org.owasp.dependencycheck.agent

Class DependencyCheckScanAgent

java.lang.Object

org.owasp.dependencycheck.agent.DependencyCheckScanAgent

@NotThreadSafe
public class DependencyCheckScanAgent
extends Object

This class provides a way to easily conduct a scan solely based on existing evidence metadata rather than collecting evidence from the files themselves. This class is based on the Ant task and Maven plugin with the exception that it takes a list of dependencies that can be programmatically added from data in a spreadsheet, database or some other datasource and conduct a scan based on this pre-defined evidence.

Example:

 List<Dependency> dependencies = new ArrayList<Dependency>();
 Dependency dependency = new Dependency(new File(FileUtils.getBitBucket()));
 dependency.addEvidence(EvidenceType.PRODUCT, "my-datasource", "name", "Jetty", Confidence.HIGH);
 dependency.addEvidence(EvidenceType.VERSION, "my-datasource", "version", "5.1.10", Confidence.HIGH);
 dependency.addEvidence(EvidenceType.VENDOR, "my-datasource", "vendor", "mortbay", Confidence.HIGH);
 dependencies.add(dependency);

 DependencyCheckScanAgent scan = new DependencyCheckScanAgent();
 scan.setDependencies(dependencies);
 scan.setReportFormat(ReportGenerator.Format.ALL);
 scan.setReportOutputDirectory(System.getProperty("user.home"));
 scan.execute();
 

Author:

Steve Springett

Constructor Summary

Constructors

Constructor and Description
DependencyCheckScanAgent()

Method Summary

Modifier and Type	Method and Description
Engine	execute() Executes the dependency-check and generates the report.
String	getApplicationName() Get the value of applicationName.
String	getCentralUrl() Get the value of centralUrl.
String	getConnectionString() Get the value of connectionString.
String	getConnectionTimeout() Get the value of connectionTimeout.
String	getCpeStartsWithFilter() Returns the starting string that identifies CPEs that are qualified to be imported.
String	getCveUrlBase() Get the value of cveUrlBase.
String	getCveUrlModified() Get the value of cveUrlModified.
String	getDatabaseDriverName() Get the value of databaseDriverName.
String	getDatabaseDriverPath() Get the value of databaseDriverPath.
String	getDatabasePassword() Get the value of databasePassword.
String	getDatabaseUser() Get the value of databaseUser.
String	getDataDirectory() Get the value of dataDirectory.
List<Dependency>	getDependencies() Returns a list of pre-determined dependencies.
float	getFailBuildOnCVSS() Get the value of failBuildOnCVSS.
String	getLogFile() Get the value of logFile.
String	getNexusUrl() Get the value of nexusUrl.
String	getPathToDotnetCore() Get the value of pathToCore.
String	getPropertiesFilePath() Get the value of propertiesFilePath.
String	getProxyPassword() Get the value of proxyPassword.
String	getProxyPort() Get the value of proxyPort.
String	getProxyServer() Get the value of proxyServer.
String	getProxyUrl() Deprecated. use getProxyServer() instead
String	getProxyUsername() Get the value of proxyUsername.
ReportGenerator.Format	getReportFormat() Get the value of reportFormat.
String	getReportOutputDirectory() Get the value of reportOutputDirectory.
String	getSuppressionFile() Get the value of suppressionFile.
String	getZipExtensions() Get the value of zipExtensions.
boolean	isAutoUpdate() Get the value of autoUpdate.
boolean	isCentralAnalyzerEnabled() Get the value of centralAnalyzerEnabled.
boolean	isGenerateReport() Get the value of generateReport.
boolean	isNexusAnalyzerEnabled() Get the value of nexusAnalyzerEnabled.
boolean	isNexusUsesProxy() Get the value of nexusUsesProxy.
boolean	isShowSummary() Get the value of showSummary.
boolean	isUpdateOnly() Get the value of updateOnly.
void	setApplicationName(String applicationName) Set the value of applicationName.
void	setAutoUpdate(boolean autoUpdate) Set the value of autoUpdate.
void	setCentralAnalyzerEnabled(boolean centralAnalyzerEnabled) Set the value of centralAnalyzerEnabled.
void	setCentralUrl(String centralUrl) Set the value of centralUrl.
void	setConnectionString(String connectionString) Set the value of connectionString.
void	setConnectionTimeout(String connectionTimeout) Set the value of connectionTimeout.
void	setCpeStartsWithFilter(String cpeStartsWithFilter) Sets starting string that identifies CPEs that are qualified to be imported.
void	setCveUrlBase(String cveUrlBase) Set the value of cveUrlBase.
void	setCveUrlModified(String cveUrlModified) Set the value of cveUrlModified.
void	setDatabaseDriverName(String databaseDriverName) Set the value of databaseDriverName.
void	setDatabaseDriverPath(String databaseDriverPath) Set the value of databaseDriverPath.
void	setDatabasePassword(String databasePassword) Set the value of databasePassword.
void	setDatabaseUser(String databaseUser) Set the value of databaseUser.
void	setDataDirectory(String dataDirectory) Set the value of dataDirectory.
void	setDependencies(List<Dependency> dependencies) Sets the list of dependencies to scan.
void	setFailBuildOnCVSS(float failBuildOnCVSS) Set the value of failBuildOnCVSS.
void	setGenerateReport(boolean generateReport) Set the value of generateReport.
void	setLogFile(String logFile) Set the value of logFile.
void	setNexusAnalyzerEnabled(boolean nexusAnalyzerEnabled) Set the value of nexusAnalyzerEnabled.
void	setNexusUrl(String nexusUrl) Set the value of nexusUrl.
void	setNexusUsesProxy(boolean nexusUsesProxy) Set the value of nexusUsesProxy.
void	setPathToDotnetCore(String pathToCore) Set the value of pathToCore.
void	setPropertiesFilePath(String propertiesFilePath) Set the value of propertiesFilePath.
void	setProxyPassword(String proxyPassword) Set the value of proxyPassword.
void	setProxyPort(String proxyPort) Set the value of proxyPort.
void	setProxyServer(String proxyServer) Set the value of proxyServer.
void	setProxyUrl(String proxyUrl) Deprecated. use setProxyServer(java.lang.String) instead
void	setProxyUsername(String proxyUsername) Set the value of proxyUsername.
void	setReportFormat(ReportGenerator.Format reportFormat) Set the value of reportFormat.
void	setReportOutputDirectory(String reportOutputDirectory) Set the value of reportOutputDirectory.
void	setShowSummary(boolean showSummary) Set the value of showSummary.
void	setSuppressionFile(String suppressionFile) Set the value of suppressionFile.
void	setUpdateOnly(boolean updateOnly) Set the value of updateOnly.
void	setZipExtensions(String zipExtensions) Set the value of zipExtensions.
static void	showSummary(Dependency[] dependencies) Generates a warning message listing a summary of dependencies and their associated CPE and CVE entries.
static void	showSummary(String projectName, Dependency[] dependencies) Generates a warning message listing a summary of dependencies and their associated CPE and CVE entries.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DependencyCheckScanAgent

