled(Boolean swiftPackageManagerAnalyzerEnabled) {
- this.swiftPackageManagerAnalyzerEnabled = swiftPackageManagerAnalyzerEnabled;
- }
- /**
- * Sets the enabled state of the swift package manager analyzer.
- *
- * @param swiftPackageResolvedAnalyzerEnabled the enabled state of the swift
- * package resolved analyzer
- */
- public void setSwiftPackageResolvedAnalyzerEnabled(Boolean swiftPackageResolvedAnalyzerEnabled) {
- this.swiftPackageResolvedAnalyzerEnabled = swiftPackageResolvedAnalyzerEnabled;
- }
- /**
- * Set the value of opensslAnalyzerEnabled.
- *
- * @param opensslAnalyzerEnabled new value of opensslAnalyzerEnabled
- */
- public void setOpensslAnalyzerEnabled(Boolean opensslAnalyzerEnabled) {
- this.opensslAnalyzerEnabled = opensslAnalyzerEnabled;
- }
- /**
- * Set the value of nodeAnalyzerEnabled.
- *
- * @param nodeAnalyzerEnabled new value of nodeAnalyzerEnabled
- */
- public void setNodeAnalyzerEnabled(Boolean nodeAnalyzerEnabled) {
- this.nodeAnalyzerEnabled = nodeAnalyzerEnabled;
- }
- /**
- * Set the value of nodeAuditAnalyzerEnabled.
- *
- * @param nodeAuditAnalyzerEnabled new value of nodeAuditAnalyzerEnabled
- */
- public void setNodeAuditAnalyzerEnabled(Boolean nodeAuditAnalyzerEnabled) {
- this.nodeAuditAnalyzerEnabled = nodeAuditAnalyzerEnabled;
- }
- /**
- * Set the value of yarnAuditAnalyzerEnabled.
- *
- * @param yarnAuditAnalyzerEnabled new value of yarnAuditAnalyzerEnabled
- */
- public void setYarnAuditAnalyzerEnabled(Boolean yarnAuditAnalyzerEnabled) {
- this.yarnAuditAnalyzerEnabled = yarnAuditAnalyzerEnabled;
- }
- /**
- * Set the value of pnpmAuditAnalyzerEnabled.
- *
- * @param pnpmAuditAnalyzerEnabled new value of pnpmAuditAnalyzerEnabled
- */
- public void setPnpmAuditAnalyzerEnabled(Boolean pnpmAuditAnalyzerEnabled) {
- this.pnpmAuditAnalyzerEnabled = pnpmAuditAnalyzerEnabled;
- }
- /**
- * Set the value of nodeAuditAnalyzerUseCache.
- *
- * @param nodeAuditAnalyzerUseCache new value of nodeAuditAnalyzerUseCache
- */
- public void setNodeAuditAnalyzerUseCache(Boolean nodeAuditAnalyzerUseCache) {
- this.nodeAuditAnalyzerUseCache = nodeAuditAnalyzerUseCache;
- }
- /**
- * Set the value of nodePackageSkipDevDependencies.
- *
- * @param nodePackageSkipDevDependencies new value of
- * nodePackageSkipDevDependencies
- */
- public void setNodePackageSkipDevDependencies(Boolean nodePackageSkipDevDependencies) {
- this.nodePackageSkipDevDependencies = nodePackageSkipDevDependencies;
- }
- /**
- * Set the value of nodeAuditSkipDevDependencies.
- *
- * @param nodeAuditSkipDevDependencies new value of
- * nodeAuditSkipDevDependencies
- */
- public void setNodeAuditSkipDevDependencies(Boolean nodeAuditSkipDevDependencies) {
- this.nodeAuditSkipDevDependencies = nodeAuditSkipDevDependencies;
- }
- /**
- * Set the value of retirejsFilterNonVulnerable.
- *
- * @param retirejsFilterNonVulnerable new value of
- * retirejsFilterNonVulnerable
- */
- public void setRetirejsFilterNonVulnerable(Boolean retirejsFilterNonVulnerable) {
- this.retirejsFilterNonVulnerable = retirejsFilterNonVulnerable;
- }
- /**
- * Add a regular expression to the set of retire JS content filters.
- * <p>
- * This is called by Ant.
