1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package org.owasp.dependencycheck.taskdefs;
19
20 import java.io.File;
21 import java.util.ArrayList;
22 import java.util.List;
23 import java.util.stream.Collectors;
24 import java.util.stream.Stream;
25 import javax.annotation.concurrent.NotThreadSafe;
26
27 import org.apache.tools.ant.BuildException;
28 import org.apache.tools.ant.Project;
29 import org.apache.tools.ant.types.EnumeratedAttribute;
30 import org.apache.tools.ant.types.Reference;
31 import org.apache.tools.ant.types.Resource;
32 import org.apache.tools.ant.types.ResourceCollection;
33 import org.apache.tools.ant.types.resources.FileProvider;
34 import org.apache.tools.ant.types.resources.Resources;
35 import org.owasp.dependencycheck.Engine;
36 import org.owasp.dependencycheck.agent.DependencyCheckScanAgent;
37 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
38 import org.owasp.dependencycheck.dependency.Dependency;
39 import org.owasp.dependencycheck.dependency.Vulnerability;
40 import org.owasp.dependencycheck.dependency.naming.Identifier;
41 import org.owasp.dependencycheck.exception.ExceptionCollection;
42 import org.owasp.dependencycheck.exception.ReportException;
43 import org.owasp.dependencycheck.reporting.ReportGenerator.Format;
44 import org.owasp.dependencycheck.utils.Downloader;
45 import org.owasp.dependencycheck.utils.InvalidSettingException;
46 import org.owasp.dependencycheck.utils.Settings;
47 import org.owasp.dependencycheck.utils.SeverityUtil;
48 import org.owasp.dependencycheck.utils.scarf.TelemetryCollector;
49 import org.owasp.dependencycheck.ant.logging.AntTaskHolder;
50
51
52
53
54
55
56
57 @NotThreadSafe
58 public class Check extends Update {
59
60
61
62
63 private static final String NEW_LINE = System.getProperty("line.separator", "\n").intern();
64
65
66
67
68 private Boolean rubygemsAnalyzerEnabled;
69
70
71
72 private Boolean nodeAnalyzerEnabled;
73
74
75
76 private Boolean nodeAuditAnalyzerEnabled;
77
78
79
80 private Boolean yarnAuditAnalyzerEnabled;
81
82
83
84 private Boolean pnpmAuditAnalyzerEnabled;
85
86
87
88 private Boolean nodeAuditAnalyzerUseCache;
89
90
91
92
93 private Boolean nodePackageSkipDevDependencies;
94
95
96
97 private Boolean nodeAuditSkipDevDependencies;
98
99
100
101
102 @SuppressWarnings("CanBeFinal")
103 private final List<String> retireJsFilters = new ArrayList<>();
104
105
106
107
108 private Boolean retireJsFilterNonVulnerable;
109
110
111
112 private Boolean bundleAuditAnalyzerEnabled;
113
114
115
116 private Boolean cmakeAnalyzerEnabled;
117
118
119
120 private Boolean opensslAnalyzerEnabled;
121
122
123
124 private Boolean pyPackageAnalyzerEnabled;
125
126
127
128 private Boolean pyDistributionAnalyzerEnabled;
129
130
131
132 private Boolean mixAuditAnalyzerEnabled;
133
134
135
136 private Boolean centralAnalyzerEnabled;
137
138
139
140 private Boolean centralAnalyzerUseCache;
141
142
143
144 private Boolean nexusAnalyzerEnabled;
145
146
147
148
149 private String nexusUrl;
150
151
152
153 private String nexusUser;
154
155
156
157 private String nexusPassword;
158
159
160
161 private Boolean nexusUsesProxy;
162
163
164
165
166 private Boolean golangDepEnabled;
167
168
169
170
171 private Boolean golangModEnabled;
172
173
174
175 private String pathToGo;
176
177
178
179 private Boolean dartAnalyzerEnabled;
180
181
182
183 private String pathToYarn;
184
185
186
187 private String pathToPnpm;
188
189
190
191
192 private String zipExtensions;
193
194
195
196 private String pathToCore;
197
198
199
200 private String projectName = "dependency-check";
201
202
203
204
205 private String reportOutputDirectory;
206
207
208
209
210 private float junitFailOnCVSS = 0;
211
212
213
214
215
216
217
218 private float failBuildOnCVSS = 11;
219
220
221
222
223 private Boolean autoUpdate;
224
225
226
227
228 private String reportFormat = "HTML";
229
230
231
232
233 private final List<String> reportFormats = new ArrayList<>();
234
235
236
237
238 private Boolean prettyPrint = null;
239
240
241
242
243 @SuppressWarnings("CanBeFinal")
244 private final List<String> suppressionFiles = new ArrayList<>();
245
246
247
248
249 private String hintsFile;
250
251
252
253 private boolean showSummary = true;
254
255
256
257 private Boolean enableExperimental;
258
259
260
261 private Boolean enableRetired;
262
263
264
265 private Boolean jarAnalyzerEnabled;
266
267
268
269 private Boolean archiveAnalyzerEnabled;
270
271
272
273 private Boolean nuspecAnalyzerEnabled;
274
275
276
277 private Boolean nugetconfAnalyzerEnabled;
278
279
280
281 private Boolean libmanAnalyzerEnabled;
282
283
284
285 private Boolean composerAnalyzerEnabled;
286
287
288
289 private Boolean composerAnalyzerSkipDev;
290
291
292
293 private Boolean cpanfileAnalyzerEnabled;
294
295
296
297
298 private Boolean assemblyAnalyzerEnabled;
299
300
301
302 private Boolean msbuildAnalyzerEnabled;
303
304
305