public DependencyCheckScanAgent()

Method Detail

getApplicationName

public String getApplicationName()

Get the value of applicationName.

Returns:

the value of applicationName

setApplicationName

public void setApplicationName(String applicationName)

Set the value of applicationName.

Parameters:

applicationName - new value of applicationName

getDependencies

public List<Dependency> getDependencies()

Returns a list of pre-determined dependencies.

Returns:

returns a list of dependencies

setDependencies

public void setDependencies(List<Dependency> dependencies)

Sets the list of dependencies to scan.

Parameters:

dependencies - new value of dependencies

getDataDirectory

public String getDataDirectory()

Get the value of dataDirectory.

Returns:

the value of dataDirectory

setDataDirectory

public void setDataDirectory(String dataDirectory)

Set the value of dataDirectory.

Parameters:

dataDirectory - new value of dataDirectory

getReportOutputDirectory

public String getReportOutputDirectory()

Get the value of reportOutputDirectory.

Returns:

the value of reportOutputDirectory

setReportOutputDirectory

public void setReportOutputDirectory(String reportOutputDirectory)

Set the value of reportOutputDirectory.

Parameters:

reportOutputDirectory - new value of reportOutputDirectory

getFailBuildOnCVSS

public float getFailBuildOnCVSS()

Get the value of failBuildOnCVSS.

Returns:

the value of failBuildOnCVSS

setFailBuildOnCVSS

public void setFailBuildOnCVSS(float failBuildOnCVSS)

Set the value of failBuildOnCVSS.

Parameters:

failBuildOnCVSS - new value of failBuildOnCVSS

isAutoUpdate

public boolean isAutoUpdate()

Get the value of autoUpdate.

Returns:

the value of autoUpdate

setAutoUpdate

public void setAutoUpdate(boolean autoUpdate)

Set the value of autoUpdate.

Parameters:

autoUpdate - new value of autoUpdate

isUpdateOnly

public boolean isUpdateOnly()

Get the value of updateOnly.