- *
- * @param retirejsFilter the regular expression used to filter based on file
- * content
- */
- public void addConfiguredRetirejsFilter(final RetirejsFilter retirejsFilter) {
- retirejsFilters.add(retirejsFilter.getRegex());
- }
- /**
- * Set the value of rubygemsAnalyzerEnabled.
- *
- * @param rubygemsAnalyzerEnabled new value of rubygemsAnalyzerEnabled
- */
- public void setRubygemsAnalyzerEnabled(Boolean rubygemsAnalyzerEnabled) {
- this.rubygemsAnalyzerEnabled = rubygemsAnalyzerEnabled;
- }
- /**
- * Set the value of pyPackageAnalyzerEnabled.
- *
- * @param pyPackageAnalyzerEnabled new value of pyPackageAnalyzerEnabled
- */
- public void setPyPackageAnalyzerEnabled(Boolean pyPackageAnalyzerEnabled) {
- this.pyPackageAnalyzerEnabled = pyPackageAnalyzerEnabled;
- }
- /**
- * Set the value of pyDistributionAnalyzerEnabled.
- *
- * @param pyDistributionAnalyzerEnabled new value of
- * pyDistributionAnalyzerEnabled
- */
- public void setPyDistributionAnalyzerEnabled(Boolean pyDistributionAnalyzerEnabled) {
- this.pyDistributionAnalyzerEnabled = pyDistributionAnalyzerEnabled;
- }
- /**
- * Set the value of mixAuditAnalyzerEnabled.
- *
- * @param mixAuditAnalyzerEnabled new value of mixAuditAnalyzerEnabled
- */
- public void setMixAuditAnalyzerEnabled(Boolean mixAuditAnalyzerEnabled) {
- this.mixAuditAnalyzerEnabled = mixAuditAnalyzerEnabled;
- }
- /**
- * Sets the path to the mix audit executable.
- *
- * @param mixAuditPath the path to the bundle audit executable
- */
- public void setMixAuditPath(String mixAuditPath) {
- this.mixAuditPath = mixAuditPath;
- }
- /**
- * Set the value of centralAnalyzerEnabled.
- *
- * @param centralAnalyzerEnabled new value of centralAnalyzerEnabled
- */
- public void setCentralAnalyzerEnabled(Boolean centralAnalyzerEnabled) {
- this.centralAnalyzerEnabled = centralAnalyzerEnabled;
- }
- /**
- * Set the value of centralAnalyzerUseCache.
- *
- * @param centralAnalyzerUseCache new value of centralAnalyzerUseCache
- */
- public void setCentralAnalyzerUseCache(Boolean centralAnalyzerUseCache) {
- this.centralAnalyzerUseCache = centralAnalyzerUseCache;
- }
- /**
- * Set the value of nexusAnalyzerEnabled.
- *
- * @param nexusAnalyzerEnabled new value of nexusAnalyzerEnabled
- */
- public void setNexusAnalyzerEnabled(Boolean nexusAnalyzerEnabled) {
- this.nexusAnalyzerEnabled = nexusAnalyzerEnabled;
- }
- /**
- * Set the value of golangDepEnabled.
- *
- * @param golangDepEnabled new value of golangDepEnabled
- */
- public void setGolangDepEnabled(Boolean golangDepEnabled) {
- this.golangDepEnabled = golangDepEnabled;
- }
- /**
- * Set the value of golangModEnabled.
- *
- * @param golangModEnabled new value of golangModEnabled
- */
- public void setGolangModEnabled(Boolean golangModEnabled) {
- this.golangModEnabled = golangModEnabled;
- }
- /**
- * Set the value of dartAnalyzerEnabled.
- *
- * @param dartAnalyzerEnabled new value of dartAnalyzerEnabled
- */
- public void setDartAnalyzerEnabled(Boolean dartAnalyzerEnabled) {
- this.dartAnalyzerEnabled = dartAnalyzerEnabled;
- }
- /**
- * Set the value of pathToYarn.
- *
- * @param pathToYarn new value of pathToYarn
- */
- public void setPathToYarn(String pathToYarn) {
- this.pathToYarn = pathToYarn;
- }
- /**
- * Set the value of pathToPnpm.
- *
- * @param pathToPnpm new value of pathToPnpm
- */
- public void setPathToPnpm(String pathToPnpm) {
- this.pathToPnpm = pathToPnpm;
- }
- /**
- * Set the value of pathToGo.
