View Javadoc
1   /*
2    * This file is part of dependency-check-ant.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.taskdefs;
19  
20  import org.apache.tools.ant.BuildException;
21  import org.apache.tools.ant.Project;
22  import org.apache.tools.ant.types.EnumeratedAttribute;
23  import org.apache.tools.ant.types.Reference;
24  import org.apache.tools.ant.types.Resource;
25  import org.apache.tools.ant.types.ResourceCollection;
26  import org.apache.tools.ant.types.resources.FileProvider;
27  import org.apache.tools.ant.types.resources.Resources;
28  import org.owasp.dependencycheck.Engine;
29  import org.owasp.dependencycheck.agent.DependencyCheckScanAgent;
30  import org.owasp.dependencycheck.ant.logging.AntTaskHolder;
31  import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
32  import org.owasp.dependencycheck.dependency.Dependency;
33  import org.owasp.dependencycheck.dependency.Vulnerability;
34  import org.owasp.dependencycheck.dependency.naming.Identifier;
35  import org.owasp.dependencycheck.exception.ExceptionCollection;
36  import org.owasp.dependencycheck.exception.ReportException;
37  import org.owasp.dependencycheck.reporting.ReportGenerator.Format;
38  import org.owasp.dependencycheck.utils.Downloader;
39  import org.owasp.dependencycheck.utils.InvalidSettingException;
40  import org.owasp.dependencycheck.utils.Settings;
41  import org.owasp.dependencycheck.utils.SeverityUtil;
42  import org.owasp.dependencycheck.utils.scarf.TelemetryCollector;
43  
44  import javax.annotation.concurrent.NotThreadSafe;
45  import java.io.File;
46  import java.util.ArrayList;
47  import java.util.List;
48  import java.util.stream.Collectors;
49  import java.util.stream.Stream;
50  
51  //CSOFF: MethodCount
52  /**
53   * An Ant task definition to execute dependency-check during an Ant build.
54   *
55   * @author Jeremy Long
56   */
57  @NotThreadSafe
58  public class Check extends Update {
59  
60      /**
61       * System specific new line character.
62       */
63      private static final String NEW_LINE = System.getProperty("line.separator", "\n").intern();
64  
65      /**
66       * Whether the ruby gemspec analyzer should be enabled.
67       */
68      private Boolean rubygemsAnalyzerEnabled;
69      /**
70       * Whether or not the Node Package Analyzer is enabled.
71       */
72      private Boolean nodeAnalyzerEnabled;
73      /**
74       * Whether or not the Node Audit Analyzer is enabled.
75       */
76      private Boolean nodeAuditAnalyzerEnabled;
77      /**
78       * Whether or not the Yarn Audit Analyzer is enabled.
79       */
80      private Boolean yarnAuditAnalyzerEnabled;
81      /**
82       * Whether or not the Pnpm Audit Analyzer is enabled.
83       */
84      private Boolean pnpmAuditAnalyzerEnabled;
85      /**
86       * Sets whether or not the Node Audit Analyzer should use a local cache.
87       */
88      private Boolean nodeAuditAnalyzerUseCache;
89      /**
90       * Sets whether or not the Node Package Analyzer should skip dev
91       * dependencies.
92       */
93      private Boolean nodePackageSkipDevDependencies;
94      /**
95       * Sets whether or not the Node Audit Analyzer should use a local cache.
96       */
97      private Boolean nodeAuditSkipDevDependencies;
98      /**
99       * The list of filters (regular expressions) used by the RetireJS Analyzer
100      * to exclude files that contain matching content..
101      */
102     @SuppressWarnings("CanBeFinal")
103     private final List<String> retireJsFilters = new ArrayList<>();
104     /**
105      * Whether or not the RetireJS Analyzer filters non-vulnerable JS files from
106      * the report; default is false.
107      */
108     private Boolean retireJsFilterNonVulnerable;
109     /**
110      * Whether or not the Ruby Bundle Audit Analyzer is enabled.
111      */
112     private Boolean bundleAuditAnalyzerEnabled;
113     /**
114      * Whether the CMake analyzer should be enabled.
115      */
116     private Boolean cmakeAnalyzerEnabled;
117     /**
118      * Whether or not the Open SSL analyzer is enabled.
119      */
120     private Boolean opensslAnalyzerEnabled;
121     /**
122      * Whether the python package analyzer should be enabled.
123      */
124     private Boolean pyPackageAnalyzerEnabled;
125     /**
126      * Whether the python distribution analyzer should be enabled.
127      */
128     private Boolean pyDistributionAnalyzerEnabled;
129     /**
130      * Whether or not the mix audit analyzer is enabled.
131      */
132     private Boolean mixAuditAnalyzerEnabled;
133     /**
134      * Whether or not the central analyzer is enabled.
135      */
136     private Boolean centralAnalyzerEnabled;
137     /**
138      * Whether or not the Central Analyzer should use a local cache.
139      */
140     private Boolean centralAnalyzerUseCache;
141     /**
142      * Whether or not the nexus analyzer is enabled.
143      */
144     private Boolean nexusAnalyzerEnabled;
145     /**
146      * The URL of a Nexus server's REST API end point
147      * (http://domain/nexus/service/local).
148      */
149     private String nexusUrl;
150     /**
151      * The username to authenticate to the Nexus Server's REST API Endpoint.
152      */
153     private String nexusUser;
154     /**
155      * The password to authenticate to the Nexus Server's REST API Endpoint.
156      */
157     private String nexusPassword;
158     /**
159      * Whether or not the defined proxy should be used when connecting to Nexus.
160      */
161     private Boolean nexusUsesProxy;
162 
163     /**
164      * Sets whether the Golang Dependency analyzer is enabled. Default is true.
165      */
166     private Boolean golangDepEnabled;
167     /**
168      * Sets whether Golang Module Analyzer is enabled; this requires `go` to be
169      * installed. Default is true.
170      */
171     private Boolean golangModEnabled;
172     /**
173      * Sets the path to `go`.
174      */
175     private String pathToGo;
176     /**
177      * Sets whether the Dart analyzer is enabled. Default is true.
178      */
179     private Boolean dartAnalyzerEnabled;
180     /**
181      * The path to `yarn`.
182      */
183     private String pathToYarn;
184     /**
185      * The path to `pnpm`.
186      */
187     private String pathToPnpm;
188     /**
189      * Additional ZIP File extensions to add analyze. This should be a
190      * comma-separated list of file extensions to treat like ZIP files.
191      */
192     private String zipExtensions;
193     /**
194      * The path to dotnet core for .NET assembly analysis.
195      */
196     private String pathToCore;
197     /**
198      * The name of the project being analyzed.
199      */
200     private String projectName = "dependency-check";
201     /**
202      * Specifies the destination directory for the generated Dependency-Check
203      * report.
204      */
205     private String reportOutputDirectory;
206     /**
207      * If using the JUNIT report format the junitFailOnCVSS sets the CVSS score
208      * threshold that is considered a failure. The default is 0.
209      */
210     private float junitFailOnCVSS = 0;
211     /**
212      * Specifies if the build should be failed if a CVSS score above a specified
213      * level is identified. The default is 11 which means since the CVSS scores
214      * are 0-10, by default the build will never fail and the CVSS score is set
215      * to 11. The valid range for the fail build on CVSS is 0 to 11, where
216      * anything above 10 will not cause the build to fail.
217      */
218     private float failBuildOnCVSS = 11;
219     /**
220      * Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not
221      * recommended that this be turned to false. Default is true.
222      */
223     private Boolean autoUpdate;
224     /**
225      * The report format to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF,
226      * JENKINS, GITLAB, ALL). Default is HTML.
227      */
228     private String reportFormat = "HTML";
229     /**
230      * The report format to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF,
231      * JENKINS, GITLAB, ALL). Default is HTML.
232      */
233     private final List<String> reportFormats = new ArrayList<>();
234     /**
235      * Whether the JSON and XML reports should be pretty printed; the default is
236      * false.
237      */
238     private Boolean prettyPrint = null;
239 
240     /**
241      * Suppression file paths.
242      */
243     @SuppressWarnings("CanBeFinal")
244     private final List<String> suppressionFiles = new ArrayList<>();
245 
246     /**
247      * The path to the suppression file.
248      */
249     private String hintsFile;
250     /**
251      * flag indicating whether or not to show a summary of findings.
252      */
253     private boolean showSummary = true;
254     /**
255      * Whether experimental analyzers are enabled.
256      */
257     private Boolean enableExperimental;
258     /**
259      * Whether retired analyzers are enabled.
260      */
261     private Boolean enableRetired;
262     /**
263      * Whether or not the Jar Analyzer is enabled.
264      */
265     private Boolean jarAnalyzerEnabled;
266     /**
267      * Whether or not the Archive Analyzer is enabled.
268      */
269     private Boolean archiveAnalyzerEnabled;
270     /**
271      * Whether or not the .NET Nuspec Analyzer is enabled.