306 private Boolean autoconfAnalyzerEnabled;
307
308
309
310 private Boolean pipAnalyzerEnabled;
311
312
313
314 private Boolean mavenInstallAnalyzerEnabled;
315
316
317
318 private Boolean pipfileAnalyzerEnabled;
319
320
321
322 private Boolean poetryAnalyzerEnabled;
323
324
325
326 private String mixAuditPath;
327
328
329
330 private String bundleAuditPath;
331
332
333
334
335 private String bundleAuditWorkingDirectory;
336
337
338
339 private Boolean cocoapodsAnalyzerEnabled;
340
341
342
343 private Boolean carthageAnalyzerEnabled;
344
345
346
347
348 private Boolean swiftPackageManagerAnalyzerEnabled;
349
350
351
352 private Boolean swiftPackageResolvedAnalyzerEnabled;
353
354
355
356
357 private Boolean ossindexAnalyzerEnabled;
358
359
360
361 private Boolean ossindexAnalyzerUseCache;
362
363
364
365 private String ossindexAnalyzerUrl;
366
367
368
369 private String ossindexAnalyzerUsername;
370
371
372
373 private String ossindexAnalyzerPassword;
374
375
376
377
378 private Boolean ossIndexAnalyzerWarnOnlyOnRemoteErrors;
379
380
381
382
383 private Boolean artifactoryAnalyzerEnabled;
384
385
386
387 private String artifactoryAnalyzerUrl;
388
389
390
391 private Boolean artifactoryAnalyzerUseProxy;
392
393
394
395 private Boolean artifactoryAnalyzerParallelAnalysis;
396
397
398
399 private String artifactoryAnalyzerUsername;
400
401
402
403 private String artifactoryAnalyzerApiToken;
404
405
406
407 private String artifactoryAnalyzerBearerToken;
408
409
410
411 private Boolean versionCheckEnabled;
412
413
414
415
416 private boolean failBuildOnUnusedSuppressionRule = false;
417
418
419
420
421 private String suppressionFileUser;
422
423
424
425 private String suppressionFilePassword;
426
427
428
429 private String suppressionFileBearerToken;
430
431
432
433
434
435
436 private Resources path = null;
437
438
439
440 private Reference refId = null;
441
442
443
444
445
446
447
448 public void add(ResourceCollection rc) {
449 if (isReference()) {
450 throw new BuildException("Nested elements are not allowed when using the refId attribute.");
451 }
452 getPath().add(rc);
453 }
454
455
456
457
458
459
460
461 private synchronized Resources getPath() {
462 if (path == null) {
463 path = new Resources(getProject());
464 path.setCache(true);
465 }
466 return path;
467 }
468
469
470
471
472
473
474 public boolean isReference() {
475 return refId != null;
476 }
477
478
479
480
481
482
483
484 public synchronized void setRefId(Reference r) {
485 if (path != null) {
486 throw new BuildException("Nested elements are not allowed when using the refId attribute.");
487 }
488 refId = r;
489 }
490
491
492
493
494
495
496
497
498
499
500 @SuppressWarnings("squid:RedundantThrowsDeclarationCheck")
501 private void dealWithReferences() throws BuildException {
502 if (isReference()) {
503 final Object o = refId.getReferencedObject(getProject());
504 if (!(o instanceof ResourceCollection)) {
505 throw new BuildException("refId '" + refId.getRefId()
506 + "' does not refer to a resource collection.");
507 }
508 getPath().add((ResourceCollection) o);
509 }
510 }
511
512
513
514
515
516 public Check() {
517 super();
518
519
520 AntTaskHolder.setTask(this);
521 }
522
523
524
525
526
527
528
529
530 public void addConfiguredSuppressionFile(final SuppressionFile suppressionFile) {
531 suppressionFiles.add(resolveRelative(suppressionFile.getPath()));
532 }
533
534
535
536
537
538
539
540
541 public void addConfiguredReportFormat(final ReportFormat reportFormat) {
542 reportFormats.add(reportFormat.getFormat());
543 }
544
545
546
547
548
549
550
551 public void setVersionCheckEnabled(Boolean versionCheckEnabled) {
552 this.versionCheckEnabled = versionCheckEnabled;
553 }
554
555
556
557
558
559
560 public String getProjectName() {
561 if (projectName == null) {
562 projectName = "";
563 }
564 return projectName;
565 }
566
567
568
569
570
571
572 public void setProjectName(String projectName) {
573 this.projectName = projectName;
574 }
575
576 private String resolveRelative(String path) {
577 if (path == null) {
578 return null;
579 }
580
581 File file = new File(path);
582 if (file.isAbsolute()) {
583 return path;
584 }
585
586 return new File(getProject().getBaseDir(), path).getPath();
587 }
588
589
590
591
592
593
594 public void setReportOutputDirectory(String reportOutputDirectory) {
595 this.reportOutputDirectory = resolveRelative(reportOutputDirectory);
596 }
597
598
599
600
601
602
603 public void setFailBuildOnCVSS(float failBuildOnCVSS) {
604 this.failBuildOnCVSS = failBuildOnCVSS;
605 }
606
607
608
609
610
611
612 public void setJunitFailOnCVSS(float junitFailOnCVSS) {
613 this.junitFailOnCVSS = junitFailOnCVSS;
614 }
615
616
617
618
619
620
621 public void setAutoUpdate(Boolean autoUpdate) {
622 this.autoUpdate = autoUpdate;
623 }
624
625
626
627
628
629
630 public void setPrettyPrint(boolean prettyPrint) {
631 this.prettyPrint = prettyPrint;
632 }
633
634
635