- *
- * @param pathToGo new value of pathToGo
- */
- public void setPathToGo(String pathToGo) {
- this.pathToGo = pathToGo;
- }
- /**
- * Set the value of nexusUrl.
- *
- * @param nexusUrl new value of nexusUrl
- */
- public void setNexusUrl(String nexusUrl) {
- this.nexusUrl = nexusUrl;
- }
- /**
- * Set the value of nexusUser.
- *
- * @param nexusUser new value of nexusUser
- */
- public void setNexusUser(String nexusUser) {
- this.nexusUser = nexusUser;
- }
- /**
- * Set the value of nexusPassword.
- *
- * @param nexusPassword new value of nexusPassword
- */
- public void setNexusPassword(String nexusPassword) {
- this.nexusPassword = nexusPassword;
- }
- /**
- * Set the value of nexusUsesProxy.
- *
- * @param nexusUsesProxy new value of nexusUsesProxy
- */
- public void setNexusUsesProxy(Boolean nexusUsesProxy) {
- this.nexusUsesProxy = nexusUsesProxy;
- }
- /**
- * Set the value of zipExtensions.
- *
- * @param zipExtensions new value of zipExtensions
- */
- public void setZipExtensions(String zipExtensions) {
- this.zipExtensions = zipExtensions;
- }
- /**
- * Set the value of pathToCore.
- *
- * @param pathToCore new value of pathToCore
- */
- public void setPathToDotnetCore(String pathToCore) {
- this.pathToCore = pathToCore;
- }
- /**
- * Set value of {@link #ossindexAnalyzerEnabled}.
- *
- * @param ossindexAnalyzerEnabled new value of ossindexAnalyzerEnabled
- */
- public void setOssindexAnalyzerEnabled(Boolean ossindexAnalyzerEnabled) {
- this.ossindexAnalyzerEnabled = ossindexAnalyzerEnabled;
- }
- /**
- * Set value of {@link #ossindexAnalyzerUseCache}.
- *
- * @param ossindexAnalyzerUseCache new value of ossindexAnalyzerUseCache
- */
- public void setOssindexAnalyzerUseCache(Boolean ossindexAnalyzerUseCache) {
- this.ossindexAnalyzerUseCache = ossindexAnalyzerUseCache;
- }
- /**
- * Set value of {@link #ossindexAnalyzerUrl}.
- *
- * @param ossindexAnalyzerUrl new value of ossindexAnalyzerUrl
- */
- public void setOssindexAnalyzerUrl(String ossindexAnalyzerUrl) {
- this.ossindexAnalyzerUrl = ossindexAnalyzerUrl;
- }
- /**
- * Set value of {@link #ossindexAnalyzerUsername}.
- *
- * @param ossindexAnalyzerUsername new value of ossindexAnalyzerUsername
- */
- public void setOssindexAnalyzerUsername(String ossindexAnalyzerUsername) {
- this.ossindexAnalyzerUsername = ossindexAnalyzerUsername;
- }
- /**
- * Set value of {@link #ossindexAnalyzerPassword}.
- *
- * @param ossindexAnalyzerPassword new value of ossindexAnalyzerPassword
- */
- public void setOssindexAnalyzerPassword(String ossindexAnalyzerPassword) {
- this.ossindexAnalyzerPassword = ossindexAnalyzerPassword;
- }
- /**
- * Set value of {@link #ossIndexAnalyzerWarnOnlyOnRemoteErrors}.
- *
- * @param ossIndexWarnOnlyOnRemoteErrors the value of
- * ossIndexWarnOnlyOnRemoteErrors
- */
- public void setOssIndexWarnOnlyOnRemoteErrors(Boolean ossIndexWarnOnlyOnRemoteErrors) {
- this.ossIndexAnalyzerWarnOnlyOnRemoteErrors = ossIndexWarnOnlyOnRemoteErrors;
- }
- /**
- * Set the value of cmakeAnalyzerEnabled.
- *
- * @param cmakeAnalyzerEnabled new value of cmakeAnalyzerEnabled
- */
- public void setCmakeAnalyzerEnabled(Boolean cmakeAnalyzerEnabled) {
- this.cmakeAnalyzerEnabled = cmakeAnalyzerEnabled;
- }
- /**
- * Set the value of artifactoryAnalyzerEnabled.