272      */
273     private Boolean nuspecAnalyzerEnabled;
274     /**
275      * Whether or not the .NET Nuget packages.config file Analyzer is enabled.
276      */
277     private Boolean nugetconfAnalyzerEnabled;
278     /**
279      * Whether or not the Libman Analyzer is enabled.
280      */
281     private Boolean libmanAnalyzerEnabled;
282     /**
283      * Whether or not the PHP Composer Analyzer is enabled.
284      */
285     private Boolean composerAnalyzerEnabled;
286     /**
287      * Whether or not the PHP Composer Analyzer will skip "packages-dev".
288      */
289     private Boolean composerAnalyzerSkipDev;
290     /**
291      * Whether or not the Perl CPAN File Analyzer is enabled.
292      */
293     private Boolean cpanfileAnalyzerEnabled;
294 
295     /**
296      * Whether or not the .NET Assembly Analyzer is enabled.
297      */
298     private Boolean assemblyAnalyzerEnabled;
299     /**
300      * Whether or not the MS Build Assembly Analyzer is enabled.
301      */
302     private Boolean msbuildAnalyzerEnabled;
303     /**
304      * Whether the autoconf analyzer should be enabled.
305      */
306     private Boolean autoconfAnalyzerEnabled;
307     /**
308      * Whether the pip analyzer should be enabled.
309      */
310     private Boolean pipAnalyzerEnabled;
311     /**
312      * Whether the Maven install.json analyzer should be enabled.
313      */
314     private Boolean mavenInstallAnalyzerEnabled;
315     /**
316      * Whether the pipfile analyzer should be enabled.
317      */
318     private Boolean pipfileAnalyzerEnabled;
319     /**
320      * Whether the Poetry analyzer should be enabled.
321      */
322     private Boolean poetryAnalyzerEnabled;
323     /**
324      * Sets the path for the mix_audit binary.
325      */
326     private String mixAuditPath;
327     /**
328      * Sets the path for the bundle-audit binary.
329      */
330     private String bundleAuditPath;
331     /**
332      * Sets the path for the working directory that the bundle-audit binary
333      * should be executed from.
334      */
335     private String bundleAuditWorkingDirectory;
336     /**
337      * Whether or not the CocoaPods Analyzer is enabled.
338      */
339     private Boolean cocoapodsAnalyzerEnabled;
340     /**
341      * Whether or not the Carthage Analyzer is enabled.
342      */
343     private Boolean carthageAnalyzerEnabled;
344 
345     /**
346      * Whether or not the Swift package Analyzer is enabled.
347      */
348     private Boolean swiftPackageManagerAnalyzerEnabled;
349     /**
350      * Whether or not the Swift package Analyzer is enabled.
351      */
352     private Boolean swiftPackageResolvedAnalyzerEnabled;
353 
354     /**
355      * Whether or not the Sonatype OSS Index analyzer is enabled.
356      */
357     private Boolean ossIndexAnalyzerEnabled;
358     /**
359      * Whether or not the Sonatype OSS Index analyzer should cache results.
360      */
361     private Boolean ossIndexAnalyzerUseCache;
362     /**
363      * The number of hours to wait before checking for new updates on individual packages/components from Sonatype OSS Index.
364      */
365     private Integer ossIndexAnalyzerCacheValidForHours;
366     /**
367      * URL of the Sonatype OSS Index service.
368      */
369     private String ossIndexAnalyzerUrl;
370     /**
371      * The username to use for the Sonatype OSS Index service.
372      */
373     private String ossIndexAnalyzerUsername;
374     /**
375      * The password to use for the Sonatype OSS Index service.
376      */
377     private String ossIndexAnalyzerPassword;
378     /**
379      * Whether we should only warn about Sonatype OSS Index remote errors
380      * instead of failing completely.
381      */
382     private Boolean ossIndexAnalyzerWarnOnlyOnRemoteErrors;
383 
384     /**
385      * Whether or not the Artifactory Analyzer is enabled.
386      */
387     private Boolean artifactoryAnalyzerEnabled;
388     /**
389      * The URL to Artifactory.
390      */
391     private String artifactoryAnalyzerUrl;
392     /**
393      * Whether or not Artifactory analysis should use the proxy..
394      */
395     private Boolean artifactoryAnalyzerUseProxy;
396     /**
397      * Whether or not Artifactory analysis should be parallelized.
398      */
399     private Boolean artifactoryAnalyzerParallelAnalysis;
400     /**
401      * The Artifactory username needed to connect.
402      */
403     private String artifactoryAnalyzerUsername;
404     /**
405      * The Artifactory API token needed to connect.
406      */
407     private String artifactoryAnalyzerApiToken;
408     /**
409      * The Artifactory bearer token.
410      */
411     private String artifactoryAnalyzerBearerToken;
412     /**
413      * Whether the version check is enabled
414      */
415     private Boolean versionCheckEnabled;
416 
417     /**
418      * whether an unused suppression rule should get force the build to fail
419      */
420     private boolean failBuildOnUnusedSuppressionRule = false;
421 
422     /**
423      * The username to download user-authored suppression files from an HTTP Basic auth protected location.
424      */
425     private String suppressionFileUser;
426     /**
427      * The password to download user-authored suppression files from an HTTP Basic auth protected location.
428      */
429     private String suppressionFilePassword;
430     /**
431      * The token to download user-authored suppression files from an HTTP Bearer auth protected location.
432      */
433     private String suppressionFileBearerToken;
434 
435     //region Code copied from org.apache.tools.ant.taskdefs.PathConvert
436     //The following code was copied Apache Ant PathConvert
437     /**
438      * Path to be converted
439      */
440     private Resources path = null;
441     /**
442      * Reference to path/file set to convert
443      */
444     private Reference refId = null;
445 
446     /**
447      * Add an arbitrary ResourceCollection.
448      *
449      * @param rc the ResourceCollection to add.
450      * @since Ant 1.7
451      */
452     public void add(ResourceCollection rc) {
453         if (isReference()) {
454             throw new BuildException("Nested elements are not allowed when using the refId attribute.");
455         }
456         getPath().add(rc);
457     }
458 
459     /**
460      * Returns the path. If the path has not been initialized yet, this class is
461      * synchronized, and will instantiate the path object.
462      *
463      * @return the path
464      */
465     private synchronized Resources getPath() {
466         if (path == null) {
467             path = new Resources(getProject());
468             path.setCache(true);
469         }
470         return path;
471     }
472 
473     /**
474      * Learn whether the refId attribute of this element been set.
475      *
476      * @return true if refId is valid.
477      */
478     public boolean isReference() {
479         return refId != null;
480     }
481 
482     /**
483      * Add a reference to a Path, FileSet, DirSet, or FileList defined
484      * elsewhere.
485      *
486      * @param r the reference to a path, fileset, dirset or filelist.
487      */
488     public synchronized void setRefId(Reference r) {
489         if (path != null) {
490             throw new BuildException("Nested elements are not allowed when using the refId attribute.");
491         }
492         refId = r;
493     }
494 
495     /**
496      * If this is a reference, this method will add the referenced resource
497      * collection to the collection of paths.
498      *
499      * @throws BuildException if the reference is not to a resource collection
500      */
501     //declaring a throw that extends runtime exception may be a bad practice
502     //but seems to be an ingrained practice within Ant as even the base `Task`
503     //contains an `execute() throws BuildExecption`.
504     @SuppressWarnings("squid:RedundantThrowsDeclarationCheck")
505     private void dealWithReferences() throws BuildException {
506         if (isReference()) {
507             final Object o = refId.getReferencedObject(getProject());
508             if (!(o instanceof ResourceCollection)) {
509                 throw new BuildException("refId '" + refId.getRefId()
510                         + "' does not refer to a resource collection.");
511             }
512             getPath().add((ResourceCollection) o);
513         }
514     }
515     //endregion COPIED from org.apache.tools.ant.taskdefs
516 
517     /**
518      * Construct a new DependencyCheckTask.
519      */
520     public Check() {
521         super();
522         // Call this before Dependency Check Core starts logging anything - this way, all SLF4J messages from
523         // core end up coming through this tasks logger
524         AntTaskHolder.setTask(this);
525     }
526 
527     /**
528      * Add a suppression file.
529      * <p>
530      * This is called by Ant with the configured {@link SuppressionFile}.
531      *
532      * @param suppressionFile the suppression file to add.
533      */
534     public void addConfiguredSuppressionFile(final SuppressionFile suppressionFile) {
535         suppressionFiles.add(resolveRelative(suppressionFile.getPath()));
536     }
537 
538     /**
539      * Add a report format.
540      * <p>
541      * This is called by Ant with the configured {@link ReportFormat}.
542      *
543      * @param reportFormat the reportFormat to add.
544      */
545     public void addConfiguredReportFormat(final ReportFormat reportFormat) {
546         reportFormats.add(reportFormat.getFormat());
547     }
548 
549     /**
550      * Sets whether the version check is enabled.
