View Javadoc
1   /*
2    * This file is part of dependency-check-maven.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.maven;
19  
20  import java.util.Locale;
21  import org.apache.maven.plugin.MojoExecutionException;
22  import org.apache.maven.plugin.MojoFailureException;
23  import org.apache.maven.plugins.annotations.LifecyclePhase;
24  import org.apache.maven.plugins.annotations.Mojo;
25  import org.apache.maven.plugins.annotations.ResolutionScope;
26  import org.owasp.dependencycheck.Engine;
27  import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
28  import org.owasp.dependencycheck.data.update.exception.UpdateException;
29  import org.owasp.dependencycheck.exception.ExceptionCollection;
30  import org.owasp.dependencycheck.utils.InvalidSettingException;
31  import org.owasp.dependencycheck.utils.Settings;
32  
33  /**
34   * Maven Plugin that updates the local cache of the NVD data from NIST.
35   *
36   * @author Jeremy Long
37   */
38  @Mojo(
39          name = "update-only",
40          requiresProject = false,
41          defaultPhase = LifecyclePhase.GENERATE_RESOURCES,
42          threadSafe = true,
43          requiresDependencyResolution = ResolutionScope.NONE,
44          requiresOnline = true,
45          aggregator = true
46  )
47  public class UpdateMojo extends BaseDependencyCheckMojo {
48  
49      /**
50       * Returns false; this mojo cannot generate a report.
51       *
52       * @return <code>false</code>
53       */
54      @Override
55      public boolean canGenerateReport() {
56          return false;
57      }
58  
59      /**
60       * Executes the dependency-check engine on the project's dependencies and
61       * generates the report.
62       *
63       * @throws MojoExecutionException thrown if there is an exception executing
64       * the goal
65       * @throws MojoFailureException thrown if dependency-check is configured to
66       * fail the build
67       */
68      @Override
69      protected void runCheck() throws MojoExecutionException, MojoFailureException {
70          try (Engine engine = initializeEngine()) {
71              try {
72                  if (!engine.getSettings().getBoolean(Settings.KEYS.AUTO_UPDATE)) {
73                      engine.getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, true);
74                  }
75              } catch (InvalidSettingException ex) {
76                  engine.getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, true);
77              }
78              engine.doUpdates();
79          } catch (DatabaseException ex) {
80              if (getLog().isDebugEnabled()) {
81                  getLog().debug("Database connection error", ex);
82              }
83              final String msg = "An exception occurred connecting to the local database. Please see the log file for more details.";
84              if (this.isFailOnError()) {
85                  throw new MojoExecutionException(msg, ex);
86              }
87              getLog().error(msg);
88          } catch (UpdateException ex) {
89              final String msg = "An exception occurred while downloading updates. Please see the log file for more details.";
90              if (this.isFailOnError()) {
91                  throw new MojoExecutionException(msg, ex);
92              }
93              getLog().error(msg);
94          } finally {
95              getSettings().cleanup();
96          }
97      }
98  
99      /**
100      * Returns the report name.
101      *
102      * @param locale the location
103      * @return the report name
104      */
105     @Override
106     public String getName(Locale locale) {
107         return "dependency-check-update";
108     }
109 
110     /**
111      * Gets the description of the Dependency-Check report to be displayed in
112      * the Maven Generated Reports page.
113      *
114      * @param locale The Locale to get the description for
115      * @return the description
116      */
117     @Override
118     public String getDescription(Locale locale) {
119         return "Updates the local cache of the NVD data from NIST.";
120     }
121 
122     /**
123      * Throws an exception if called. The update mojo does not scan
124      * dependencies.
125      *
126      * @param engine the engine used to scan
127      * @return a collection of exceptions
128      * @throws MojoExecutionException thrown if there is an exception
129      */
130     @Override
131     protected ExceptionCollection scanDependencies(Engine engine) throws MojoExecutionException {
132         throw new UnsupportedOperationException("Operation not supported");
133     }
134 
135     /**
136      * Throws an exception if called. The purge mojo does not scan dependencies.
137      *
138      * @param engine the engine used to scan
139      * @param exCollection the collection of exceptions that might have occurred
140      * previously
141      * @return a collection of exceptions
142      * @throws MojoExecutionException thrown if there is an exception
143      */
144     @Override
145     protected ExceptionCollection scanPlugins(final Engine engine, final ExceptionCollection exCollection) throws MojoExecutionException {
146         throw new UnsupportedOperationException("Operation not supported");
147     }
148 }