Examples of org.owasp.dependencycheck.Engine

org.owasp.dependencycheck.Engine
Scans files, directories, etc. for Dependencies. Analyzers are loaded and used to process the files found by the scan, if a file is encountered and an Analyzer is associated with the file type then the file is turned into a dependency. @author Jeremy Long

     * @throws org.owasp.dependencycheck.data.nvdcve.DatabaseException thrown if there is an exception connecting to the
     * database
     */
    private Engine executeDependencyCheck() throws DatabaseException {
        populateSettings();
        Engine engine = null;
        engine = new Engine();
        engine.setDependencies(this.dependencies);
        engine.analyzeDependencies();
        return engine;
    }

View Full Code Here

     *
     * @throws org.owasp.dependencycheck.exception.ScanAgentException thrown if there is an exception executing the
     * scan.
     */
    public void execute() throws ScanAgentException {
        Engine engine = null;
        try {
            engine = executeDependencyCheck();
            generateExternalReports(engine, new File(this.reportOutputDirectory));
            if (this.showSummary) {
                showSummary(engine.getDependencies());
            }
            if (this.failBuildOnCVSS <= 10) {
                checkForFailure(engine.getDependencies());
            }
        } catch (DatabaseException ex) {
            LOGGER.log(Level.SEVERE,
                    "Unable to connect to the dependency-check database; analysis has stopped");
            LOGGER.log(Level.FINE, "", ex);
        } finally {
            Settings.cleanup(true);
            if (engine != null) {
                engine.cleanup();
            }
        }
    }

View Full Code Here

     * @param project the project to run dependency-check on
     * @return the Engine used to scan the dependencies.
     * @throws DatabaseException thrown if there is an exception connecting to the database
     */
    private Engine executeDependencyCheck(MavenProject project) throws DatabaseException {
        final Engine localEngine = initializeEngine();


        final Set<Artifact> artifacts = project.getArtifacts();
        for (Artifact a : artifacts) {
            if (excludeFromScan(a)) {
                continue;
            }
            final List<Dependency> deps = localEngine.scan(a.getFile().getAbsoluteFile());
            if (deps != null) {
                if (deps.size() == 1) {
                    final Dependency d = deps.get(0);
                    if (d != null) {
                        final MavenArtifact ma = new MavenArtifact(a.getGroupId(), a.getArtifactId(), a.getVersion());
                        d.addAsEvidence("pom", ma, Confidence.HIGHEST);
                    }
                } else {
                    final String msg = String.format("More then 1 dependency was identified in first pass scan of '%s:%s:%s'",
                            a.getGroupId(), a.getArtifactId(), a.getVersion());
                    LOGGER.info(msg);
                }
            }
        }
        localEngine.analyzeDependencies();


        return localEngine;
    }

View Full Code Here

    public void testAnalyze() throws Exception {
        Dependency dependency = new Dependency();
        dependency.setFileName("pom.xml");
        dependency.setFilePath("pom.xml");
        dependency.addIdentifier("cpe", "cpe:/a:file:file:1.2.1", "http://some.org/url");
        Engine engine = null;
        FalsePositiveAnalyzer instance = new FalsePositiveAnalyzer();
        int before = dependency.getIdentifiers().size();
        instance.analyze(dependency, engine);
        int after = dependency.getIdentifiers().size();
        assertTrue(before > after);

View Full Code Here

        File jq10 = new File(this.getClass().getClassLoader().getResource("jquery-1.10.2.js").getPath());
        File jq10min = new File(this.getClass().getClassLoader().getResource("jquery-1.10.2.min.js").getPath());
        Dependency depJQ6 = new Dependency(jq6);
        Dependency depJQ10 = new Dependency(jq10);
        Dependency depJQ10min = new Dependency(jq10min);
        Engine engine = null;
        JavaScriptAnalyzer instance = new JavaScriptAnalyzer();


//        assertTrue(depJQ6.getEvidence().size() == 0);
//        assertTrue(depJQ10.getEvidence().size() == 0);
//        assertTrue(depJQ10min.getEvidence().size() == 0);