636
637
638
639 public void setReportFormat(ReportFormats reportFormat) {
640 this.reportFormat = reportFormat.getValue();
641 this.reportFormats.add(this.reportFormat);
642 }
643
644
645
646
647
648
649 public List<String> getReportFormats() {
650 if (reportFormats.isEmpty()) {
651 this.reportFormats.add(this.reportFormat);
652 }
653 return this.reportFormats;
654 }
655
656
657
658
659
660
661 public void setSuppressionFile(String suppressionFile) {
662 suppressionFiles.add(resolveRelative(suppressionFile));
663 }
664
665
666
667
668
669
670 public void setSuppressionFileUser(String suppressionFileUser) {
671 this.suppressionFileUser = suppressionFileUser;
672 }
673
674
675
676
677
678
679 public void setSuppressionFilePassword(String suppressionFilePassword) {
680 this.suppressionFilePassword = suppressionFilePassword;
681 }
682
683
684
685
686
687
688 public void setSuppressionFileBearerToken(String suppressionFileBearerToken) {
689 this.suppressionFileBearerToken = suppressionFileBearerToken;
690 }
691
692
693
694
695
696
697 public void setHintsFile(String hintsFile) {
698 this.hintsFile = hintsFile;
699 }
700
701
702
703
704
705
706 public void setShowSummary(boolean showSummary) {
707 this.showSummary = showSummary;
708 }
709
710
711
712
713
714
715 public void setEnableExperimental(Boolean enableExperimental) {
716 this.enableExperimental = enableExperimental;
717 }
718
719
720
721
722
723
724 public void setEnableRetired(Boolean enableRetired) {
725 this.enableRetired = enableRetired;
726 }
727
728
729
730
731
732
733 public void setJarAnalyzerEnabled(Boolean jarAnalyzerEnabled) {
734 this.jarAnalyzerEnabled = jarAnalyzerEnabled;
735 }
736
737
738
739
740
741
742 public void setArchiveAnalyzerEnabled(Boolean archiveAnalyzerEnabled) {
743 this.archiveAnalyzerEnabled = archiveAnalyzerEnabled;
744 }
745
746
747
748
749
750
751 public void setAssemblyAnalyzerEnabled(Boolean assemblyAnalyzerEnabled) {
752 this.assemblyAnalyzerEnabled = assemblyAnalyzerEnabled;
753 }
754
755
756
757
758
759
760 public void setMSBuildAnalyzerEnabled(Boolean msbuildAnalyzerEnabled) {
761 this.msbuildAnalyzerEnabled = msbuildAnalyzerEnabled;
762 }
763
764
765
766
767
768
769 public void setNuspecAnalyzerEnabled(Boolean nuspecAnalyzerEnabled) {
770 this.nuspecAnalyzerEnabled = nuspecAnalyzerEnabled;
771 }
772
773
774
775
776
777
778 public void setNugetconfAnalyzerEnabled(Boolean nugetconfAnalyzerEnabled) {
779 this.nugetconfAnalyzerEnabled = nugetconfAnalyzerEnabled;
780 }
781
782
783
784
785
786
787 public void setLibmanAnalyzerEnabled(Boolean libmanAnalyzerEnabled) {
788 this.libmanAnalyzerEnabled = libmanAnalyzerEnabled;
789 }
790
791
792
793
794
795
796 public void setComposerAnalyzerEnabled(Boolean composerAnalyzerEnabled) {
797 this.composerAnalyzerEnabled = composerAnalyzerEnabled;
798 }
799
800
801
802
803
804
805 public void setComposerAnalyzerSkipDev(Boolean composerAnalyzerSkipDev) {
806 this.composerAnalyzerSkipDev = composerAnalyzerSkipDev;
807 }
808
809
810
811
812
813
814 public void setCpanfileAnalyzerEnabled(Boolean cpanfileAnalyzerEnabled) {
815 this.cpanfileAnalyzerEnabled = cpanfileAnalyzerEnabled;
816 }
817
818
819
820
821
822
823 public void setAutoconfAnalyzerEnabled(Boolean autoconfAnalyzerEnabled) {
824 this.autoconfAnalyzerEnabled = autoconfAnalyzerEnabled;
825 }
826
827
828
829
830
831
832 public void setPipAnalyzerEnabled(Boolean pipAnalyzerEnabled) {
833 this.pipAnalyzerEnabled = pipAnalyzerEnabled;
834 }
835
836
837
838
839
840
841 public void setPipfileAnalyzerEnabled(Boolean pipfileAnalyzerEnabled) {
842 this.pipfileAnalyzerEnabled = pipfileAnalyzerEnabled;
843 }
844
845
846
847
848
849
850 public void setPoetryAnalyzerEnabled(Boolean poetryAnalyzerEnabled) {
851 this.poetryAnalyzerEnabled = poetryAnalyzerEnabled;
852 }
853
854
855
856
857
858
859
860 public void setBundleAuditAnalyzerEnabled(Boolean bundleAuditAnalyzerEnabled) {
861 this.bundleAuditAnalyzerEnabled = bundleAuditAnalyzerEnabled;
862 }
863
864
865
866
867
868
869 public void setBundleAuditPath(String bundleAuditPath) {
870 this.bundleAuditPath = bundleAuditPath;
871 }
872
873
874
875
876
877
878
879
880 public void setBundleAuditWorkingDirectory(String bundleAuditWorkingDirectory) {
881 this.bundleAuditWorkingDirectory = bundleAuditWorkingDirectory;
882 }
883
884
885
886
887
888
889 public void setCocoapodsAnalyzerEnabled(Boolean cocoapodsAnalyzerEnabled) {
890 this.cocoapodsAnalyzerEnabled = cocoapodsAnalyzerEnabled;
891 }
892
893
894
895
896
897
898 public void setCarthageAnalyzerEnabled(Boolean carthageAnalyzerEnabled) {
899 this.carthageAnalyzerEnabled = carthageAnalyzerEnabled;
900 }
901
902
903
904
905
906
907
908 public void setSwiftPackageManagerAnalyzerEnabled(Boolean swiftPackageManagerAnalyzerEnabled) {
909 this.swiftPackageManagerAnalyzerEnabled = swiftPackageManagerAnalyzerEnabled;
910 }
911
912
913
914
915
916
917
