Skip to content

Commit

Permalink
feat: add mojo to scan plugins, resolves #4035
Browse files Browse the repository at this point in the history
  • Loading branch information
@jeremylong
jeremylong committed Nov 5, 2022
1 parent 172f523 commit b345359
Show file tree
Hide file tree
Showing 9 changed files with 608 additions and 185 deletions.
29 changes: 28 additions & 1 deletion core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,11 @@ public class Dependency extends EvidenceCollection implements Serializable {
* A collection of related dependencies.
*/
private final SortedSet<Dependency> relatedDependencies = new TreeSet<>(Dependency.NAME_COMPARATOR);
/**
* The set of dependencies that included this dependency (i.e., this is a
* transitive dependency because it was included by X).
*/
private final Set<String> includedBy = new HashSet<>();
/**
* A list of projects that reference this dependency.
*/
Expand Down Expand Up @@ -433,6 +438,7 @@ public synchronized Set<Identifier> getSoftwareIdentifiers() {
public synchronized Set<Identifier> getVulnerableSoftwareIdentifiers() {
return Collections.unmodifiableSet(this.vulnerableSoftwareIdentifiers);
}

/**
* Returns the count of vulnerability identifiers.
*
Expand All @@ -441,6 +447,7 @@ public synchronized Set<Identifier> getVulnerableSoftwareIdentifiers() {
public synchronized int getVulnerableSoftwareIdentifiersCount() {
return this.vulnerableSoftwareIdentifiers.size();
}

/**
* Adds a set of Identifiers to the current list of software identifiers.
* Only used for testing.
Expand Down Expand Up @@ -767,6 +774,26 @@ public synchronized void clearRelatedDependencies() {
relatedDependencies.clear();
}

/**
* Get the unmodifiable set of includedBy (the list of parents of this
* transitive dependency).
*
* @return the unmodifiable set of includedBy
*/
public synchronized Set<String> getIncludedBy() {
return Collections.unmodifiableSet(new HashSet<>(includedBy));
}

/**
* Adds the parent or root of the transitive dependency chain (i.e., this
* was included by the parent dependency X).
*
* @param includedBy a project reference
*/
public synchronized void addIncludedBy(String includedBy) {
this.includedBy.add(includedBy);
}

/**
* Get the unmodifiable set of projectReferences.
*
Expand Down Expand Up @@ -808,7 +835,7 @@ public synchronized void addRelatedDependency(Dependency dependency) {
LOGGER.debug("dependency: {}", dependency);
} else if (NAME_COMPARATOR.compare(this, dependency) == 0) {
LOGGER.debug("Attempted to add the same dependency as this, likely due to merging identical dependencies "
+ "obtained from different modules");
+ "obtained from different modules");
LOGGER.debug("this: {}", this);
LOGGER.debug("dependency: {}", dependency);
} else if (!relatedDependencies.add(dependency)) {
Expand Down
59 changes: 54 additions & 5 deletions core/src/main/resources/templates/htmlReport.vsl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -602,6 +602,28 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
.underline {
text-decoration: underline;
}
.tooltip {
position: relative;
display: inline-block;
border-bottom: 1px dotted black;
}

.tooltip .tooltiptext {
visibility: hidden;
width: 220px;
background-color: #cccccc;
text-align: center;
border-radius: 6px;
padding: 5px 0;

/* Position the tooltip */
position: absolute;
z-index: 1;
}

.tooltip:hover .tooltiptext {
visibility: visible;
}
</style>
</head>
<body>
Expand Down Expand Up @@ -804,10 +826,7 @@ Getting Help: <a href="https://github.com/jeremylong/DependencyCheck/issues" tar
<b>SHA256:</b>$enc.html($dependency.Sha256sum)
#end
#if ($dependency.projectReferences.size()==1)
<br/><b>Referenced In Project/Scope:</b>
#foreach($ref in $dependency.projectReferences)
$enc.html($ref)
#end
<br/><b>Referenced In Project/Scope:</b> $enc.html($dependency.projectReferences.iterator().next())
#end
#if ($dependency.projectReferences.size()>1)
<br/><b>Referenced In Projects/Scopes:</b><ul>
Expand All @@ -816,6 +835,16 @@ Getting Help: <a href="https://github.com/jeremylong/DependencyCheck/issues" tar
#end
</ul>
#end
#if ($dependency.includedBy.size()==1)
<br/><span class="tooltip"><span class="tooltiptext">$enc.html($dependency.DisplayFileName) is in the transitive dependency tree of the listed items.</span><b>Included by:</b></span> $enc.html($dependency.includedBy.iterator().next())
#end
#if ($dependency.includedBy.size()>1)
<br/><span class="tooltip"><span class="tooltiptext">$enc.html($dependency.DisplayFileName) is in the transitive dependency tree of the listed items.</span><b>Included by:</b></span><ul>
#foreach($parent in $dependency.includedBy)
<li>$enc.html($parent)</li>
#end
</ul>
#end
</p>
#set($cnt=$cnt+1)
<h4 id="header$cnt" class="subsectionheader expandable expandablesubsection white">Evidence</h4>
Expand Down Expand Up @@ -1010,11 +1039,31 @@ Getting Help: <a href="https://github.com/jeremylong/DependencyCheck/issues" tar
#end
#end
<b>File&nbsp;Path:</b>&nbsp;$enc.html($dependency.FilePath)<br/>
#if(!$dependency.isVirtual())
#if(!$dependency.isVirtual())
<b>MD5:</b>&nbsp;$enc.html($dependency.Md5sum)<br/>
<b>SHA1:</b>&nbsp;$enc.html($dependency.Sha1sum)<br/>
<b>SHA256:</b>&nbsp;$enc.html($dependency.Sha256sum)
#end
#if ($dependency.projectReferences.size()==1)
<br/><b>Referenced In Project/Scope:</b> $enc.html($dependency.projectReferences.iterator().next())
#end
#if ($dependency.projectReferences.size()>1)
<br/><b>Referenced In Projects/Scopes:</b><ul>
#foreach($ref in $dependency.projectReferences)
<li>$enc.html($ref)</li>
#end
</ul>
#end
#if ($dependency.includedBy.size()==1)
<br/><b>Included by:</b> $enc.html($dependency.includedBy.iterator().next())
#end
#if ($dependency.includedBy.size()>1)
<br/><b>Included by:</b><ul>
#foreach($parent in $dependency.includedBy)
<li>$enc.html($parent)</li>
#end
</ul>
#end
</p>
#set($cnt=$cnt+1)
<h4 id="header$cnt" class="subsectionheader expandable expandablesubsection white">Evidence</h4>
Expand Down
18 changes: 18 additions & 0 deletions maven/src/main/java/org/owasp/dependencycheck/maven/AggregateMojo.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,24 @@ protected ExceptionCollection scanDependencies(final Engine engine) throws MojoE
return exCol;
}

/**
* Scans the plugins of the project.
*
* @param engine the engine used to perform the scanning
* @param exCollection the collection of exceptions that might have occurred
* previously
* @return a collection of exceptions
* @throws MojoExecutionException thrown if a fatal exception occurs
*/
@Override
protected ExceptionCollection scanPlugins(final Engine engine, final ExceptionCollection exCollection) throws MojoExecutionException {
ExceptionCollection exCol = scanPlugins(getProject(), engine, null);
for (MavenProject childProject : getDescendants(this.getProject())) {
exCol = scanPlugins(childProject, engine, exCol);
}
return exCol;
}

/**
* Returns a set containing all the descendant projects of the given
* project.
Expand Down
Loading

0 comments on commit b345359

Please sign in to comment.