Purge.java
/*
* This file is part of dependency-check-ant.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright (c) 2015 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.taskdefs;
import io.github.jeremylong.jcs3.slf4j.Slf4jAdapter;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import org.apache.tools.ant.BuildException;
import org.apache.tools.ant.Project;
import org.apache.tools.ant.Task;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.utils.Downloader;
import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.impl.StaticLoggerBinder;
/**
* An Ant task definition to execute dependency-check during an Ant build.
*
* @author Jeremy Long
*/
public class Purge extends Task {
/**
* The properties file location.
*/
private static final String PROPERTIES_FILE = "task.properties";
/**
* The configured settings.
*/
private Settings settings;
/**
* The location of the data directory that contains
*/
private String dataDirectory = null;
/**
* Indicates if dependency-check should fail the build if an exception
* occurs.
*/
private boolean failOnError = true;
/**
* The URL to hosted suppressions file with base FP suppressions.
*/
private String hostedSuppressionsUrl = null;
/**
* Construct a new DependencyCheckTask.
*/
public Purge() {
super();
// Call this before Dependency Check Core starts logging anything - this way, all SLF4J messages from
// core end up coming through this tasks logger
StaticLoggerBinder.getSingleton().setTask(this);
}
public Settings getSettings() {
return settings;
}
/**
* Get the value of dataDirectory.
*
* @return the value of dataDirectory
*/
public String getDataDirectory() {
return dataDirectory;
}
/**
* Set the value of dataDirectory.
*
* @param dataDirectory new value of dataDirectory
*/
public void setDataDirectory(String dataDirectory) {
this.dataDirectory = dataDirectory;
}
/**
* Get the value of failOnError.
*
* @return the value of failOnError
*/
public boolean isFailOnError() {
return failOnError;
}
/**
* Set the value of failOnError.
*
* @param failOnError new value of failOnError
*/
public void setFailOnError(boolean failOnError) {
this.failOnError = failOnError;
}
/**
* Get the value of hostedSuppressionsUrl.
*
* @return the value of hostedSuppressionsUrl
*/
public String getHostedSuppressionsUrl() {
return hostedSuppressionsUrl;
}
/**
* Set the value of hostedSuppressionsUrl.
*
* @param hostedSuppressionsUrl new value of hostedSuppressionsUrl
*/
public void setHostedSuppressionsUrl(final String hostedSuppressionsUrl) {
this.hostedSuppressionsUrl = hostedSuppressionsUrl;
}
/**
* Sets the
* {@link Thread#getContextClassLoader() Thread Context Class Loader} to the
* one for this class, and then calls
* {@link #executeWithContextClassloader()}. This is done because the JCS
* cache needs to have the Thread Context Class Loader set to something that
* can resolve it's classes. Other build tools do this by default but Ant
* does not.
*
* @throws BuildException throws if there is a problem. See
* {@link #executeWithContextClassloader()} for details
*/
@Override
public final void execute() throws BuildException {
muteNoisyLoggers();
final ClassLoader current = Thread.currentThread().getContextClassLoader();
try {
Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
executeWithContextClassloader();
} finally {
Thread.currentThread().setContextClassLoader(current);
}
}
/**
* Hacky method of muting the noisy logging from JCS.
*/
private void muteNoisyLoggers() {
System.setProperty("jcs.logSystem", "slf4j");
Slf4jAdapter.muteLogging(true);
final String[] noisyLoggers = {
"org.apache.hc"
};
for (String loggerName : noisyLoggers) {
System.setProperty("org.slf4j.simpleLogger.log." + loggerName, "error");
}
}
/**
* Executes the dependency-check purge to delete the existing local copy of
* the NVD CVE data.
*
* @throws BuildException thrown if there is a problem deleting the file(s)
*/
//see note on `Check.dealWithReferences()` for information on this suppression
@SuppressWarnings("squid:RedundantThrowsDeclarationCheck")
protected void executeWithContextClassloader() throws BuildException {
populateSettings();
try {
Downloader.getInstance().configure(settings);
} catch (InvalidSettingException e) {
throw new BuildException(e);
}
try (Engine engine = new Engine(Engine.Mode.EVIDENCE_PROCESSING, getSettings())) {
engine.purge();
} finally {
settings.cleanup(true);
}
}
/**
* Takes the properties supplied and updates the dependency-check settings.
* Additionally, this sets the system properties required to change the
* proxy server, port, and connection timeout.
*
* @throws BuildException thrown if the properties file cannot be read.
*/
//see note on `Check.dealWithReferences()` for information on this suppression
@SuppressWarnings("squid:RedundantThrowsDeclarationCheck")
protected void populateSettings() throws BuildException {
settings = new Settings();
try (InputStream taskProperties = this.getClass().getClassLoader().getResourceAsStream(PROPERTIES_FILE)) {
settings.mergeProperties(taskProperties);
} catch (IOException ex) {
final String msg = "Unable to load the dependency-check ant task.properties file.";
if (this.failOnError) {
throw new BuildException(msg, ex);
}
log(msg, ex, Project.MSG_WARN);
}
settings.setStringIfNotEmpty(Settings.KEYS.HOSTED_SUPPRESSIONS_URL, hostedSuppressionsUrl);
if (dataDirectory != null) {
settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDirectory);
} else {
final File jarPath = new File(Purge.class.getProtectionDomain().getCodeSource().getLocation().getPath());
final File base = jarPath.getParentFile();
final String sub = settings.getString(Settings.KEYS.DATA_DIRECTORY);
final File dataDir = new File(base, sub);
settings.setString(Settings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath());
}
}
}