551      *
552      * @param versionCheckEnabled a Boolean indicating if the version check is
553      * enabled.
554      */
555     public void setVersionCheckEnabled(Boolean versionCheckEnabled) {
556         this.versionCheckEnabled = versionCheckEnabled;
557     }
558 
559     /**
560      * Get the value of projectName.
561      *
562      * @return the value of projectName
563      */
564     public String getProjectName() {
565         if (projectName == null) {
566             projectName = "";
567         }
568         return projectName;
569     }
570 
571     /**
572      * Set the value of projectName.
573      *
574      * @param projectName new value of projectName
575      */
576     public void setProjectName(String projectName) {
577         this.projectName = projectName;
578     }
579 
580     private String resolveRelative(String path) {
581         if (path == null) {
582             return null;
583         }
584 
585         File file = new File(path);
586         if (file.isAbsolute()) {
587             return path;
588         }
589 
590         return new File(getProject().getBaseDir(), path).getPath();
591     }
592 
593     /**
594      * Set the value of reportOutputDirectory.
595      *
596      * @param reportOutputDirectory new value of reportOutputDirectory
597      */
598     public void setReportOutputDirectory(String reportOutputDirectory) {
599         this.reportOutputDirectory = resolveRelative(reportOutputDirectory);
600     }
601 
602     /**
603      * Set the value of failBuildOnCVSS.
604      *
605      * @param failBuildOnCVSS new value of failBuildOnCVSS
606      */
607     public void setFailBuildOnCVSS(float failBuildOnCVSS) {
608         this.failBuildOnCVSS = failBuildOnCVSS;
609     }
610 
611     /**
612      * Set the value of junitFailOnCVSS.
613      *
614      * @param junitFailOnCVSS new value of junitFailOnCVSS
615      */
616     public void setJunitFailOnCVSS(float junitFailOnCVSS) {
617         this.junitFailOnCVSS = junitFailOnCVSS;
618     }
619 
620     /**
621      * Set the value of autoUpdate.
622      *
623      * @param autoUpdate new value of autoUpdate
624      */
625     public void setAutoUpdate(Boolean autoUpdate) {
626         this.autoUpdate = autoUpdate;
627     }
628 
629     /**
630      * Set the value of prettyPrint.
631      *
632      * @param prettyPrint new value of prettyPrint
633      */
634     public void setPrettyPrint(boolean prettyPrint) {
635         this.prettyPrint = prettyPrint;
636     }
637 
638     /**
639      * Set the value of reportFormat.
640      *
641      * @param reportFormat new value of reportFormat
642      */
643     public void setReportFormat(ReportFormats reportFormat) {
644         this.reportFormat = reportFormat.getValue();
645         this.reportFormats.add(this.reportFormat);
646     }
647 
648     /**
649      * Get the value of reportFormats.
650      *
651      * @return the value of reportFormats
652      */
653     public List<String> getReportFormats() {
654         if (reportFormats.isEmpty()) {
655             this.reportFormats.add(this.reportFormat);
656         }
657         return this.reportFormats;
658     }
659 
660     /**
661      * Set the value of suppressionFile.
662      *
663      * @param suppressionFile new value of suppressionFile
664      */
665     public void setSuppressionFile(String suppressionFile) {
666         suppressionFiles.add(resolveRelative(suppressionFile));
667     }
668 
669     /**
670      * Sets the username to download user-authored suppression files from an HTTP Basic auth protected location.
671      *
672      * @param suppressionFileUser The username
673      */
674     public void setSuppressionFileUser(String suppressionFileUser) {
675         this.suppressionFileUser = suppressionFileUser;
676     }
677 
678     /**
679      * Sets the password/token to download user-authored suppression files from an HTTP Basic auth protected location.
680      *
681      * @param suppressionFilePassword The password/token
682      */
683     public void setSuppressionFilePassword(String suppressionFilePassword) {
684         this.suppressionFilePassword = suppressionFilePassword;
685     }
686 
687     /**
688      * Sets the token to download user-authored suppression files from an HTTP Bearer auth protected location.
689      *
690      * @param suppressionFileBearerToken The token
691      */
692     public void setSuppressionFileBearerToken(String suppressionFileBearerToken) {
693         this.suppressionFileBearerToken = suppressionFileBearerToken;
694     }
695 
696     /**
697      * Set the value of hintsFile.
698      *
699      * @param hintsFile new value of hintsFile
700      */
701     public void setHintsFile(String hintsFile) {
702         this.hintsFile = hintsFile;
703     }
704 
705     /**
706      * Set the value of showSummary.
707      *
708      * @param showSummary new value of showSummary
709      */
710     public void setShowSummary(boolean showSummary) {
711         this.showSummary = showSummary;
712     }
713 
714     /**
715      * Set the value of enableExperimental.
716      *
717      * @param enableExperimental new value of enableExperimental
718      */
719     public void setEnableExperimental(Boolean enableExperimental) {
720         this.enableExperimental = enableExperimental;
721     }
722 
723     /**
724      * Set the value of enableRetired.
725      *
726      * @param enableRetired new value of enableRetired
727      */
728     public void setEnableRetired(Boolean enableRetired) {
729         this.enableRetired = enableRetired;
730     }
731 
732     /**
733      * Sets whether or not the analyzer is enabled.
734      *
735      * @param jarAnalyzerEnabled the value of the new setting
736      */
737     public void setJarAnalyzerEnabled(Boolean jarAnalyzerEnabled) {
738         this.jarAnalyzerEnabled = jarAnalyzerEnabled;
739     }
740 
741     /**
742      * Sets whether the analyzer is enabled.
743      *
744      * @param archiveAnalyzerEnabled the value of the new setting
745      */
746     public void setArchiveAnalyzerEnabled(Boolean archiveAnalyzerEnabled) {
747         this.archiveAnalyzerEnabled = archiveAnalyzerEnabled;
748     }
749 
750     /**
751      * Sets whether or not the analyzer is enabled.
752      *
753      * @param assemblyAnalyzerEnabled the value of the new setting
754      */
755     public void setAssemblyAnalyzerEnabled(Boolean assemblyAnalyzerEnabled) {
756         this.assemblyAnalyzerEnabled = assemblyAnalyzerEnabled;
757     }
758 
759     /**
760      * Sets whether or not the analyzer is enabled.
761      *
762      * @param msbuildAnalyzerEnabled the value of the new setting
763      */
764     public void setMSBuildAnalyzerEnabled(Boolean msbuildAnalyzerEnabled) {
765         this.msbuildAnalyzerEnabled = msbuildAnalyzerEnabled;
766     }
767 
768     /**
769      * Sets whether or not the analyzer is enabled.
770      *
771      * @param nuspecAnalyzerEnabled the value of the new setting
772      */
773     public void setNuspecAnalyzerEnabled(Boolean nuspecAnalyzerEnabled) {
774         this.nuspecAnalyzerEnabled = nuspecAnalyzerEnabled;
775     }
776 
777     /**
778      * Sets whether or not the analyzer is enabled.
779      *
780      * @param nugetconfAnalyzerEnabled the value of the new setting
781      */
782     public void setNugetconfAnalyzerEnabled(Boolean nugetconfAnalyzerEnabled) {
783         this.nugetconfAnalyzerEnabled = nugetconfAnalyzerEnabled;
784     }
785 
786     /**
787      * Sets whether or not the analyzer is enabled.
788      *
789      * @param libmanAnalyzerEnabled the value of the new setting
790      */
791     public void setLibmanAnalyzerEnabled(Boolean libmanAnalyzerEnabled) {
792         this.libmanAnalyzerEnabled = libmanAnalyzerEnabled;
793     }
794 
795     /**
796      * Set the value of composerAnalyzerEnabled.
797      *
798      * @param composerAnalyzerEnabled new value of composerAnalyzerEnabled
799      */
800     public void setComposerAnalyzerEnabled(Boolean composerAnalyzerEnabled) {
801         this.composerAnalyzerEnabled = composerAnalyzerEnabled;
802     }
803 
804     /**
805      * Set the value of composerAnalyzerSkipDev.
806      *
807      * @param composerAnalyzerSkipDev new value of composerAnalyzerSkipDev
808      */
809     public void setComposerAnalyzerSkipDev(Boolean composerAnalyzerSkipDev) {
810         this.composerAnalyzerSkipDev = composerAnalyzerSkipDev;
811     }
812 
813     /**
814      * Set the value of cpanfileAnalyzerEnabled.
815      *
816      * @param cpanfileAnalyzerEnabled new value of cpanfileAnalyzerEnabled
817      */
818     public void setCpanfileAnalyzerEnabled(Boolean cpanfileAnalyzerEnabled) {
819         this.cpanfileAnalyzerEnabled = cpanfileAnalyzerEnabled;
820     }
821 
822     /**
823      * Set the value of autoconfAnalyzerEnabled.