View Full Code Here


        File file = new File(this.getClass().getClassLoader().getResource("commons-fileupload-1.2.1.jar").getPath());
        File suppression = new File(this.getClass().getClassLoader().getResource("commons-fileupload-1.2.1.suppression.xml").getPath());
        Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
        Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
        Engine engine = new Engine();
        engine.scan(file);
        engine.analyzeDependencies();
        Dependency dependency = getDependency(engine, file);
        int cveSize = dependency.getVulnerabilities().size();
        int cpeSize = dependency.getIdentifiers().size();
        assertTrue(cveSize > 0);
        assertTrue(cpeSize > 0);
        Settings.setString(Settings.KEYS.SUPPRESSION_FILE, suppression.getAbsolutePath());
        VulnerabilitySuppressionAnalyzer instance = new VulnerabilitySuppressionAnalyzer();
        instance.initialize();
        instance.analyze(dependency, engine);
        cveSize = cveSize > 1 ? cveSize - 2 : 0;
        cpeSize = cpeSize > 0 ? cpeSize - 1 : 0;
        assertTrue(dependency.getVulnerabilities().size() == cveSize);
        assertTrue(dependency.getIdentifiers().size() == cpeSize);
        engine.cleanup();
    }

View Full Code Here

     * @return a newly instantiated <code>Engine</code>
     * @throws DatabaseException thrown if there is a database exception
     */
    private Engine initializeEngine() throws DatabaseException {
        populateSettings();
        final Engine localEngine = new Engine();
        return localEngine;
    }

View Full Code Here

        File axis = new File(this.getClass().getClassLoader().getResource("axis2-adb-1.4.1.jar").getPath());
        File jetty = new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath());


        boolean autoUpdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE);
        Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
        Engine engine = new Engine();
        Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);


        engine.scan(struts);
        engine.scan(axis);
        engine.scan(jetty);
        engine.analyzeDependencies();


        CveDB cveDB = new CveDB();
        cveDB.open();
        DatabaseProperties dbProp = cveDB.getDatabaseProperties();
        cveDB.close();


        ReportGenerator generator = new ReportGenerator("Test Report", engine.getDependencies(), engine.getAnalyzers(), dbProp);
        generator.generateReport(templateName, writeTo);


        engine.cleanup();


        InputStream xsdStream = ReportGenerator.class.getClassLoader().getResourceAsStream("schema/DependencyCheck.xsd");
        StreamSource xsdSource = new StreamSource(xsdStream);
        StreamSource xmlSource = new StreamSource(new File(writeTo));
        SchemaFactory sf = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);

View Full Code Here


            File file = new File(this.getClass().getClassLoader().getResource("daytrader-ear-2.1.7.ear").getPath());
            Dependency dependency = new Dependency(file);
            Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
            Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
            Engine engine = new Engine();


            int initial_size = engine.getDependencies().size();
            instance.analyze(dependency, engine);
            int ending_size = engine.getDependencies().size();


            engine.cleanup();


            assertTrue(initial_size < ending_size);


        } finally {
            instance.close();

View Full Code Here

            //File file = new File(this.getClass().getClassLoader().getResource("file.tar").getPath());
            File file = new File(this.getClass().getClassLoader().getResource("stagedhttp-modified.tar").getPath());
            Dependency dependency = new Dependency(file);
            Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
            Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
            Engine engine = new Engine();


            int initial_size = engine.getDependencies().size();
            instance.analyze(dependency, engine);
            int ending_size = engine.getDependencies().size();
            engine.cleanup();


            assertTrue(initial_size < ending_size);


        } finally {
            instance.close();

View Full Code Here

0 1

TOP

Related Classes of org.owasp.dependencycheck.Engine

org.owasp.dependencycheck.agent.DependencyCheckScanAgent

org.owasp.dependencycheck.analyzer.Analyzer

org.owasp.dependencycheck.analyzer.AnalyzerService

org.owasp.dependencycheck.analyzer.ArchiveAnalyzerIntegrationTest

org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzerTest

org.owasp.dependencycheck.analyzer.FileTypeAnalyzer

org.owasp.dependencycheck.analyzer.HintAnalyzerTest

org.owasp.dependencycheck.analyzer.JavaScriptAnalyzerTest

org.owasp.dependencycheck.analyzer.VulnerabilitySuppressionAnalyzerIntegrationTest

org.owasp.dependencycheck.data.cpe.CpeMemoryIndex

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.