- *
- * @param artifactoryAnalyzerEnabled new value of artifactoryAnalyzerEnabled
- */
- public void setArtifactoryAnalyzerEnabled(Boolean artifactoryAnalyzerEnabled) {
- this.artifactoryAnalyzerEnabled = artifactoryAnalyzerEnabled;
- }
- /**
- * Set the value of artifactoryAnalyzerUrl.
- *
- * @param artifactoryAnalyzerUrl new value of artifactoryAnalyzerUrl
- */
- public void setArtifactoryAnalyzerUrl(String artifactoryAnalyzerUrl) {
- this.artifactoryAnalyzerUrl = artifactoryAnalyzerUrl;
- }
- /**
- * Set the value of artifactoryAnalyzerUseProxy.
- *
- * @param artifactoryAnalyzerUseProxy new value of
- * artifactoryAnalyzerUseProxy
- */
- public void setArtifactoryAnalyzerUseProxy(Boolean artifactoryAnalyzerUseProxy) {
- this.artifactoryAnalyzerUseProxy = artifactoryAnalyzerUseProxy;
- }
- /**
- * Set the value of artifactoryAnalyzerParallelAnalysis.
- *
- * @param artifactoryAnalyzerParallelAnalysis new value of
- * artifactoryAnalyzerParallelAnalysis
- */
- public void setArtifactoryAnalyzerParallelAnalysis(Boolean artifactoryAnalyzerParallelAnalysis) {
- this.artifactoryAnalyzerParallelAnalysis = artifactoryAnalyzerParallelAnalysis;
- }
- /**
- * Set the value of artifactoryAnalyzerUsername.
- *
- * @param artifactoryAnalyzerUsername new value of
- * artifactoryAnalyzerUsername
- */
- public void setArtifactoryAnalyzerUsername(String artifactoryAnalyzerUsername) {
- this.artifactoryAnalyzerUsername = artifactoryAnalyzerUsername;
- }
- /**
- * Set the value of artifactoryAnalyzerApiToken.
- *
- * @param artifactoryAnalyzerApiToken new value of
- * artifactoryAnalyzerApiToken
- */
- public void setArtifactoryAnalyzerApiToken(String artifactoryAnalyzerApiToken) {
- this.artifactoryAnalyzerApiToken = artifactoryAnalyzerApiToken;
- }
- /**
- * Set the value of artifactoryAnalyzerBearerToken.
- *
- * @param artifactoryAnalyzerBearerToken new value of
- * artifactoryAnalyzerBearerToken
- */
- public void setArtifactoryAnalyzerBearerToken(String artifactoryAnalyzerBearerToken) {
- this.artifactoryAnalyzerBearerToken = artifactoryAnalyzerBearerToken;
- }
- /**
- * Set the value of failBuildOnUnusedSuppressionRule.
- *
- * @param failBuildOnUnusedSuppressionRule new value of
- * failBuildOnUnusedSuppressionRule
- */
- public void setFailBuildOnUnusedSuppressionRule(boolean failBuildOnUnusedSuppressionRule) {
- this.failBuildOnUnusedSuppressionRule = failBuildOnUnusedSuppressionRule;
- }
- //see note on `dealWithReferences()` for information on this suppression
- @SuppressWarnings("squid:RedundantThrowsDeclarationCheck")
- @Override
- protected void executeWithContextClassloader() throws BuildException {
- dealWithReferences();
- validateConfiguration();
- populateSettings();
- try {
- Downloader.getInstance().configure(getSettings());
- } catch (InvalidSettingException e) {
- throw new BuildException(e);
- }
- try (Engine engine = new Engine(Check.class.getClassLoader(), getSettings())) {
- for (Resource resource : getPath()) {
- final FileProvider provider = resource.as(FileProvider.class);
- if (provider != null) {
- final File file = provider.getFile();
- if (file != null && file.exists()) {
- engine.scan(file);
- }
- }
- }
- final ExceptionCollection exceptions = callExecuteAnalysis(engine);
- if (exceptions == null || !exceptions.isFatal()) {
- for (String format : getReportFormats()) {
- engine.writeReports(getProjectName(), new File(reportOutputDirectory), format, exceptions);
- }
- if (this.failBuildOnCVSS <= 10) {
- checkForFailure(engine.getDependencies());
- }
- if (this.showSummary) {
- DependencyCheckScanAgent.showSummary(engine.getDependencies());
- }
- }
- } catch (DatabaseException ex) {
- final String msg = "Unable to connect to the dependency-check database; analysis has stopped";
- if (this.isFailOnError()) {
- throw new BuildException(msg, ex);
- }
- log(msg, ex, Project.MSG_ERR);
- } catch (ReportException ex) {
- final String msg = "Unable to generate the dependency-check report";
- if (this.isFailOnError()) {
- throw new BuildException(msg, ex);
- }
- log(msg, ex, Project.MSG_ERR);
- } finally {
- getSettings().cleanup();
- }
- }
- /**
- * Wraps the call to `engine.analyzeDependencies()` and correctly handles
- * any exceptions
- *
- * @param engine a reference to the engine
- * @return the collection of any exceptions that occurred; otherwise
- * <code>null</code>
- * @throws BuildException thrown if configured to fail the build on errors
- */