824      *
825      * @param autoconfAnalyzerEnabled new value of autoconfAnalyzerEnabled
826      */
827     public void setAutoconfAnalyzerEnabled(Boolean autoconfAnalyzerEnabled) {
828         this.autoconfAnalyzerEnabled = autoconfAnalyzerEnabled;
829     }
830 
831     /**
832      * Set the value of pipAnalyzerEnabled.
833      *
834      * @param pipAnalyzerEnabled new value of pipAnalyzerEnabled
835      */
836     public void setPipAnalyzerEnabled(Boolean pipAnalyzerEnabled) {
837         this.pipAnalyzerEnabled = pipAnalyzerEnabled;
838     }
839 
840     /**
841      * Set the value of pipfileAnalyzerEnabled.
842      *
843      * @param pipfileAnalyzerEnabled new value of pipfileAnalyzerEnabled
844      */
845     public void setPipfileAnalyzerEnabled(Boolean pipfileAnalyzerEnabled) {
846         this.pipfileAnalyzerEnabled = pipfileAnalyzerEnabled;
847     }
848 
849     /**
850      * Set the value of poetryAnalyzerEnabled.
851      *
852      * @param poetryAnalyzerEnabled new value of poetryAnalyzerEnabled
853      */
854     public void setPoetryAnalyzerEnabled(Boolean poetryAnalyzerEnabled) {
855         this.poetryAnalyzerEnabled = poetryAnalyzerEnabled;
856     }
857 
858     /**
859      * Sets if the Bundle Audit Analyzer is enabled.
860      *
861      * @param bundleAuditAnalyzerEnabled whether or not the analyzer should be
862      * enabled
863      */
864     public void setBundleAuditAnalyzerEnabled(Boolean bundleAuditAnalyzerEnabled) {
865         this.bundleAuditAnalyzerEnabled = bundleAuditAnalyzerEnabled;
866     }
867 
868     /**
869      * Sets the path to the bundle audit executable.
870      *
871      * @param bundleAuditPath the path to the bundle audit executable
872      */
873     public void setBundleAuditPath(String bundleAuditPath) {
874         this.bundleAuditPath = bundleAuditPath;
875     }
876 
877     /**
878      * Sets the path to the working directory that the bundle audit executable
879      * should be executed from.
880      *
881      * @param bundleAuditWorkingDirectory the path to the working directory that
882      * the bundle audit executable should be executed from.
883      */
884     public void setBundleAuditWorkingDirectory(String bundleAuditWorkingDirectory) {
885         this.bundleAuditWorkingDirectory = bundleAuditWorkingDirectory;
886     }
887 
888     /**
889      * Sets whether or not the cocoapods analyzer is enabled.
890      *
891      * @param cocoapodsAnalyzerEnabled the state of the cocoapods analyzer
892      */
893     public void setCocoapodsAnalyzerEnabled(Boolean cocoapodsAnalyzerEnabled) {
894         this.cocoapodsAnalyzerEnabled = cocoapodsAnalyzerEnabled;
895     }
896 
897     /**
898      * Sets whether or not the Carthage analyzer is enabled.
899      *
900      * @param carthageAnalyzerEnabled the state of the Carthage analyzer
901      */
902     public void setCarthageAnalyzerEnabled(Boolean carthageAnalyzerEnabled) {
903         this.carthageAnalyzerEnabled = carthageAnalyzerEnabled;
904     }
905 
906     /**
907      * Sets the enabled state of the swift package manager analyzer.
908      *
909      * @param swiftPackageManagerAnalyzerEnabled the enabled state of the swift
910      * package manager
911      */
912     public void setSwiftPackageManagerAnalyzerEnabled(Boolean swiftPackageManagerAnalyzerEnabled) {
913         this.swiftPackageManagerAnalyzerEnabled = swiftPackageManagerAnalyzerEnabled;
914     }
915 
916     /**
917      * Sets the enabled state of the swift package manager analyzer.
918      *
919      * @param swiftPackageResolvedAnalyzerEnabled the enabled state of the swift
920      * package resolved analyzer
921      */
922     public void setSwiftPackageResolvedAnalyzerEnabled(Boolean swiftPackageResolvedAnalyzerEnabled) {
923         this.swiftPackageResolvedAnalyzerEnabled = swiftPackageResolvedAnalyzerEnabled;
924     }
925 
926     /**
927      * Set the value of opensslAnalyzerEnabled.
928      *
929      * @param opensslAnalyzerEnabled new value of opensslAnalyzerEnabled
930      */
931     public void setOpensslAnalyzerEnabled(Boolean opensslAnalyzerEnabled) {
932         this.opensslAnalyzerEnabled = opensslAnalyzerEnabled;
933     }
934 
935     /**
936      * Set the value of nodeAnalyzerEnabled.
937      *
938      * @param nodeAnalyzerEnabled new value of nodeAnalyzerEnabled
939      */
940     public void setNodeAnalyzerEnabled(Boolean nodeAnalyzerEnabled) {
941         this.nodeAnalyzerEnabled = nodeAnalyzerEnabled;
942     }
943 
944     /**
945      * Set the value of nodeAuditAnalyzerEnabled.
946      *
947      * @param nodeAuditAnalyzerEnabled new value of nodeAuditAnalyzerEnabled
948      */
949     public void setNodeAuditAnalyzerEnabled(Boolean nodeAuditAnalyzerEnabled) {
950         this.nodeAuditAnalyzerEnabled = nodeAuditAnalyzerEnabled;
951     }
952 
953     /**
954      * Set the value of yarnAuditAnalyzerEnabled.
955      *
956      * @param yarnAuditAnalyzerEnabled new value of yarnAuditAnalyzerEnabled
957      */
958     public void setYarnAuditAnalyzerEnabled(Boolean yarnAuditAnalyzerEnabled) {
959         this.yarnAuditAnalyzerEnabled = yarnAuditAnalyzerEnabled;
960     }
961 
962     /**
963      * Set the value of pnpmAuditAnalyzerEnabled.
964      *
965      * @param pnpmAuditAnalyzerEnabled new value of pnpmAuditAnalyzerEnabled
966      */
967     public void setPnpmAuditAnalyzerEnabled(Boolean pnpmAuditAnalyzerEnabled) {
968         this.pnpmAuditAnalyzerEnabled = pnpmAuditAnalyzerEnabled;
969     }
970 
971     /**
972      * Set the value of nodeAuditAnalyzerUseCache.
973      *
974      * @param nodeAuditAnalyzerUseCache new value of nodeAuditAnalyzerUseCache
975      */
976     public void setNodeAuditAnalyzerUseCache(Boolean nodeAuditAnalyzerUseCache) {
977         this.nodeAuditAnalyzerUseCache = nodeAuditAnalyzerUseCache;
978     }
979 
980     /**
981      * Set the value of nodePackageSkipDevDependencies.
982      *
983      * @param nodePackageSkipDevDependencies new value of
984      * nodePackageSkipDevDependencies
985      */
986     public void setNodePackageSkipDevDependencies(Boolean nodePackageSkipDevDependencies) {
987         this.nodePackageSkipDevDependencies = nodePackageSkipDevDependencies;
988     }
989 
990     /**
991      * Set the value of nodeAuditSkipDevDependencies.
992      *
993      * @param nodeAuditSkipDevDependencies new value of
994      * nodeAuditSkipDevDependencies
995      */
996     public void setNodeAuditSkipDevDependencies(Boolean nodeAuditSkipDevDependencies) {
997         this.nodeAuditSkipDevDependencies = nodeAuditSkipDevDependencies;
998     }
999 
1000     /**
1001      * Set the value of retirejsFilterNonVulnerable.
1002      *
1003      * @param retireJsFilterNonVulnerable new value of
1004      * retirejsFilterNonVulnerable
1005      * @deprecated Use {@link #setRetireJsFilterNonVulnerable(Boolean)} instead.
1006      */
1007     @Deprecated
1008     public void setRetirejsFilterNonVulnerable(Boolean retireJsFilterNonVulnerable) {
1009         log("'retirejsFilterNonVulnerable' is deprecated and may be removed in the next major release, please migrate to 'retireJsFilterNonVulnerable'",
1010                 Project.MSG_WARN);
1011         this.retireJsFilterNonVulnerable = retireJsFilterNonVulnerable;
1012     }
1013 
1014     /**
1015      * Set the value of retireJsFilterNonVulnerable.
1016      *
1017      * @param retireJsFilterNonVulnerable new value of
1018      * retireJsFilterNonVulnerable
1019      */
1020     public void setRetireJsFilterNonVulnerable(Boolean retireJsFilterNonVulnerable) {
1021         this.retireJsFilterNonVulnerable = retireJsFilterNonVulnerable;
1022     }
1023 
1024     /**
1025      * Add a regular expression to the set of retire JS content filters.
1026      * <p>
1027      * This is called by Ant.