918 public void setSwiftPackageResolvedAnalyzerEnabled(Boolean swiftPackageResolvedAnalyzerEnabled) {
919 this.swiftPackageResolvedAnalyzerEnabled = swiftPackageResolvedAnalyzerEnabled;
920 }
921
922
923
924
925
926
927 public void setOpensslAnalyzerEnabled(Boolean opensslAnalyzerEnabled) {
928 this.opensslAnalyzerEnabled = opensslAnalyzerEnabled;
929 }
930
931
932
933
934
935
936 public void setNodeAnalyzerEnabled(Boolean nodeAnalyzerEnabled) {
937 this.nodeAnalyzerEnabled = nodeAnalyzerEnabled;
938 }
939
940
941
942
943
944
945 public void setNodeAuditAnalyzerEnabled(Boolean nodeAuditAnalyzerEnabled) {
946 this.nodeAuditAnalyzerEnabled = nodeAuditAnalyzerEnabled;
947 }
948
949
950
951
952
953
954 public void setYarnAuditAnalyzerEnabled(Boolean yarnAuditAnalyzerEnabled) {
955 this.yarnAuditAnalyzerEnabled = yarnAuditAnalyzerEnabled;
956 }
957
958
959
960
961
962
963 public void setPnpmAuditAnalyzerEnabled(Boolean pnpmAuditAnalyzerEnabled) {
964 this.pnpmAuditAnalyzerEnabled = pnpmAuditAnalyzerEnabled;
965 }
966
967
968
969
970
971
972 public void setNodeAuditAnalyzerUseCache(Boolean nodeAuditAnalyzerUseCache) {
973 this.nodeAuditAnalyzerUseCache = nodeAuditAnalyzerUseCache;
974 }
975
976
977
978
979
980
981
982 public void setNodePackageSkipDevDependencies(Boolean nodePackageSkipDevDependencies) {
983 this.nodePackageSkipDevDependencies = nodePackageSkipDevDependencies;
984 }
985
986
987
988
989
990
991
992 public void setNodeAuditSkipDevDependencies(Boolean nodeAuditSkipDevDependencies) {
993 this.nodeAuditSkipDevDependencies = nodeAuditSkipDevDependencies;
994 }
995
996
997
998
999
1000
1001
1002
1003 @Deprecated
1004 public void setRetirejsFilterNonVulnerable(Boolean retireJsFilterNonVulnerable) {
1005 log("'retirejsFilterNonVulnerable' is deprecated and may be removed in the next major release, please migrate to 'retireJsFilterNonVulnerable'",
1006 Project.MSG_WARN);
1007 this.retireJsFilterNonVulnerable = retireJsFilterNonVulnerable;
1008 }
1009
1010
1011
1012
1013
1014
1015
1016 public void setRetireJsFilterNonVulnerable(Boolean retireJsFilterNonVulnerable) {
1017 this.retireJsFilterNonVulnerable = retireJsFilterNonVulnerable;
1018 }
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029 @Deprecated
1030 public void addConfiguredRetirejsFilter(final RetirejsFilter retireJsFilter) {
1031 log("'retirejsFilter' is deprecated and may be removed in the next major release, please migrate to 'retireJsFilter'",
1032 Project.MSG_WARN);
1033 retireJsFilters.add(retireJsFilter.getRegex());
1034 }
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044 public void addConfiguredRetireJsFilter(final RetirejsFilter retireJsFilter) {
1045 retireJsFilters.add(retireJsFilter.getRegex());
1046 }
1047
1048
1049
1050
1051
1052
1053 public void setRubygemsAnalyzerEnabled(Boolean rubygemsAnalyzerEnabled) {
1054 this.rubygemsAnalyzerEnabled = rubygemsAnalyzerEnabled;
1055 }
1056
1057
1058
1059
1060
1061
1062 public void setPyPackageAnalyzerEnabled(Boolean pyPackageAnalyzerEnabled) {
1063 this.pyPackageAnalyzerEnabled = pyPackageAnalyzerEnabled;
1064 }
1065
1066
1067
1068
1069
1070
1071
1072 public void setPyDistributionAnalyzerEnabled(Boolean pyDistributionAnalyzerEnabled) {
1073 this.pyDistributionAnalyzerEnabled = pyDistributionAnalyzerEnabled;
1074 }
1075
1076
1077
1078
1079
1080
1081 public void setMixAuditAnalyzerEnabled(Boolean mixAuditAnalyzerEnabled) {
1082 this.mixAuditAnalyzerEnabled = mixAuditAnalyzerEnabled;
1083 }
1084
1085
1086
1087
1088
1089
1090 public void setMixAuditPath(String mixAuditPath) {
1091 this.mixAuditPath = mixAuditPath;
1092 }
1093
1094
1095
1096
1097
1098 public void setCentralAnalyzerEnabled(Boolean centralAnalyzerEnabled) {
1099 this.centralAnalyzerEnabled = centralAnalyzerEnabled;
1100 }
1101
1102
1103
1104
1105
1106
1107 public void setCentralAnalyzerUseCache(Boolean centralAnalyzerUseCache) {
1108 this.centralAnalyzerUseCache = centralAnalyzerUseCache;
1109 }
1110
1111
1112
1113
1114
1115
1116 public void setNexusAnalyzerEnabled(Boolean nexusAnalyzerEnabled) {
1117 this.nexusAnalyzerEnabled = nexusAnalyzerEnabled;
1118 }
1119
1120
1121
1122
1123
1124
1125 public void setGolangDepEnabled(Boolean golangDepEnabled) {
1126 this.golangDepEnabled = golangDepEnabled;
1127 }
1128
1129
1130
1131
1132
1133
1134 public void setGolangModEnabled(Boolean golangModEnabled) {
1135 this.golangModEnabled = golangModEnabled;
1136 }
1137
1138
1139
1140
1141
1142
1143 public void setDartAnalyzerEnabled(Boolean dartAnalyzerEnabled) {
1144 this.dartAnalyzerEnabled = dartAnalyzerEnabled;
1145 }
1146
1147
1148
1149
1150
1151
1152 public void setPathToYarn(String pathToYarn) {
1153 this.pathToYarn = pathToYarn;
1154 }
1155
1156
1157
1158
1159
1160
1161 public void setPathToPnpm(String pathToPnpm) {
1162 this.pathToPnpm = pathToPnpm;
1163 }
1164
1165
1166
1167
1168
1169
1170 public void setPathToGo(String pathToGo) {
1171 this.pathToGo = pathToGo;
1172 }
1173
1174