- //see note on `dealWithReferences()` for information on this suppression
- @SuppressWarnings("squid:RedundantThrowsDeclarationCheck")
- private ExceptionCollection callExecuteAnalysis(final Engine engine) throws BuildException {
- ExceptionCollection exceptions = null;
- try {
- engine.analyzeDependencies();
- } catch (ExceptionCollection ex) {
- if (this.isFailOnError()) {
- throw new BuildException(ex);
- }
- exceptions = ex;
- }
- return exceptions;
- }
- /**
- * Validate the configuration to ensure the parameters have been properly
- * configured/initialized.
- *
- * @throws BuildException if the task was not configured correctly.
- */
- //see note on `dealWithReferences()` for information on this suppression
- @SuppressWarnings("squid:RedundantThrowsDeclarationCheck")
- private synchronized void validateConfiguration() throws BuildException {
- if (path == null) {
- throw new BuildException("No project dependencies have been defined to analyze.");
- }
- if (failBuildOnCVSS < 0 || failBuildOnCVSS > 11) {
- throw new BuildException("Invalid configuration, failBuildOnCVSS must be between 0 and 11.");
- }
- }
- /**
- * Takes the properties supplied and updates the dependency-check settings.
- * Additionally, this sets the system properties required to change the
- * proxy server, port, and connection timeout.
- *
- * @throws BuildException thrown when an invalid setting is configured.
- */
- //see note on `dealWithReferences()` for information on this suppression
- @SuppressWarnings("squid:RedundantThrowsDeclarationCheck")
- @Override
- protected void populateSettings() throws BuildException {
- super.populateSettings();
- getSettings().setBooleanIfNotNull(Settings.KEYS.AUTO_UPDATE, autoUpdate);
- getSettings().setArrayIfNotEmpty(Settings.KEYS.SUPPRESSION_FILE, suppressionFiles);
- getSettings().setStringIfNotEmpty(Settings.KEYS.SUPPRESSION_FILE_USER, suppressionFileUser);
- getSettings().setStringIfNotEmpty(Settings.KEYS.SUPPRESSION_FILE_PASSWORD, suppressionFilePassword);
- getSettings().setStringIfNotEmpty(Settings.KEYS.SUPPRESSION_FILE_BEARER_TOKEN, suppressionFileBearerToken);
- getSettings().setBooleanIfNotNull(Settings.KEYS.UPDATE_VERSION_CHECK_ENABLED, versionCheckEnabled);
- getSettings().setStringIfNotEmpty(Settings.KEYS.HINTS_FILE, hintsFile);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_EXPERIMENTAL_ENABLED, enableExperimental);
- getSettings().setBooleanIfNotNull(Settings.KEYS.PRETTY_PRINT, prettyPrint);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_RETIRED_ENABLED, enableRetired);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_JAR_ENABLED, jarAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_PYTHON_DISTRIBUTION_ENABLED, pyDistributionAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_PYTHON_PACKAGE_ENABLED, pyPackageAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_RUBY_GEMSPEC_ENABLED, rubygemsAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_OPENSSL_ENABLED, opensslAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_CMAKE_ENABLED, cmakeAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_ARTIFACTORY_ENABLED, artifactoryAnalyzerEnabled);
- getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_ARTIFACTORY_URL, artifactoryAnalyzerUrl);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_ARTIFACTORY_USES_PROXY, artifactoryAnalyzerUseProxy);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_ARTIFACTORY_PARALLEL_ANALYSIS, artifactoryAnalyzerParallelAnalysis);
- getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_ARTIFACTORY_API_USERNAME, artifactoryAnalyzerUsername);
- getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_ARTIFACTORY_API_TOKEN, artifactoryAnalyzerApiToken);
- getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_ARTIFACTORY_BEARER_TOKEN, artifactoryAnalyzerBearerToken);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_SWIFT_PACKAGE_MANAGER_ENABLED, swiftPackageManagerAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_SWIFT_PACKAGE_RESOLVED_ENABLED, swiftPackageResolvedAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_COCOAPODS_ENABLED, cocoapodsAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_CARTHAGE_ENABLED, carthageAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_ENABLED, bundleAuditAnalyzerEnabled);
- getSettings().setStringIfNotNull(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_PATH, bundleAuditPath);
