View Javadoc
1   /*
2    * This file is part of dependency-check-maven.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.maven;
19  
20  import java.util.Locale;
21  import org.apache.maven.plugin.MojoExecutionException;
22  import org.apache.maven.plugin.MojoFailureException;
23  import org.apache.maven.plugins.annotations.LifecyclePhase;
24  import org.apache.maven.plugins.annotations.Mojo;
25  import org.apache.maven.plugins.annotations.ResolutionScope;
26  import org.owasp.dependencycheck.Engine;
27  import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
28  import org.owasp.dependencycheck.data.update.exception.UpdateException;
29  import org.owasp.dependencycheck.exception.ExceptionCollection;
30  import org.owasp.dependencycheck.utils.InvalidSettingException;
31  import org.owasp.dependencycheck.utils.Settings;
32  
33  /**
34   * Maven Plugin that updates the local cache of the NVD data from NIST.
35   *
36   * @author Jeremy Long
37   */
38  @Mojo(
39          name = "update-only",
40          requiresProject = false,
41          defaultPhase = LifecyclePhase.GENERATE_RESOURCES,
42          threadSafe = true,
43          requiresDependencyResolution = ResolutionScope.NONE,
44          requiresOnline = true,
45          aggregator = true
46  )
47  public class UpdateMojo extends BaseDependencyCheckMojo {
48  
49      /**
50       * Returns false; this mojo cannot generate a report.
51       *
52       * @return <code>false</code>
53       */
54      @Override
55      public boolean canGenerateReport() {
56          return false;
57      }
58  
59      /**
60       * Executes the dependency-check engine on the project's dependencies and
61       * generates the report.
62       *
63       * @throws MojoExecutionException thrown if there is an exception executing
64       * the goal
65       * @throws MojoFailureException thrown if dependency-check is configured to
66       * fail the build
67       */
68      @Override
69      protected void runCheck() throws MojoExecutionException, MojoFailureException {
70          muteNoisyLoggers();
71          try (Engine engine = initializeEngine()) {
72              try {
73                  if (!engine.getSettings().getBoolean(Settings.KEYS.AUTO_UPDATE)) {
74                      engine.getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, true);
75                  }
76              } catch (InvalidSettingException ex) {
77                  engine.getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, true);
78              }
79              engine.doUpdates();
80          } catch (DatabaseException ex) {
81              if (getLog().isDebugEnabled()) {
82                  getLog().debug("Database connection error", ex);
83              }
84              final String msg = "An exception occurred connecting to the local database. Please see the log file for more details.";
85              if (this.isFailOnError()) {
86                  throw new MojoExecutionException(msg, ex);
87              }
88              getLog().error(msg);
89          } catch (UpdateException ex) {
90              final String msg = "An exception occurred while downloading updates. Please see the log file for more details.";
91              if (this.isFailOnError()) {
92                  throw new MojoExecutionException(msg, ex);
93              }
94              getLog().error(msg);
95          } finally {
96              getSettings().cleanup();
97          }
98      }
99  
100     /**
101      * Returns the report name.
102      *
103      * @param locale the location
104      * @return the report name
105      */
106     @Override
107     public String getName(Locale locale) {
108         return "dependency-check-update";
109     }
110 
111     /**
112      * Gets the description of the Dependency-Check report to be displayed in
113      * the Maven Generated Reports page.
114      *
115      * @param locale The Locale to get the description for
116      * @return the description
117      */
118     @Override
119     public String getDescription(Locale locale) {
120         return "Updates the local cache of the NVD data from NIST.";
121     }
122 
123     /**
124      * Throws an exception if called. The update mojo does not scan
125      * dependencies.
126      *
127      * @param engine the engine used to scan
128      * @return a collection of exceptions
129      * @throws MojoExecutionException thrown if there is an exception
130      */
131     @Override
132     protected ExceptionCollection scanDependencies(Engine engine) throws MojoExecutionException {
133         throw new UnsupportedOperationException("Operation not supported");
134     }
135 
136     /**
137      * Throws an exception if called. The purge mojo does not scan dependencies.
138      *
139      * @param engine the engine used to scan
140      * @param exCollection the collection of exceptions that might have occurred
141      * previously
142      * @return a collection of exceptions
143      * @throws MojoExecutionException thrown if there is an exception
144      */
145     @Override
146     protected ExceptionCollection scanPlugins(final Engine engine, final ExceptionCollection exCollection) throws MojoExecutionException {
147         throw new UnsupportedOperationException("Operation not supported");
148     }
149 }