1175
1176
1177
1178
1179 public void setNexusUrl(String nexusUrl) {
1180 this.nexusUrl = nexusUrl;
1181 }
1182
1183
1184
1185
1186
1187
1188 public void setNexusUser(String nexusUser) {
1189 this.nexusUser = nexusUser;
1190 }
1191
1192
1193
1194
1195
1196
1197 public void setNexusPassword(String nexusPassword) {
1198 this.nexusPassword = nexusPassword;
1199 }
1200
1201
1202
1203
1204
1205
1206 public void setNexusUsesProxy(Boolean nexusUsesProxy) {
1207 this.nexusUsesProxy = nexusUsesProxy;
1208 }
1209
1210
1211
1212
1213
1214
1215 public void setZipExtensions(String zipExtensions) {
1216 this.zipExtensions = zipExtensions;
1217 }
1218
1219
1220
1221
1222
1223
1224 public void setPathToDotnetCore(String pathToCore) {
1225 this.pathToCore = pathToCore;
1226 }
1227
1228
1229
1230
1231
1232
1233
1234 @Deprecated
1235 public void setOssindexAnalyzerEnabled(Boolean ossindexAnalyzerEnabled) {
1236 log("'ossindexAnalyzerEnabled' is deprecated and may be removed in the next major release, please migrate to 'ossIndexAnalyzerEnabled'",
1237 Project.MSG_WARN);
1238 this.ossindexAnalyzerEnabled = ossindexAnalyzerEnabled;
1239 }
1240
1241
1242
1243
1244
1245
1246 public void setOssIndexAnalyzerEnabled(Boolean ossIndexAnalyzerEnabled) {
1247 this.ossindexAnalyzerEnabled = ossIndexAnalyzerEnabled;
1248 }
1249
1250
1251
1252
1253
1254
1255
1256 @Deprecated
1257 public void setOssindexAnalyzerUseCache(Boolean ossindexAnalyzerUseCache) {
1258 log("'ossindexAnalyzerUseCache' is deprecated and may be removed in the next major release, please migrate to 'ossIndexAnalyzerUseCache'",
1259 Project.MSG_WARN);
1260 this.ossindexAnalyzerUseCache = ossindexAnalyzerUseCache;
1261 }
1262
1263
1264
1265
1266
1267
1268 public void setOssIndexAnalyzerUseCache(Boolean ossIndexAnalyzerUseCache) {
1269 this.ossindexAnalyzerUseCache = ossIndexAnalyzerUseCache;
1270 }
1271
1272
1273
1274
1275
1276
1277
1278 @Deprecated
1279 public void setOssindexAnalyzerUrl(String ossindexAnalyzerUrl) {
1280 log("'ossindexAnalyzerUrl' is deprecated and may be removed in the next major release, please migrate to 'ossIndexAnalyzerUrl'",
1281 Project.MSG_WARN);
1282 this.ossindexAnalyzerUrl = ossindexAnalyzerUrl;
1283 }
1284
1285
1286
1287
1288
1289
1290 public void setOssIndexAnalyzerUrl(String ossIndexAnalyzerUrl) {
1291 this.ossindexAnalyzerUrl = ossIndexAnalyzerUrl;
1292 }
1293
1294
1295
1296
1297
1298
1299
1300 @Deprecated
1301 public void setOssindexAnalyzerUsername(String ossindexAnalyzerUsername) {
1302 log("'ossindexAnalyzerUsername' is deprecated and may be removed in the next major release, please migrate to 'ossIndexAnalyzerUsername'",
1303 Project.MSG_WARN);
1304 this.ossindexAnalyzerUsername = ossindexAnalyzerUsername;
1305 }
1306
1307
1308
1309
1310
1311
1312 public void setOssIndexAnalyzerUsername(String ossIndexAnalyzerUsername) {
1313 this.ossindexAnalyzerUsername = ossIndexAnalyzerUsername;
1314 }
1315
1316
1317
1318
1319
1320
1321
1322 @Deprecated
1323 public void setOssindexAnalyzerPassword(String ossindexAnalyzerPassword) {
1324 log("'ossindexAnalyzerPassword' is deprecated and may be removed in the next major release, please migrate to 'ossIndexAnalyzerPassword'",
1325 Project.MSG_WARN);
1326 this.ossindexAnalyzerPassword = ossindexAnalyzerPassword;
1327 }
1328
1329
1330
1331
1332
1333
1334 public void setOssIndexAnalyzerPassword(String ossIndexAnalyzerPassword) {
1335 this.ossindexAnalyzerPassword = ossIndexAnalyzerPassword;
1336 }
1337
1338
1339
1340
1341
1342
1343
1344 public void setOssIndexWarnOnlyOnRemoteErrors(Boolean ossIndexWarnOnlyOnRemoteErrors) {
1345 this.ossIndexAnalyzerWarnOnlyOnRemoteErrors = ossIndexWarnOnlyOnRemoteErrors;
1346 }
1347
1348
1349
1350
1351
1352
1353 public void setCmakeAnalyzerEnabled(Boolean cmakeAnalyzerEnabled) {
1354 this.cmakeAnalyzerEnabled = cmakeAnalyzerEnabled;
1355 }
1356
1357
1358
1359
1360
1361
1362 public void setArtifactoryAnalyzerEnabled(Boolean artifactoryAnalyzerEnabled) {
1363 this.artifactoryAnalyzerEnabled = artifactoryAnalyzerEnabled;
1364 }
1365
1366
1367
1368
1369
1370
1371 public void setArtifactoryAnalyzerUrl(String artifactoryAnalyzerUrl) {
1372 this.artifactoryAnalyzerUrl = artifactoryAnalyzerUrl;
1373 }
1374
1375
1376
1377
1378
1379
1380
1381 public void setArtifactoryAnalyzerUseProxy(Boolean artifactoryAnalyzerUseProxy) {
1382 this.artifactoryAnalyzerUseProxy = artifactoryAnalyzerUseProxy;
1383 }
1384
1385
1386
1387
1388
1389
1390
1391 public void setArtifactoryAnalyzerParallelAnalysis(Boolean artifactoryAnalyzerParallelAnalysis) {
1392 this.artifactoryAnalyzerParallelAnalysis = artifactoryAnalyzerParallelAnalysis;
1393 }
1394
1395
1396
1397
1398
1399
1400
1401 public void setArtifactoryAnalyzerUsername(String artifactoryAnalyzerUsername) {
1402 this.artifactoryAnalyzerUsername = artifactoryAnalyzerUsername;
1403 }
1404
1405
1406
1407
1408
1409
1410
1411 public void setArtifactoryAnalyzerApiToken(String artifactoryAnalyzerApiToken) {