- getSettings().setStringIfNotNull(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_WORKING_DIRECTORY, bundleAuditWorkingDirectory);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_AUTOCONF_ENABLED, autoconfAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_MAVEN_INSTALL_ENABLED, mavenInstallAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_PIP_ENABLED, pipAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_PIPFILE_ENABLED, pipfileAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_POETRY_ENABLED, poetryAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_COMPOSER_LOCK_ENABLED, composerAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_COMPOSER_LOCK_SKIP_DEV, composerAnalyzerSkipDev);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_CPANFILE_ENABLED, cpanfileAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NODE_PACKAGE_ENABLED, nodeAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NODE_PACKAGE_SKIPDEV, nodePackageSkipDevDependencies);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NODE_AUDIT_ENABLED, nodeAuditAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_YARN_AUDIT_ENABLED, yarnAuditAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_PNPM_AUDIT_ENABLED, pnpmAuditAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NODE_AUDIT_USE_CACHE, nodeAuditAnalyzerUseCache);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NODE_AUDIT_SKIPDEV, nodeAuditSkipDevDependencies);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_RETIREJS_FILTER_NON_VULNERABLE, retirejsFilterNonVulnerable);
- getSettings().setArrayIfNotEmpty(Settings.KEYS.ANALYZER_RETIREJS_FILTERS, retirejsFilters);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_GOLANG_DEP_ENABLED, golangDepEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_GOLANG_MOD_ENABLED, golangModEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_DART_ENABLED, dartAnalyzerEnabled);
- getSettings().setStringIfNotNull(Settings.KEYS.ANALYZER_GOLANG_PATH, pathToGo);
- getSettings().setStringIfNotNull(Settings.KEYS.ANALYZER_YARN_PATH, pathToYarn);
- getSettings().setStringIfNotNull(Settings.KEYS.ANALYZER_PNPM_PATH, pathToPnpm);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_MIX_AUDIT_ENABLED, mixAuditAnalyzerEnabled);
- getSettings().setStringIfNotNull(Settings.KEYS.ANALYZER_MIX_AUDIT_PATH, mixAuditPath);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NUSPEC_ENABLED, nuspecAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NUGETCONF_ENABLED, nugetconfAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_LIBMAN_ENABLED, libmanAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, centralAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_CENTRAL_USE_CACHE, centralAnalyzerUseCache);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NEXUS_ENABLED, nexusAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, archiveAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED, assemblyAnalyzerEnabled);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_MSBUILD_PROJECT_ENABLED, msbuildAnalyzerEnabled);
- getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_NEXUS_URL, nexusUrl);
- getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_NEXUS_USER, nexusUser);
- getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_NEXUS_PASSWORD, nexusPassword);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NEXUS_USES_PROXY, nexusUsesProxy);
- getSettings().setStringIfNotEmpty(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, zipExtensions);
- getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_ASSEMBLY_DOTNET_PATH, pathToCore);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_OSSINDEX_ENABLED, ossindexAnalyzerEnabled);
- getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_URL, ossindexAnalyzerUrl);
- getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_USER, ossindexAnalyzerUsername);
- getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_PASSWORD, ossindexAnalyzerPassword);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_OSSINDEX_USE_CACHE, ossindexAnalyzerUseCache);
- getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_OSSINDEX_WARN_ONLY_ON_REMOTE_ERRORS, ossIndexAnalyzerWarnOnlyOnRemoteErrors);
- getSettings().setFloat(Settings.KEYS.JUNIT_FAIL_ON_CVSS, junitFailOnCVSS);
- getSettings().setBooleanIfNotNull(Settings.KEYS.FAIL_ON_UNUSED_SUPPRESSION_RULE, failBuildOnUnusedSuppressionRule);
- }
- /**
- * Checks to see if a vulnerability has been identified with a CVSS score
- * that is above the threshold set in the configuration.