1028      *
1029      * @param retireJsFilter the regular expression used to filter based on file
1030      * content
1031      * @deprecated Use {@link #addConfiguredRetireJsFilter(RetirejsFilter)} instead.
1032      */
1033     @Deprecated
1034     public void addConfiguredRetirejsFilter(final RetirejsFilter retireJsFilter) {
1035         log("'retirejsFilter' is deprecated and may be removed in the next major release, please migrate to 'retireJsFilter'",
1036                 Project.MSG_WARN);
1037         retireJsFilters.add(retireJsFilter.getRegex());
1038     }
1039 
1040     /**
1041      * Add a regular expression to the set of retire JS content filters.
1042      * <p>
1043      * This is called by Ant.
1044      *
1045      * @param retireJsFilter the regular expression used to filter based on file
1046      * content
1047      */
1048     public void addConfiguredRetireJsFilter(final RetirejsFilter retireJsFilter) {
1049         retireJsFilters.add(retireJsFilter.getRegex());
1050     }
1051 
1052     /**
1053      * Set the value of rubygemsAnalyzerEnabled.
1054      *
1055      * @param rubygemsAnalyzerEnabled new value of rubygemsAnalyzerEnabled
1056      */
1057     public void setRubygemsAnalyzerEnabled(Boolean rubygemsAnalyzerEnabled) {
1058         this.rubygemsAnalyzerEnabled = rubygemsAnalyzerEnabled;
1059     }
1060 
1061     /**
1062      * Set the value of pyPackageAnalyzerEnabled.
1063      *
1064      * @param pyPackageAnalyzerEnabled new value of pyPackageAnalyzerEnabled
1065      */
1066     public void setPyPackageAnalyzerEnabled(Boolean pyPackageAnalyzerEnabled) {
1067         this.pyPackageAnalyzerEnabled = pyPackageAnalyzerEnabled;
1068     }
1069 
1070     /**
1071      * Set the value of pyDistributionAnalyzerEnabled.
1072      *
1073      * @param pyDistributionAnalyzerEnabled new value of
1074      * pyDistributionAnalyzerEnabled
1075      */
1076     public void setPyDistributionAnalyzerEnabled(Boolean pyDistributionAnalyzerEnabled) {
1077         this.pyDistributionAnalyzerEnabled = pyDistributionAnalyzerEnabled;
1078     }
1079 
1080     /**
1081      * Set the value of mixAuditAnalyzerEnabled.
1082      *
1083      * @param mixAuditAnalyzerEnabled new value of mixAuditAnalyzerEnabled
1084      */
1085     public void setMixAuditAnalyzerEnabled(Boolean mixAuditAnalyzerEnabled) {
1086         this.mixAuditAnalyzerEnabled = mixAuditAnalyzerEnabled;
1087     }
1088 
1089     /**
1090      * Sets the path to the mix audit executable.
1091      *
1092      * @param mixAuditPath the path to the bundle audit executable
1093      */
1094     public void setMixAuditPath(String mixAuditPath) {
1095         this.mixAuditPath = mixAuditPath;
1096     }
1097     /**
1098      * Set the value of centralAnalyzerEnabled.
1099      *
1100      * @param centralAnalyzerEnabled new value of centralAnalyzerEnabled
1101      */
1102     public void setCentralAnalyzerEnabled(Boolean centralAnalyzerEnabled) {
1103         this.centralAnalyzerEnabled = centralAnalyzerEnabled;
1104     }
1105 
1106     /**
1107      * Set the value of centralAnalyzerUseCache.
1108      *
1109      * @param centralAnalyzerUseCache new value of centralAnalyzerUseCache
1110      */
1111     public void setCentralAnalyzerUseCache(Boolean centralAnalyzerUseCache) {
1112         this.centralAnalyzerUseCache = centralAnalyzerUseCache;
1113     }
1114 
1115     /**
1116      * Set the value of nexusAnalyzerEnabled.
1117      *
1118      * @param nexusAnalyzerEnabled new value of nexusAnalyzerEnabled
1119      */
1120     public void setNexusAnalyzerEnabled(Boolean nexusAnalyzerEnabled) {
1121         this.nexusAnalyzerEnabled = nexusAnalyzerEnabled;
1122     }
1123 
1124     /**
1125      * Set the value of golangDepEnabled.
1126      *
1127      * @param golangDepEnabled new value of golangDepEnabled
1128      */
1129     public void setGolangDepEnabled(Boolean golangDepEnabled) {
1130         this.golangDepEnabled = golangDepEnabled;
1131     }
1132 
1133     /**
1134      * Set the value of golangModEnabled.
1135      *
1136      * @param golangModEnabled new value of golangModEnabled
1137      */
1138     public void setGolangModEnabled(Boolean golangModEnabled) {
1139         this.golangModEnabled = golangModEnabled;
1140     }
1141 
1142     /**
1143      * Set the value of dartAnalyzerEnabled.
1144      *
1145      * @param dartAnalyzerEnabled new value of dartAnalyzerEnabled
1146      */
1147     public void setDartAnalyzerEnabled(Boolean dartAnalyzerEnabled) {
1148         this.dartAnalyzerEnabled = dartAnalyzerEnabled;
1149     }
1150 
1151     /**
1152      * Set the value of pathToYarn.
1153      *
1154      * @param pathToYarn new value of pathToYarn
1155      */
1156     public void setPathToYarn(String pathToYarn) {
1157         this.pathToYarn = pathToYarn;
1158     }
1159 
1160     /**
1161      * Set the value of pathToPnpm.
1162      *
1163      * @param pathToPnpm new value of pathToPnpm
1164      */
1165     public void setPathToPnpm(String pathToPnpm) {
1166         this.pathToPnpm = pathToPnpm;
1167     }
1168 
1169     /**
1170      * Set the value of pathToGo.
1171      *
1172      * @param pathToGo new value of pathToGo
1173      */
1174     public void setPathToGo(String pathToGo) {
1175         this.pathToGo = pathToGo;
1176     }
1177 
1178     /**
1179      * Set the value of nexusUrl.
1180      *
1181      * @param nexusUrl new value of nexusUrl
1182      */
1183     public void setNexusUrl(String nexusUrl) {
1184         this.nexusUrl = nexusUrl;
1185     }
1186 
1187     /**
1188      * Set the value of nexusUser.
1189      *
1190      * @param nexusUser new value of nexusUser
1191      */
1192     public void setNexusUser(String nexusUser) {
1193         this.nexusUser = nexusUser;
1194     }
1195 
1196     /**
1197      * Set the value of nexusPassword.
1198      *
1199      * @param nexusPassword new value of nexusPassword
1200      */
1201     public void setNexusPassword(String nexusPassword) {
1202         this.nexusPassword = nexusPassword;
1203     }
1204 
1205     /**
1206      * Set the value of nexusUsesProxy.
1207      *
1208      * @param nexusUsesProxy new value of nexusUsesProxy
1209      */
1210     public void setNexusUsesProxy(Boolean nexusUsesProxy) {
1211         this.nexusUsesProxy = nexusUsesProxy;
1212     }
1213 
1214     /**
1215      * Set the value of zipExtensions.
1216      *
1217      * @param zipExtensions new value of zipExtensions
1218      */
1219     public void setZipExtensions(String zipExtensions) {
1220         this.zipExtensions = zipExtensions;
1221     }
1222 
1223     /**
1224      * Set the value of pathToCore.
1225      *
1226      * @param pathToCore new value of pathToCore
1227      */
1228     public void setPathToDotnetCore(String pathToCore) {
1229         this.pathToCore = pathToCore;
1230     }
1231 
1232     /**
1233      * Set value of {@link #ossIndexAnalyzerEnabled}.
1234      *
1235      * @param ossIndexAnalyzerEnabled new value of ossIndexAnalyzerEnabled
1236      * @deprecated Use {@link #setOssIndexAnalyzerEnabled(Boolean)} instead.
1237      */
1238     @Deprecated
1239     public void setOssindexAnalyzerEnabled(Boolean ossIndexAnalyzerEnabled) {
1240         log("'ossindexAnalyzerEnabled' is deprecated and may be removed in the next major release, please migrate to 'ossIndexAnalyzerEnabled'",
1241                 Project.MSG_WARN);
1242         this.ossIndexAnalyzerEnabled = ossIndexAnalyzerEnabled;
1243     }
1244 
1245     /**
1246      * Set value of ossIndexAnalyzerEnabled.
1247      *
1248      * @param ossIndexAnalyzerEnabled new value of ossIndexAnalyzerEnabled
1249      */
1250     public void setOssIndexAnalyzerEnabled(Boolean ossIndexAnalyzerEnabled) {
1251         this.ossIndexAnalyzerEnabled = ossIndexAnalyzerEnabled;
1252     }
1253 
1254     /**
1255      * Set value of {@link #ossIndexAnalyzerUseCache}.