1412 this.artifactoryAnalyzerApiToken = artifactoryAnalyzerApiToken;
1413 }
1414
1415
1416
1417
1418
1419
1420
1421 public void setArtifactoryAnalyzerBearerToken(String artifactoryAnalyzerBearerToken) {
1422 this.artifactoryAnalyzerBearerToken = artifactoryAnalyzerBearerToken;
1423 }
1424
1425
1426
1427
1428
1429
1430
1431 public void setFailBuildOnUnusedSuppressionRule(boolean failBuildOnUnusedSuppressionRule) {
1432 this.failBuildOnUnusedSuppressionRule = failBuildOnUnusedSuppressionRule;
1433 }
1434
1435
1436 @SuppressWarnings("squid:RedundantThrowsDeclarationCheck")
1437 @Override
1438 protected void executeWithContextClassloader() throws BuildException {
1439 dealWithReferences();
1440 validateConfiguration();
1441 populateSettings();
1442 try {
1443 Downloader.getInstance().configure(getSettings());
1444 } catch (InvalidSettingException e) {
1445 throw new BuildException(e);
1446 }
1447 TelemetryCollector.send(getSettings());
1448 try (Engine engine = new Engine(Check.class.getClassLoader(), getSettings())) {
1449 for (Resource resource : getPath()) {
1450 final FileProvider provider = resource.as(FileProvider.class);
1451 if (provider != null) {
1452 final File file = provider.getFile();
1453 if (file != null && file.exists()) {
1454 engine.scan(file);
1455 }
1456 }
1457 }
1458 final ExceptionCollection exceptions = callExecuteAnalysis(engine);
1459 if (exceptions == null || !exceptions.isFatal()) {
1460 for (String format : getReportFormats()) {
1461 engine.writeReports(getProjectName(), new File(reportOutputDirectory), format, exceptions);
1462 }
1463 if (this.failBuildOnCVSS <= 10) {
1464 checkForFailure(engine.getDependencies());
1465 }
1466 if (this.showSummary) {
1467 DependencyCheckScanAgent.showSummary(engine.getDependencies());
1468 }
1469 }
1470 } catch (DatabaseException ex) {
1471 final String msg = "Unable to connect to the dependency-check database; analysis has stopped";
1472 if (this.isFailOnError()) {
1473 throw new BuildException(msg, ex);
1474 }
1475 log(msg, ex, Project.MSG_ERR);
1476 } catch (ReportException ex) {
1477 final String msg = "Unable to generate the dependency-check report";
1478 if (this.isFailOnError()) {
1479 throw new BuildException(msg, ex);
1480 }
1481 log(msg, ex, Project.MSG_ERR);
1482 } finally {
1483 getSettings().cleanup();
1484 }
1485 }
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497 @SuppressWarnings("squid:RedundantThrowsDeclarationCheck")
1498 private ExceptionCollection callExecuteAnalysis(final Engine engine) throws BuildException {
1499 ExceptionCollection exceptions = null;
1500 try {
1501 engine.analyzeDependencies();
1502 } catch (ExceptionCollection ex) {
1503 if (this.isFailOnError()) {
1504 throw new BuildException(ex);
1505 }
1506 exceptions = ex;
1507 }
1508 return exceptions;
1509 }
1510
1511
1512
1513
1514
1515
1516
1517
1518 @SuppressWarnings("squid:RedundantThrowsDeclarationCheck")
1519 private synchronized void validateConfiguration() throws BuildException {
1520 if (path == null) {
1521 throw new BuildException("No project dependencies have been defined to analyze.");
1522 }
1523 if (failBuildOnCVSS < 0 || failBuildOnCVSS > 11) {
1524 throw new BuildException("Invalid configuration, failBuildOnCVSS must be between 0 and 11.");
1525 }
1526 }
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536 @SuppressWarnings("squid:RedundantThrowsDeclarationCheck")
1537 @Override
1538 protected void populateSettings() throws BuildException {
1539 super.populateSettings();
1540 getSettings().setBooleanIfNotNull(Settings.KEYS.AUTO_UPDATE, autoUpdate);
1541 getSettings().setArrayIfNotEmpty(Settings.KEYS.SUPPRESSION_FILE, suppressionFiles);
1542 getSettings().setStringIfNotEmpty(Settings.KEYS.SUPPRESSION_FILE_USER, suppressionFileUser);
1543 getSettings().setStringIfNotEmpty(Settings.KEYS.SUPPRESSION_FILE_PASSWORD, suppressionFilePassword);
1544 getSettings().setStringIfNotEmpty(Settings.KEYS.SUPPRESSION_FILE_BEARER_TOKEN, suppressionFileBearerToken);
1545 getSettings().setBooleanIfNotNull(Settings.KEYS.UPDATE_VERSION_CHECK_ENABLED, versionCheckEnabled);
1546 getSettings().setStringIfNotEmpty(Settings.KEYS.HINTS_FILE, hintsFile);
1547 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_EXPERIMENTAL_ENABLED, enableExperimental);
1548 getSettings().setBooleanIfNotNull(Settings.KEYS.PRETTY_PRINT, prettyPrint);
1549 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_RETIRED_ENABLED, enableRetired);
1550 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_JAR_ENABLED, jarAnalyzerEnabled);
1551 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_PYTHON_DISTRIBUTION_ENABLED, pyDistributionAnalyzerEnabled);
1552 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_PYTHON_PACKAGE_ENABLED, pyPackageAnalyzerEnabled);
1553 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_RUBY_GEMSPEC_ENABLED, rubygemsAnalyzerEnabled);