- *
- * @param dependencies the list of dependency objects
- * @throws BuildException thrown if a CVSS score is found that is higher
- * than the threshold set
- */
- //see note on `dealWithReferences()` for information on this suppression
- @SuppressWarnings("squid:RedundantThrowsDeclarationCheck")
- private void checkForFailure(Dependency[] dependencies) throws BuildException {
- final StringBuilder ids = new StringBuilder();
- for (Dependency d : dependencies) {
- boolean addName = true;
- for (Vulnerability v : d.getVulnerabilities()) {
- if ((v.getCvssV2() != null && v.getCvssV2().getCvssData().getBaseScore() >= failBuildOnCVSS)
- || (v.getCvssV3() != null && v.getCvssV3().getCvssData().getBaseScore() >= failBuildOnCVSS)
- || (v.getCvssV4() != null && v.getCvssV4().getCvssData().getBaseScore() >= failBuildOnCVSS)
- || (v.getUnscoredSeverity() != null && SeverityUtil.estimateCvssV2(v.getUnscoredSeverity()) >= failBuildOnCVSS)
- //safety net to fail on any if for some reason the above misses on 0
- || (failBuildOnCVSS <= 0.0f)) {
- if (addName) {
- addName = false;
- ids.append(NEW_LINE).append(d.getFileName()).append(" (")
- .append(Stream.concat(d.getSoftwareIdentifiers().stream(), d.getVulnerableSoftwareIdentifiers().stream())
- .map(Identifier::getValue)
- .collect(Collectors.joining(", ")))
- .append("): ")
- .append(v.getName());
- } else {
- ids.append(", ").append(v.getName());
- }
- }
- }
- }
- if (ids.length() > 0) {
- final String msg;
- if (showSummary) {
- msg = String.format("%n%nDependency-Check Failure:%n"
- + "One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '%.1f': %s%n"
- + "See the dependency-check report for more details.%n%n", failBuildOnCVSS, ids);
- } else {
- msg = String.format("%n%nDependency-Check Failure:%n"
- + "One or more dependencies were identified with vulnerabilities.%n%n"
- + "See the dependency-check report for more details.%n%n");
- }
- throw new BuildException(msg);
- }
- }
- /**
- * An enumeration of supported report formats: "ALL", "HTML", "XML", "CSV",
- * "JSON", "JUNIT", "SARIF", 'JENkINS', etc..
- */
- public static class ReportFormats extends EnumeratedAttribute {
- /**
- * Returns the list of values for the report format.
- *
- * @return the list of values for the report format
- */
- @Override
- public String[] getValues() {
- int i = 0;
- final Format[] formats = Format.values();
- final String[] values = new String[formats.length];
- for (Format format : formats) {
- values[i++] = format.name();
- }
- return values;
- }
- }
- /**
- * A class for Ant to represent the
- * {@code <reportFormat format="<format>"/>} nested element to define
- * multiple report formats for the ant-task.
- */
- public static class ReportFormat {
- /**
- * The format of this ReportFormat.
- */
- private ReportFormats format;
- /**
- * Gets the format as a String.
- *
- * @return the String representing a report format
- */
- public String getFormat() {
- return this.format.getValue();
- }
- /**
- * Sets the format.
- *
- * @param format the String value for one of the {@link ReportFormats}
- * @throws BuildException When the offered String is not one of the
- * valid values of the {@link ReportFormats} EnumeratedAttribute
- */
- public void setFormat(final String format) {
- this.format = (ReportFormats) EnumeratedAttribute.getInstance(ReportFormats.class, format);
- }
- }
- }
- //CSON: MethodCount