Returns:

the value of updateOnly

setUpdateOnly

public void setUpdateOnly(boolean updateOnly)

Set the value of updateOnly.

Parameters:

updateOnly - new value of updateOnly

isGenerateReport

public boolean isGenerateReport()

Get the value of generateReport.

Returns:

the value of generateReport

setGenerateReport

public void setGenerateReport(boolean generateReport)

Set the value of generateReport.

Parameters:

generateReport - new value of generateReport

getReportFormat

public ReportGenerator.Format getReportFormat()

Get the value of reportFormat.

Returns:

the value of reportFormat

setReportFormat

public void setReportFormat(ReportGenerator.Format reportFormat)

Set the value of reportFormat.

Parameters:

reportFormat - new value of reportFormat

getProxyServer

public String getProxyServer()

Get the value of proxyServer.

Returns:

the value of proxyServer

setProxyServer

public void setProxyServer(String proxyServer)

Set the value of proxyServer.

Parameters:

proxyServer - new value of proxyServer

getProxyUrl

@Deprecated
public String getProxyUrl()

Deprecated. use getProxyServer() instead

Get the value of proxyServer.

Returns:

the value of proxyServer

setProxyUrl

@Deprecated
public void setProxyUrl(String proxyUrl)

Deprecated. use setProxyServer(java.lang.String) instead

Set the value of proxyServer.

Parameters:

proxyUrl - new value of proxyServer

getProxyPort

public String getProxyPort()

Get the value of proxyPort.

Returns:

the value of proxyPort

setProxyPort

public void setProxyPort(String proxyPort)

Set the value of proxyPort.

Parameters:

proxyPort - new value of proxyPort

getProxyUsername

public String getProxyUsername()

Get the value of proxyUsername.

Returns:

the value of proxyUsername

setProxyUsername

public void setProxyUsername(String proxyUsername)

Set the value of proxyUsername.

Parameters:

proxyUsername - new value of proxyUsername

getProxyPassword

public String getProxyPassword()

Get the value of proxyPassword.

Returns:

the value of proxyPassword

setProxyPassword

public void setProxyPassword(String proxyPassword)

Set the value of proxyPassword.

Parameters:

proxyPassword - new value of proxyPassword

getConnectionTimeout

public String getConnectionTimeout()

Get the value of connectionTimeout.

Returns:

the value of connectionTimeout

setConnectionTimeout

public void setConnectionTimeout(String connectionTimeout)

Set the value of connectionTimeout.

Parameters:

connectionTimeout - new value of connectionTimeout

getLogFile

public String getLogFile()

Get the value of logFile.

Returns:

the value of logFile

setLogFile

public void setLogFile(String logFile)

Set the value of logFile.

Parameters:

logFile - new value of logFile

getSuppressionFile

public String getSuppressionFile()

Get the value of suppressionFile.

Returns:

the value of suppressionFile

setSuppressionFile

public void setSuppressionFile(String suppressionFile)

Set the value of suppressionFile.

Parameters:

suppressionFile - new value of suppressionFile

isShowSummary

public boolean isShowSummary()

Get the value of showSummary.

Returns:

the value of showSummary

setShowSummary

public void setShowSummary(boolean showSummary)

Set the value of showSummary.

Parameters:

showSummary - new value of showSummary

setCpeStartsWithFilter

public void setCpeStartsWithFilter(String cpeStartsWithFilter)

Sets starting string that identifies CPEs that are qualified to be imported.

Parameters:

cpeStartsWithFilter - filters CPEs based on this starting string (i.e. cpe:/a: )

getCpeStartsWithFilter

public String getCpeStartsWithFilter()

Returns the starting string that identifies CPEs that are qualified to be imported.

Returns:

the CPE starting filter (i.e. cpe:/a: )

isCentralAnalyzerEnabled

public boolean isCentralAnalyzerEnabled()

Get the value of centralAnalyzerEnabled.

Returns:

the value of centralAnalyzerEnabled

setCentralAnalyzerEnabled

public void setCentralAnalyzerEnabled(boolean centralAnalyzerEnabled)

Set the value of centralAnalyzerEnabled.

Parameters:

centralAnalyzerEnabled - new value of centralAnalyzerEnabled

getCentralUrl

public String getCentralUrl()

Get the value of centralUrl.

Returns:

the value of centralUrl

setCentralUrl

public void setCentralUrl(String centralUrl)

Set the value of centralUrl.

Parameters:

centralUrl - new value of centralUrl

isNexusAnalyzerEnabled

public boolean isNexusAnalyzerEnabled()

Get the value of nexusAnalyzerEnabled.