1554 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_OPENSSL_ENABLED, opensslAnalyzerEnabled);
1555 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_CMAKE_ENABLED, cmakeAnalyzerEnabled);
1556
1557 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_ARTIFACTORY_ENABLED, artifactoryAnalyzerEnabled);
1558 getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_ARTIFACTORY_URL, artifactoryAnalyzerUrl);
1559 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_ARTIFACTORY_USES_PROXY, artifactoryAnalyzerUseProxy);
1560 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_ARTIFACTORY_PARALLEL_ANALYSIS, artifactoryAnalyzerParallelAnalysis);
1561 getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_ARTIFACTORY_API_USERNAME, artifactoryAnalyzerUsername);
1562 getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_ARTIFACTORY_API_TOKEN, artifactoryAnalyzerApiToken);
1563 getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_ARTIFACTORY_BEARER_TOKEN, artifactoryAnalyzerBearerToken);
1564
1565 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_SWIFT_PACKAGE_MANAGER_ENABLED, swiftPackageManagerAnalyzerEnabled);
1566 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_SWIFT_PACKAGE_RESOLVED_ENABLED, swiftPackageResolvedAnalyzerEnabled);
1567 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_COCOAPODS_ENABLED, cocoapodsAnalyzerEnabled);
1568 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_CARTHAGE_ENABLED, carthageAnalyzerEnabled);
1569 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_ENABLED, bundleAuditAnalyzerEnabled);
1570 getSettings().setStringIfNotNull(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_PATH, bundleAuditPath);
1571 getSettings().setStringIfNotNull(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_WORKING_DIRECTORY, bundleAuditWorkingDirectory);
1572 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_AUTOCONF_ENABLED, autoconfAnalyzerEnabled);
1573 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_MAVEN_INSTALL_ENABLED, mavenInstallAnalyzerEnabled);
1574 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_PIP_ENABLED, pipAnalyzerEnabled);
1575 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_PIPFILE_ENABLED, pipfileAnalyzerEnabled);
1576 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_POETRY_ENABLED, poetryAnalyzerEnabled);
1577 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_COMPOSER_LOCK_ENABLED, composerAnalyzerEnabled);
1578 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_COMPOSER_LOCK_SKIP_DEV, composerAnalyzerSkipDev);
1579 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_CPANFILE_ENABLED, cpanfileAnalyzerEnabled);
1580 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NODE_PACKAGE_ENABLED, nodeAnalyzerEnabled);
1581 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NODE_PACKAGE_SKIPDEV, nodePackageSkipDevDependencies);
1582 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NODE_AUDIT_ENABLED, nodeAuditAnalyzerEnabled);
1583 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_YARN_AUDIT_ENABLED, yarnAuditAnalyzerEnabled);
1584 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_PNPM_AUDIT_ENABLED, pnpmAuditAnalyzerEnabled);
1585 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NODE_AUDIT_USE_CACHE, nodeAuditAnalyzerUseCache);
1586 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NODE_AUDIT_SKIPDEV, nodeAuditSkipDevDependencies);
1587 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_RETIREJS_FILTER_NON_VULNERABLE, retireJsFilterNonVulnerable);
1588 getSettings().setArrayIfNotEmpty(Settings.KEYS.ANALYZER_RETIREJS_FILTERS, retireJsFilters);
1589 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_GOLANG_DEP_ENABLED, golangDepEnabled);
1590 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_GOLANG_MOD_ENABLED, golangModEnabled);
1591 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_DART_ENABLED, dartAnalyzerEnabled);
1592 getSettings().setStringIfNotNull(Settings.KEYS.ANALYZER_GOLANG_PATH, pathToGo);
1593 getSettings().setStringIfNotNull(Settings.KEYS.ANALYZER_YARN_PATH, pathToYarn);
1594 getSettings().setStringIfNotNull(Settings.KEYS.ANALYZER_PNPM_PATH, pathToPnpm);
1595 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_MIX_AUDIT_ENABLED, mixAuditAnalyzerEnabled);
1596 getSettings().setStringIfNotNull(Settings.KEYS.ANALYZER_MIX_AUDIT_PATH, mixAuditPath);
1597 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NUSPEC_ENABLED, nuspecAnalyzerEnabled);
1598 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NUGETCONF_ENABLED, nugetconfAnalyzerEnabled);
1599 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_LIBMAN_ENABLED, libmanAnalyzerEnabled);
1600 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, centralAnalyzerEnabled);
1601 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_CENTRAL_USE_CACHE, centralAnalyzerUseCache);
1602 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NEXUS_ENABLED, nexusAnalyzerEnabled);
