Skip to content

Commit 00e3ad2

Browse files
bafflesbaffles
committed
Update to dependency-check 3.0.2
1 parent f7d3784 commit 00e3ad2

File tree

3 files changed

+34
-37
lines changed

3 files changed

+34
-37
lines changed

codepulse/src/main/scala/com/secdec/codepulse/dependencycheck/DependencyCheck.scala

Lines changed: 8 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -46,46 +46,32 @@ object DependencyCheckStatus {
4646
* @author robertf
4747
*/
4848
object DependencyCheck {
49-
private lazy val cveDbProps = {
50-
val cveDb = new CveDB
49+
private def cveDbProps(implicit settings: Settings) = {
50+
val cveDb = new CveDB(settings.settings)
5151
try {
52-
cveDb.open
5352
cveDb.getDatabaseProperties
5453
} finally {
5554
cveDb.close
5655
}
5756
}
5857

5958
def doUpdates()(implicit settings: Settings): Try[Unit] = Try {
60-
DepCheckSettings.initialize
61-
settings.applySettings
62-
63-
try {
59+
settings.withEngine { engine =>
6460
val svc = new UpdateService(Thread.currentThread.getContextClassLoader)
6561
for (src <- svc.getDataSources) {
66-
src.update
62+
src.update(engine)
6763
}
68-
} finally {
69-
DepCheckSettings.cleanup(true)
7064
}
7165
}
7266

7367
def runScan(scanSettings: ScanSettings)(implicit settings: Settings): File = {
74-
DepCheckSettings.initialize
75-
settings.applySettings
68+
settings.withEngine { engine =>
69+
engine scan scanSettings.app
70+
engine.analyzeDependencies
7671

77-
val scanner = new Engine
78-
try {
79-
scanner scan scanSettings.app
80-
scanner.analyzeDependencies
81-
82-
val report = new ReportGenerator(scanSettings.appName, scanner.getDependencies, scanner.getAnalyzers, cveDbProps)
83-
report.generateReports(scanSettings.reportDir.getCanonicalPath, scanSettings.reportFormat.value)
72+
engine.writeReports(scanSettings.appName, scanSettings.reportDir, scanSettings.reportFormat.value)
8473

8574
scanSettings.reportDir
86-
} finally {
87-
scanner.cleanup
88-
DepCheckSettings.cleanup(true)
8975
}
9076
}
9177
}

codepulse/src/main/scala/com/secdec/codepulse/dependencycheck/Settings.scala

Lines changed: 25 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -22,36 +22,47 @@ package com.secdec.codepulse.dependencycheck
2222
import java.io.File
2323

2424
import org.apache.commons.io.IOUtils
25-
import org.owasp.dependencycheck.reporting.ReportGenerator.{ Format => DCReportFormat }
25+
import org.owasp.dependencycheck.Engine
2626
import org.owasp.dependencycheck.utils.{ Settings => DepCheckSettings }
2727

2828
import com.secdec.codepulse.data.model.ProjectId
2929
import com.secdec.codepulse.paths
3030
import com.secdec.codepulse.util.RichFile._
3131

32-
sealed abstract class ReportFormat(val value: DCReportFormat)
32+
sealed abstract class ReportFormat(val value: String)
3333
object ReportFormat {
34-
case object Xml extends ReportFormat(DCReportFormat.XML)
35-
case object Html extends ReportFormat(DCReportFormat.HTML)
36-
case object Vuln extends ReportFormat(DCReportFormat.VULN)
37-
case object All extends ReportFormat(DCReportFormat.ALL)
34+
case object Xml extends ReportFormat("XML")
35+
case object Html extends ReportFormat("HTML")
36+
case object Vuln extends ReportFormat("VULN")
37+
case object Json extends ReportFormat("JSON")
38+
case object Csv extends ReportFormat("CSV")
39+
case object All extends ReportFormat("ALL")
3840
}
3941

4042
sealed trait ApplicableSettings {
41-
def applySettings(): Unit
43+
def settings: DepCheckSettings
44+
45+
def withEngine[T](f: Engine => T): T = {
46+
val engine = new Engine(settings)
47+
try {
48+
f(engine)
49+
} finally {
50+
engine.close()
51+
}
52+
}
4253
}
4354

4455
case class Settings(
4556
dataDir: File
4657
) extends ApplicableSettings {
4758

48-
def applySettings() {
49-
DepCheckSettings.setString(DepCheckSettings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath)
50-
DepCheckSettings.setBoolean(DepCheckSettings.KEYS.ANALYZER_JAR_ENABLED, true)
51-
DepCheckSettings.setBoolean(DepCheckSettings.KEYS.ANALYZER_ARCHIVE_ENABLED, true)
52-
DepCheckSettings.setBoolean(DepCheckSettings.KEYS.ANALYZER_NEXUS_ENABLED, true)
53-
DepCheckSettings.setBoolean(DepCheckSettings.KEYS.ANALYZER_NEXUS_USES_PROXY, false)
54-
}
59+
val settings = new DepCheckSettings
60+
61+
settings.setString(DepCheckSettings.KEYS.DATA_DIRECTORY, dataDir.getAbsolutePath)
62+
settings.setBoolean(DepCheckSettings.KEYS.ANALYZER_JAR_ENABLED, true)
63+
settings.setBoolean(DepCheckSettings.KEYS.ANALYZER_ARCHIVE_ENABLED, true)
64+
settings.setBoolean(DepCheckSettings.KEYS.ANALYZER_NEXUS_ENABLED, true)
65+
settings.setBoolean(DepCheckSettings.KEYS.ANALYZER_NEXUS_USES_PROXY, false)
5566
}
5667

5768
object Settings {

project/Dependencies.scala

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -61,5 +61,5 @@ object Dependencies {
6161
}
6262

6363
// dependency-check
64-
lazy val dependencyCheckCore = "org.owasp" % "dependency-check-core" % "1.4.4"
64+
lazy val dependencyCheckCore = "org.owasp" % "dependency-check-core" % "3.0.2"
6565
}

0 commit comments

Comments
 (0)