1256      *
1257      * @param ossIndexAnalyzerUseCache new value of ossIndexAnalyzerUseCache
1258      * @deprecated Use {@link #setOssIndexAnalyzerUseCache(Boolean)} instead.
1259      */
1260     @Deprecated
1261     public void setOssindexAnalyzerUseCache(Boolean ossIndexAnalyzerUseCache) {
1262         log("'ossindexAnalyzerUseCache' is deprecated and may be removed in the next major release, please migrate to 'ossIndexAnalyzerUseCache'",
1263                 Project.MSG_WARN);
1264         this.ossIndexAnalyzerUseCache = ossIndexAnalyzerUseCache;
1265     }
1266 
1267     /**
1268      * Set value of ossIndexAnalyzerUseCache.
1269      *
1270      * @param ossIndexAnalyzerUseCache new value of ossIndexAnalyzerUseCache
1271      */
1272     public void setOssIndexAnalyzerUseCache(Boolean ossIndexAnalyzerUseCache) {
1273         this.ossIndexAnalyzerUseCache = ossIndexAnalyzerUseCache;
1274     }
1275 
1276     /**
1277      * Set value of {@link #ossIndexAnalyzerCacheValidForHours}.
1278      *
1279      * @param ossIndexAnalyzerCacheValidForHours new value of ossIndexAnalyzerCacheValidForHours
1280      */
1281     public void setOssIndexAnalyzerCacheValidForHours(Integer ossIndexAnalyzerCacheValidForHours) {
1282         this.ossIndexAnalyzerCacheValidForHours = ossIndexAnalyzerCacheValidForHours;
1283     }
1284 
1285     /**
1286      * Set value of {@link #ossIndexAnalyzerUrl}.
1287      *
1288      * @param ossIndexAnalyzerUrl new value of ossIndexAnalyzerUrl
1289      * @deprecated Use {@link #setOssIndexAnalyzerUrl(String)} instead.
1290      */
1291     @Deprecated
1292     public void setOssindexAnalyzerUrl(String ossIndexAnalyzerUrl) {
1293         log("'ossindexAnalyzerUrl' is deprecated and may be removed in the next major release, please migrate to 'ossIndexAnalyzerUrl'",
1294                 Project.MSG_WARN);
1295         this.ossIndexAnalyzerUrl = ossIndexAnalyzerUrl;
1296     }
1297 
1298     /**
1299      * Set value of ossIndexAnalyzerUrl.
1300      *
1301      * @param ossIndexAnalyzerUrl new value of ossIndexAnalyzerUrl
1302      */
1303     public void setOssIndexAnalyzerUrl(String ossIndexAnalyzerUrl) {
1304         this.ossIndexAnalyzerUrl = ossIndexAnalyzerUrl;
1305     }
1306 
1307     /**
1308      * Set value of {@link #ossIndexAnalyzerUsername}.
1309      *
1310      * @param ossIndexAnalyzerUsername new value of ossIndexAnalyzerUsername
1311      * @deprecated Use {@link #setOssIndexAnalyzerUsername(String)} instead.
1312      */
1313     @Deprecated
1314     public void setOssindexAnalyzerUsername(String ossIndexAnalyzerUsername) {
1315         log("'ossindexAnalyzerUsername' is deprecated and may be removed in the next major release, please migrate to 'ossIndexAnalyzerUsername'",
1316                 Project.MSG_WARN);
1317         this.ossIndexAnalyzerUsername = ossIndexAnalyzerUsername;
1318     }
1319 
1320     /**
1321      * Set value of ossIndexAnalyzerUsername.
1322      *
1323      * @param ossIndexAnalyzerUsername new value of ossIndexAnalyzerUsername
1324      */
1325     public void setOssIndexAnalyzerUsername(String ossIndexAnalyzerUsername) {
1326         this.ossIndexAnalyzerUsername = ossIndexAnalyzerUsername;
1327     }
1328 
1329     /**
1330      * Set value of {@link #ossIndexAnalyzerPassword}.
1331      *
1332      * @param ossIndexAnalyzerPassword new value of ossIndexAnalyzerPassword
1333      * @deprecated Use {@link #setOssIndexAnalyzerPassword(String)} instead.
1334      */
1335     @Deprecated
1336     public void setOssindexAnalyzerPassword(String ossIndexAnalyzerPassword) {
1337         log("'ossindexAnalyzerPassword' is deprecated and may be removed in the next major release, please migrate to 'ossIndexAnalyzerPassword'",
1338                 Project.MSG_WARN);
1339         this.ossIndexAnalyzerPassword = ossIndexAnalyzerPassword;
1340     }
1341 
1342     /**
1343      * Set value of ossIndexAnalyzerPassword.
1344      *
1345      * @param ossIndexAnalyzerPassword new value of ossIndexAnalyzerPassword
1346      */
1347     public void setOssIndexAnalyzerPassword(String ossIndexAnalyzerPassword) {
1348         this.ossIndexAnalyzerPassword = ossIndexAnalyzerPassword;
1349     }
1350 
1351     /**
1352      * Set value of {@link #ossIndexAnalyzerWarnOnlyOnRemoteErrors}.
1353      *
1354      * @param ossIndexWarnOnlyOnRemoteErrors the value of
1355      * ossIndexWarnOnlyOnRemoteErrors
1356      */
1357     public void setOssIndexWarnOnlyOnRemoteErrors(Boolean ossIndexWarnOnlyOnRemoteErrors) {
1358         this.ossIndexAnalyzerWarnOnlyOnRemoteErrors = ossIndexWarnOnlyOnRemoteErrors;
1359     }
1360 
1361     /**
1362      * Set the value of cmakeAnalyzerEnabled.
1363      *
1364      * @param cmakeAnalyzerEnabled new value of cmakeAnalyzerEnabled
1365      */
1366     public void setCmakeAnalyzerEnabled(Boolean cmakeAnalyzerEnabled) {
1367         this.cmakeAnalyzerEnabled = cmakeAnalyzerEnabled;
1368     }
1369 
1370     /**
1371      * Set the value of artifactoryAnalyzerEnabled.
1372      *
1373      * @param artifactoryAnalyzerEnabled new value of artifactoryAnalyzerEnabled
1374      */
1375     public void setArtifactoryAnalyzerEnabled(Boolean artifactoryAnalyzerEnabled) {
1376         this.artifactoryAnalyzerEnabled = artifactoryAnalyzerEnabled;
1377     }
1378 
1379     /**
1380      * Set the value of artifactoryAnalyzerUrl.
1381      *
1382      * @param artifactoryAnalyzerUrl new value of artifactoryAnalyzerUrl
1383      */
1384     public void setArtifactoryAnalyzerUrl(String artifactoryAnalyzerUrl) {
1385         this.artifactoryAnalyzerUrl = artifactoryAnalyzerUrl;
1386     }
1387 
1388     /**
1389      * Set the value of artifactoryAnalyzerUseProxy.
1390      *
1391      * @param artifactoryAnalyzerUseProxy new value of
1392      * artifactoryAnalyzerUseProxy
1393      */
1394     public void setArtifactoryAnalyzerUseProxy(Boolean artifactoryAnalyzerUseProxy) {
1395         this.artifactoryAnalyzerUseProxy = artifactoryAnalyzerUseProxy;
1396     }
1397 
1398     /**
1399      * Set the value of artifactoryAnalyzerParallelAnalysis.
1400      *
1401      * @param artifactoryAnalyzerParallelAnalysis new value of
1402      * artifactoryAnalyzerParallelAnalysis
1403      */
1404     public void setArtifactoryAnalyzerParallelAnalysis(Boolean artifactoryAnalyzerParallelAnalysis) {
1405         this.artifactoryAnalyzerParallelAnalysis = artifactoryAnalyzerParallelAnalysis;
1406     }
1407 
1408     /**
1409      * Set the value of artifactoryAnalyzerUsername.
1410      *
1411      * @param artifactoryAnalyzerUsername new value of
1412      * artifactoryAnalyzerUsername
1413      */
1414     public void setArtifactoryAnalyzerUsername(String artifactoryAnalyzerUsername) {
1415         this.artifactoryAnalyzerUsername = artifactoryAnalyzerUsername;
1416     }
1417 
1418     /**
1419      * Set the value of artifactoryAnalyzerApiToken.
1420      *
1421      * @param artifactoryAnalyzerApiToken new value of
1422      * artifactoryAnalyzerApiToken
1423      */
1424     public void setArtifactoryAnalyzerApiToken(String artifactoryAnalyzerApiToken) {
1425         this.artifactoryAnalyzerApiToken = artifactoryAnalyzerApiToken;
1426     }
1427 
1428     /**
1429      * Set the value of artifactoryAnalyzerBearerToken.
1430      *
1431      * @param artifactoryAnalyzerBearerToken new value of
1432      * artifactoryAnalyzerBearerToken
1433      */
1434     public void setArtifactoryAnalyzerBearerToken(String artifactoryAnalyzerBearerToken) {
1435         this.artifactoryAnalyzerBearerToken = artifactoryAnalyzerBearerToken;
1436     }
1437 
1438     /**
1439      * Set the value of failBuildOnUnusedSuppressionRule.