1603 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, archiveAnalyzerEnabled);
1604 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED, assemblyAnalyzerEnabled);
1605 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_MSBUILD_PROJECT_ENABLED, msbuildAnalyzerEnabled);
1606 getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_NEXUS_URL, nexusUrl);
1607 getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_NEXUS_USER, nexusUser);
1608 getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_NEXUS_PASSWORD, nexusPassword);
1609 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NEXUS_USES_PROXY, nexusUsesProxy);
1610 getSettings().setStringIfNotEmpty(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, zipExtensions);
1611 getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_ASSEMBLY_DOTNET_PATH, pathToCore);
1612 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_OSSINDEX_ENABLED, ossindexAnalyzerEnabled);
1613 getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_URL, ossindexAnalyzerUrl);
1614 getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_USER, ossindexAnalyzerUsername);
1615 getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_PASSWORD, ossindexAnalyzerPassword);
1616 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_OSSINDEX_USE_CACHE, ossindexAnalyzerUseCache);
1617 getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_OSSINDEX_WARN_ONLY_ON_REMOTE_ERRORS, ossIndexAnalyzerWarnOnlyOnRemoteErrors);
1618 getSettings().setFloat(Settings.KEYS.JUNIT_FAIL_ON_CVSS, junitFailOnCVSS);
1619 getSettings().setBooleanIfNotNull(Settings.KEYS.FAIL_ON_UNUSED_SUPPRESSION_RULE, failBuildOnUnusedSuppressionRule);
1620 }
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631 @SuppressWarnings("squid:RedundantThrowsDeclarationCheck")
1632 private void checkForFailure(Dependency[] dependencies) throws BuildException {
1633 final StringBuilder ids = new StringBuilder();
1634 for (Dependency d : dependencies) {
1635 boolean addName = true;
1636 for (Vulnerability v : d.getVulnerabilities()) {
1637 final double cvssV2 = v.getCvssV2() != null && v.getCvssV2().getCvssData() != null
1638 && v.getCvssV2().getCvssData().getBaseScore() != null ? v.getCvssV2().getCvssData().getBaseScore() : -1;
1639 final double cvssV3 = v.getCvssV3() != null && v.getCvssV3().getCvssData() != null
1640 && v.getCvssV3().getCvssData().getBaseScore() != null ? v.getCvssV3().getCvssData().getBaseScore() : -1;
1641 final double cvssV4 = v.getCvssV4() != null && v.getCvssV4().getCvssData() != null
1642 && v.getCvssV4().getCvssData().getBaseScore() != null ? v.getCvssV4().getCvssData().getBaseScore() : -1;
1643 final boolean useUnscored = cvssV2 == -1 && cvssV3 == -1 && cvssV4 == -1;
1644 final double unscoredCvss =
1645 useUnscored && v.getUnscoredSeverity() != null ? SeverityUtil.estimateCvssV2(v.getUnscoredSeverity()) : -1;
1646
1647 if (cvssV2 >= failBuildOnCVSS
1648 || cvssV3 >= failBuildOnCVSS
1649 || cvssV4 >= failBuildOnCVSS
1650 || unscoredCvss >= failBuildOnCVSS
1651
1652 || failBuildOnCVSS <= 0.0f
1653 ) {
1654 if (addName) {
1655 addName = false;
1656 ids.append(NEW_LINE).append(d.getFileName()).append(" (")
1657 .append(Stream.concat(d.getSoftwareIdentifiers().stream(), d.getVulnerableSoftwareIdentifiers().stream())
1658 .map(Identifier::getValue)
1659 .collect(Collectors.joining(", ")))
1660 .append("): ")
1661 .append(v.getName());
1662 } else {
1663 ids.append(", ").append(v.getName());
1664 }
1665 }
1666 }
1667 }
1668 if (ids.length() > 0) {
1669 final String msg;
1670 if (showSummary) {
1671 msg = String.format("%n%nDependency-Check Failure:%n"
1672 + "One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '%.1f': %s%n"
1673 + "See the dependency-check report for more details.%n%n", failBuildOnCVSS, ids);
1674 } else {
1675 msg = String.format("%n%nDependency-Check Failure:%n"
1676 + "One or more dependencies were identified with vulnerabilities.%n%n"
1677 + "See the dependency-check report for more details.%n%n");
1678 }
1679 throw new BuildException(msg);
1680 }
1681 }
1682
1683
1684
1685
1686
1687 public static class ReportFormats extends EnumeratedAttribute {
1688
1689
1690
1691
1692
1693
1694 @Override
1695 public String[] getValues() {
1696 int i = 0;
1697 final Format[] formats = Format.values();
1698 final String[] values = new String[formats.length];
1699 for (Format format : formats) {
1700 values[i++] = format.name();
1701 }
1702 return values;
1703 }
1704 }
1705
1706
1707
1708
1709
1710
1711 public static class ReportFormat {
1712
1713
1714
1715
1716 private ReportFormats format;
1717
1718
1719
1720
1721
1722
1723 public String getFormat() {
1724 return this.format.getValue();
1725 }
1726
1727
1728
1729
1730
1731
1732
1733
1734 public void setFormat(final String format) {
1735 this.format = (ReportFormats) EnumeratedAttribute.getInstance(ReportFormats.class, format);
1736 }
1737 }
1738 }
1739