Returns:

the value of nexusAnalyzerEnabled

setNexusAnalyzerEnabled

public void setNexusAnalyzerEnabled(boolean nexusAnalyzerEnabled)

Set the value of nexusAnalyzerEnabled.

Parameters:

nexusAnalyzerEnabled - new value of nexusAnalyzerEnabled

getNexusUrl

public String getNexusUrl()

Get the value of nexusUrl.

Returns:

the value of nexusUrl

setNexusUrl

public void setNexusUrl(String nexusUrl)

Set the value of nexusUrl.

Parameters:

nexusUrl - new value of nexusUrl

isNexusUsesProxy

public boolean isNexusUsesProxy()

Get the value of nexusUsesProxy.

Returns:

the value of nexusUsesProxy

setNexusUsesProxy

public void setNexusUsesProxy(boolean nexusUsesProxy)

Set the value of nexusUsesProxy.

Parameters:

nexusUsesProxy - new value of nexusUsesProxy

getDatabaseDriverName

public String getDatabaseDriverName()

Get the value of databaseDriverName.

Returns:

the value of databaseDriverName

setDatabaseDriverName

public void setDatabaseDriverName(String databaseDriverName)

Set the value of databaseDriverName.

Parameters:

databaseDriverName - new value of databaseDriverName

getDatabaseDriverPath

public String getDatabaseDriverPath()

Get the value of databaseDriverPath.

Returns:

the value of databaseDriverPath

setDatabaseDriverPath

public void setDatabaseDriverPath(String databaseDriverPath)

Set the value of databaseDriverPath.

Parameters:

databaseDriverPath - new value of databaseDriverPath

getConnectionString

public String getConnectionString()

Get the value of connectionString.

Returns:

the value of connectionString

setConnectionString

public void setConnectionString(String connectionString)

Set the value of connectionString.

Parameters:

connectionString - new value of connectionString

getDatabaseUser

public String getDatabaseUser()

Get the value of databaseUser.

Returns:

the value of databaseUser

setDatabaseUser

public void setDatabaseUser(String databaseUser)

Set the value of databaseUser.

Parameters:

databaseUser - new value of databaseUser

getDatabasePassword

public String getDatabasePassword()

Get the value of databasePassword.

Returns:

the value of databasePassword

setDatabasePassword

public void setDatabasePassword(String databasePassword)

Set the value of databasePassword.

Parameters:

databasePassword - new value of databasePassword

getZipExtensions

public String getZipExtensions()

Get the value of zipExtensions.

Returns:

the value of zipExtensions

setZipExtensions

public void setZipExtensions(String zipExtensions)

Set the value of zipExtensions.

Parameters:

zipExtensions - new value of zipExtensions

getCveUrlModified

public String getCveUrlModified()

Get the value of cveUrlModified.

Returns:

the value of cveUrlModified

setCveUrlModified

public void setCveUrlModified(String cveUrlModified)

Set the value of cveUrlModified.

Parameters:

cveUrlModified - new value of cveUrlModified

getCveUrlBase

public String getCveUrlBase()

Get the value of cveUrlBase.

Returns:

the value of cveUrlBase

setCveUrlBase

public void setCveUrlBase(String cveUrlBase)

Set the value of cveUrlBase.

Parameters:

cveUrlBase - new value of cveUrlBase

getPathToDotnetCore

public String getPathToDotnetCore()

Get the value of pathToCore.

Returns:

the value of pathToCore

setPathToDotnetCore

public void setPathToDotnetCore(String pathToCore)

Set the value of pathToCore.

Parameters:

pathToCore - new value of pathToCore

getPropertiesFilePath

public String getPropertiesFilePath()

Get the value of propertiesFilePath.

Returns:

the value of propertiesFilePath

setPropertiesFilePath

public void setPropertiesFilePath(String propertiesFilePath)

Set the value of propertiesFilePath.

Parameters:

propertiesFilePath - new value of propertiesFilePath

execute

public Engine execute()
               throws ScanAgentException

Executes the dependency-check and generates the report.

Returns:

a reference to the engine used to perform the scan.

Throws:

ScanAgentException - thrown if there is an exception executing the scan.

showSummary

public static void showSummary(Dependency[] dependencies)

Generates a warning message listing a summary of dependencies and their associated CPE and CVE entries.

Parameters:

dependencies - a list of dependency objects

showSummary

public static void showSummary(String projectName,
                               Dependency[] dependencies)

Generates a warning message listing a summary of dependencies and their associated CPE and CVE entries.

Parameters:

projectName - the name of the project

dependencies - a list of dependency objects