1440      *
1441      * @param failBuildOnUnusedSuppressionRule new value of
1442      * failBuildOnUnusedSuppressionRule
1443      */
1444     public void setFailBuildOnUnusedSuppressionRule(boolean failBuildOnUnusedSuppressionRule) {
1445         this.failBuildOnUnusedSuppressionRule = failBuildOnUnusedSuppressionRule;
1446     }
1447 
1448     //see note on `dealWithReferences()` for information on this suppression
1449     @SuppressWarnings("squid:RedundantThrowsDeclarationCheck")
1450     @Override
1451     protected void executeWithContextClassloader() throws BuildException {
1452         dealWithReferences();
1453         validateConfiguration();
1454         populateSettings();
1455         try {
1456             Downloader.getInstance().configure(getSettings());
1457         } catch (InvalidSettingException e) {
1458             throw new BuildException(e);
1459         }
1460         TelemetryCollector.send(getSettings());
1461         try (Engine engine = new Engine(Check.class.getClassLoader(), getSettings())) {
1462             for (Resource resource : getPath()) {
1463                 final FileProvider provider = resource.as(FileProvider.class);
1464                 if (provider != null) {
1465                     final File file = provider.getFile();
1466                     if (file != null && file.exists()) {
1467                         engine.scan(file);
1468                     }
1469                 }
1470             }
1471             final ExceptionCollection exceptions = callExecuteAnalysis(engine);
1472             if (exceptions == null || !exceptions.isFatal()) {
1473                 for (String format : getReportFormats()) {
1474                     engine.writeReports(getProjectName(), new File(reportOutputDirectory), format, exceptions);
1475                 }
1476                 if (this.failBuildOnCVSS <= 10) {
1477                     checkForFailure(engine.getDependencies());
1478                 }
1479                 if (this.showSummary) {
1480                     DependencyCheckScanAgent.showSummary(engine.getDependencies());
1481                 }
1482             }
1483         } catch (DatabaseException ex) {
1484             final String msg = "Unable to connect to the dependency-check database; analysis has stopped";
1485             if (this.isFailOnError()) {
1486                 throw new BuildException(msg, ex);
1487             }
1488             log(msg, ex, Project.MSG_ERR);
1489         } catch (ReportException ex) {
1490             final String msg = "Unable to generate the dependency-check report";
1491             if (this.isFailOnError()) {
1492                 throw new BuildException(msg, ex);
1493             }
1494             log(msg, ex, Project.MSG_ERR);
1495         } finally {
1496             getSettings().cleanup();
1497         }
1498     }
1499 
1500     /**
1501      * Wraps the call to `engine.analyzeDependencies()` and correctly handles
1502      * any exceptions
1503      *
1504      * @param engine a reference to the engine
1505      * @return the collection of any exceptions that occurred; otherwise
1506      * <code>null</code>
1507      * @throws BuildException thrown if configured to fail the build on errors
1508      */
1509     //see note on `dealWithReferences()` for information on this suppression
1510     @SuppressWarnings("squid:RedundantThrowsDeclarationCheck")
1511     private ExceptionCollection callExecuteAnalysis(final Engine engine) throws BuildException {
1512         ExceptionCollection exceptions = null;
1513         try {
1514             engine.analyzeDependencies();
1515         } catch (ExceptionCollection ex) {
1516             if (this.isFailOnError()) {
1517                 throw new BuildException(ex);
1518             }
1519             exceptions = ex;
1520         }
1521         return exceptions;
1522     }
1523 
1524     /**
1525      * Validate the configuration to ensure the parameters have been properly
1526      * configured/initialized.
1527      *
1528      * @throws BuildException if the task was not configured correctly.
1529      */
1530     //see note on `dealWithReferences()` for information on this suppression
1531     @SuppressWarnings("squid:RedundantThrowsDeclarationCheck")
1532     private synchronized void validateConfiguration() throws BuildException {
1533         if (path == null) {
1534             throw new BuildException("No project dependencies have been defined to analyze.");
1535         }
1536         if (failBuildOnCVSS < 0 || failBuildOnCVSS > 11) {
1537             throw new BuildException("Invalid configuration, failBuildOnCVSS must be between 0 and 11.");
1538         }
1539     }
1540 
1541     /**
1542      * Takes the properties supplied and updates the dependency-check settings.
1543      * Additionally, this sets the system properties required to change the
1544      * proxy server, port, and connection timeout.
1545      *
1546      * @throws BuildException thrown when an invalid setting is configured.
1547      */
1548     //see note on `dealWithReferences()` for information on this suppression
1549     @SuppressWarnings("squid:RedundantThrowsDeclarationCheck")
1550     @Override
1551     protected void populateSettings() throws BuildException {
1552         super.populateSettings();
1553         getSettings().setBooleanIfNotNull(Settings.KEYS.AUTO_UPDATE, autoUpdate);
1554         getSettings().setArrayIfNotEmpty(Settings.KEYS.SUPPRESSION_FILE, suppressionFiles);
1555         getSettings().setStringIfNotEmpty(Settings.KEYS.SUPPRESSION_FILE_USER, suppressionFileUser);
1556         getSettings().setStringIfNotEmpty(Settings.KEYS.SUPPRESSION_FILE_PASSWORD, suppressionFilePassword);
1557         getSettings().setStringIfNotEmpty(Settings.KEYS.SUPPRESSION_FILE_BEARER_TOKEN, suppressionFileBearerToken);
1558         getSettings().setBooleanIfNotNull(Settings.KEYS.UPDATE_VERSION_CHECK_ENABLED, versionCheckEnabled);
1559         getSettings().setStringIfNotEmpty(Settings.KEYS.HINTS_FILE, hintsFile);
1560         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_EXPERIMENTAL_ENABLED, enableExperimental);
1561         getSettings().setBooleanIfNotNull(Settings.KEYS.PRETTY_PRINT, prettyPrint);
1562         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_RETIRED_ENABLED, enableRetired);
1563         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_JAR_ENABLED, jarAnalyzerEnabled);
1564         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_PYTHON_DISTRIBUTION_ENABLED, pyDistributionAnalyzerEnabled);
1565         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_PYTHON_PACKAGE_ENABLED, pyPackageAnalyzerEnabled);
1566         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_RUBY_GEMSPEC_ENABLED, rubygemsAnalyzerEnabled);
1567         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_OPENSSL_ENABLED, opensslAnalyzerEnabled);
1568         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_CMAKE_ENABLED, cmakeAnalyzerEnabled);
1569 
1570         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_ARTIFACTORY_ENABLED, artifactoryAnalyzerEnabled);
1571         getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_ARTIFACTORY_URL, artifactoryAnalyzerUrl);
1572         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_ARTIFACTORY_USES_PROXY, artifactoryAnalyzerUseProxy);
1573         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_ARTIFACTORY_PARALLEL_ANALYSIS, artifactoryAnalyzerParallelAnalysis);
1574         getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_ARTIFACTORY_API_USERNAME, artifactoryAnalyzerUsername);
1575         getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_ARTIFACTORY_API_TOKEN, artifactoryAnalyzerApiToken);
1576         getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_ARTIFACTORY_BEARER_TOKEN, artifactoryAnalyzerBearerToken);
1577 
1578         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_SWIFT_PACKAGE_MANAGER_ENABLED, swiftPackageManagerAnalyzerEnabled);
1579         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_SWIFT_PACKAGE_RESOLVED_ENABLED, swiftPackageResolvedAnalyzerEnabled);
1580         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_COCOAPODS_ENABLED, cocoapodsAnalyzerEnabled);
1581         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_CARTHAGE_ENABLED, carthageAnalyzerEnabled);
1582         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_ENABLED, bundleAuditAnalyzerEnabled);
1583         getSettings().setStringIfNotNull(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_PATH, bundleAuditPath);
1584         getSettings().setStringIfNotNull(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_WORKING_DIRECTORY, bundleAuditWorkingDirectory);
1585         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_AUTOCONF_ENABLED, autoconfAnalyzerEnabled);
1586         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_MAVEN_INSTALL_ENABLED, mavenInstallAnalyzerEnabled);
1587         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_PIP_ENABLED, pipAnalyzerEnabled);
1588         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_PIPFILE_ENABLED, pipfileAnalyzerEnabled);
1589         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_POETRY_ENABLED, poetryAnalyzerEnabled);
1590         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_COMPOSER_LOCK_ENABLED, composerAnalyzerEnabled);
1591         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_COMPOSER_LOCK_SKIP_DEV, composerAnalyzerSkipDev);
1592         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_CPANFILE_ENABLED, cpanfileAnalyzerEnabled);
1593         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NODE_PACKAGE_ENABLED, nodeAnalyzerEnabled);
1594         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NODE_PACKAGE_SKIPDEV, nodePackageSkipDevDependencies);
1595         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NODE_AUDIT_ENABLED, nodeAuditAnalyzerEnabled);
1596         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_YARN_AUDIT_ENABLED, yarnAuditAnalyzerEnabled);
1597         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_PNPM_AUDIT_ENABLED, pnpmAuditAnalyzerEnabled);
1598         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NODE_AUDIT_USE_CACHE, nodeAuditAnalyzerUseCache);
1599         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NODE_AUDIT_SKIPDEV, nodeAuditSkipDevDependencies);
1600         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_RETIREJS_FILTER_NON_VULNERABLE, retireJsFilterNonVulnerable);
1601         getSettings().setArrayIfNotEmpty(Settings.KEYS.ANALYZER_RETIREJS_FILTERS, retireJsFilters);
1602         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_GOLANG_DEP_ENABLED, golangDepEnabled);
1603         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_GOLANG_MOD_ENABLED, golangModEnabled);
1604         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_DART_ENABLED, dartAnalyzerEnabled);
1605         getSettings().setStringIfNotNull(Settings.KEYS.ANALYZER_GOLANG_PATH, pathToGo);
1606         getSettings().setStringIfNotNull(Settings.KEYS.ANALYZER_YARN_PATH, pathToYarn);
1607         getSettings().setStringIfNotNull(Settings.KEYS.ANALYZER_PNPM_PATH, pathToPnpm);
1608         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_MIX_AUDIT_ENABLED, mixAuditAnalyzerEnabled);
1609         getSettings().setStringIfNotNull(Settings.KEYS.ANALYZER_MIX_AUDIT_PATH, mixAuditPath);
1610         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NUSPEC_ENABLED, nuspecAnalyzerEnabled);
1611         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NUGETCONF_ENABLED, nugetconfAnalyzerEnabled);
1612         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_LIBMAN_ENABLED, libmanAnalyzerEnabled);
1613         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, centralAnalyzerEnabled);
1614         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_CENTRAL_USE_CACHE, centralAnalyzerUseCache);
1615         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NEXUS_ENABLED, nexusAnalyzerEnabled);
1616         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, archiveAnalyzerEnabled);
1617         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED, assemblyAnalyzerEnabled);
1618         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_MSBUILD_PROJECT_ENABLED, msbuildAnalyzerEnabled);
1619         getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_NEXUS_URL, nexusUrl);
1620         getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_NEXUS_USER, nexusUser);
1621         getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_NEXUS_PASSWORD, nexusPassword);
1622         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_NEXUS_USES_PROXY, nexusUsesProxy);
1623         getSettings().setStringIfNotEmpty(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, zipExtensions);
1624         getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_ASSEMBLY_DOTNET_PATH, pathToCore);
1625         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_OSSINDEX_ENABLED, ossIndexAnalyzerEnabled);
1626         getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_URL, ossIndexAnalyzerUrl);
1627         getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_USER, ossIndexAnalyzerUsername);
1628         getSettings().setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_PASSWORD, ossIndexAnalyzerPassword);
1629         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_OSSINDEX_USE_CACHE, ossIndexAnalyzerUseCache);
1630         getSettings().setIntIfNotNull(Settings.KEYS.ANALYZER_OSSINDEX_CACHE_VALID_FOR_HOURS, ossIndexAnalyzerCacheValidForHours);
1631         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_OSSINDEX_WARN_ONLY_ON_REMOTE_ERRORS, ossIndexAnalyzerWarnOnlyOnRemoteErrors);
1632         getSettings().setFloat(Settings.KEYS.JUNIT_FAIL_ON_CVSS, junitFailOnCVSS);
1633         getSettings().setBooleanIfNotNull(Settings.KEYS.FAIL_ON_UNUSED_SUPPRESSION_RULE, failBuildOnUnusedSuppressionRule);
1634     }
1635 
1636     /**
1637      * Checks to see if a vulnerability has been identified with a CVSS score
1638      * that is above the threshold set in the configuration.
1639      *
1640      * @param dependencies the list of dependency objects
1641      * @throws BuildException thrown if a CVSS score is found that is higher
1642      * than the threshold set
1643      */
1644     //see note on `dealWithReferences()` for information on this suppression
1645     @SuppressWarnings("squid:RedundantThrowsDeclarationCheck")
1646     private void checkForFailure(Dependency[] dependencies) throws BuildException {
1647         final StringBuilder ids = new StringBuilder();
1648         for (Dependency d : dependencies) {
1649             boolean addName = true;
1650             for (Vulnerability v : d.getVulnerabilities()) {
1651                 final double cvssV2 = v.getCvssV2() != null && v.getCvssV2().getCvssData() != null
1652                         && v.getCvssV2().getCvssData().getBaseScore() != null ? v.getCvssV2().getCvssData().getBaseScore() : -1;
1653                 final double cvssV3 = v.getCvssV3() != null && v.getCvssV3().getCvssData() != null
1654                         && v.getCvssV3().getCvssData().getBaseScore() != null ? v.getCvssV3().getCvssData().getBaseScore() : -1;
1655                 final double cvssV4 = v.getCvssV4() != null && v.getCvssV4().getCvssData() != null
1656                         && v.getCvssV4().getCvssData().getBaseScore() != null ? v.getCvssV4().getCvssData().getBaseScore() : -1;
1657                 final boolean useUnscored = cvssV2 == -1 && cvssV3 == -1 && cvssV4 == -1;
1658                 final double unscoredCvss =
1659                         useUnscored && v.getUnscoredSeverity() != null ? SeverityUtil.estimateCvssV2(v.getUnscoredSeverity()) : -1;
1660 
1661                 if (cvssV2 >= failBuildOnCVSS
1662                         || cvssV3 >= failBuildOnCVSS
1663                         || cvssV4 >= failBuildOnCVSS
1664                         || unscoredCvss >= failBuildOnCVSS
1665                         //safety net to fail on any if for some reason the above misses on 0
1666                         || failBuildOnCVSS <= 0.0f
1667                 ) {
1668                     if (addName) {
1669                         addName = false;
1670                         ids.append(NEW_LINE).append(d.getFileName()).append(" (")
1671                            .append(Stream.concat(d.getSoftwareIdentifiers().stream(), d.getVulnerableSoftwareIdentifiers().stream())
1672                                          .map(Identifier::getValue)
1673                                          .collect(Collectors.joining(", ")))
1674                            .append("): ")
1675                            .append(v.getName());
1676                     } else {
1677                         ids.append(", ").append(v.getName());
1678                     }
1679                 }
1680             }
1681         }
1682         if (ids.length() > 0) {
1683             final String msg;
1684             if (showSummary) {
1685                 msg = String.format("%n%nDependency-Check Failure:%n"
1686                         + "One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '%.1f': %s%n"
1687                         + "See the dependency-check report for more details.%n%n", failBuildOnCVSS, ids);
1688             } else {
1689                 msg = String.format("%n%nDependency-Check Failure:%n"
1690                         + "One or more dependencies were identified with vulnerabilities.%n%n"
1691                         + "See the dependency-check report for more details.%n%n");
1692             }
1693             throw new BuildException(msg);
1694         }
1695     }
1696 
1697     /**
1698      * An enumeration of supported report formats: "ALL", "HTML", "XML", "CSV",
1699      * "JSON", "JUNIT", "SARIF", 'JENkINS', etc..
1700      */
1701     public static class ReportFormats extends EnumeratedAttribute {
1702 
1703         /**
1704          * Returns the list of values for the report format.
1705          *
1706          * @return the list of values for the report format
1707          */
1708         @Override
1709         public String[] getValues() {
1710             int i = 0;
1711             final Format[] formats = Format.values();
1712             final String[] values = new String[formats.length];
1713             for (Format format : formats) {
1714                 values[i++] = format.name();
1715             }
1716             return values;
1717         }
1718     }
1719 
1720     /**
1721      * A class for Ant to represent the
1722      * {@code <reportFormat format="<format>"/>} nested element to define
1723      * multiple report formats for the ant-task.
1724      */
1725     public static class ReportFormat {
1726 
1727         /**
1728          * The format of this ReportFormat.
1729          */
1730         private ReportFormats format;
1731 
1732         /**
1733          * Gets the format as a String.
1734          *
1735          * @return the String representing a report format
1736          */
1737         public String getFormat() {
1738             return this.format.getValue();
1739         }
1740 
1741         /**
1742          * Sets the format.
1743          *
1744          * @param format the String value for one of the {@link ReportFormats}
1745          * @throws BuildException When the offered String is not one of the
1746          * valid values of the {@link ReportFormats} EnumeratedAttribute
1747          */
1748         public void setFormat(final String format) {
1749             this.format = (ReportFormats) EnumeratedAttribute.getInstance(ReportFormats.class, format);
1750         }
1751     }
1752 }
1753 //CSON: MethodCount