org.owasp.dependencycheck.agent

Class DependencyCheckScanAgent

java.lang.Object

org.owasp.dependencycheck.agent.DependencyCheckScanAgent

@NotThreadSafe
public class DependencyCheckScanAgent
extends java.lang.Object

This class provides a way to easily conduct a scan solely based on existing evidence metadata rather than collecting evidence from the files themselves. This class is based on the Ant task and Maven plugin with the exception that it takes a list of dependencies that can be programmatically added from data in a spreadsheet, database or some other datasource and conduct a scan based on this pre-defined evidence.

Example:

 List<Dependency> dependencies = new ArrayList<Dependency>();
 Dependency dependency = new Dependency(new File(FileUtils.getBitBucket()));
 dependency.addEvidence(EvidenceType.PRODUCT, "my-datasource", "name", "Jetty", Confidence.HIGH);
 dependency.addEvidence(EvidenceType.VERSION, "my-datasource", "version", "5.1.10", Confidence.HIGH);
 dependency.addEvidence(EvidenceType.VENDOR, "my-datasource", "vendor", "mortbay", Confidence.HIGH);
 dependencies.add(dependency);

 DependencyCheckScanAgent scan = new DependencyCheckScanAgent();
 scan.setDependencies(dependencies);
 scan.setReportFormat(ReportGenerator.Format.ALL);
 scan.setReportOutputDirectory(System.getProperty("user.home"));
 scan.execute();
 

Author:

Steve Springett

Constructor Summary

Constructors

Constructor and Description
DependencyCheckScanAgent()

Method Summary

Modifier and Type	Method and Description
Engine	execute() Executes the dependency-check and generates the report.
java.lang.String	getApplicationName() Get the value of applicationName.
java.lang.String	getCentralUrl() Get the value of centralUrl.
java.lang.String	getConnectionString() Get the value of connectionString.
java.lang.String	getConnectionTimeout() Get the value of connectionTimeout.
java.lang.String	getCpeStartsWithFilter() Returns the starting string that identifies CPEs that are qualified to be imported.
java.lang.String	getDatabaseDriverName() Get the value of databaseDriverName.
java.lang.String	getDatabaseDriverPath() Get the value of databaseDriverPath.
java.lang.String	getDatabasePassword() Get the value of databasePassword.
java.lang.String	getDatabaseUser() Get the value of databaseUser.
java.lang.String	getDataDirectory() Get the value of dataDirectory.
java.util.List<Dependency>	getDependencies() Returns a list of pre-determined dependencies.
java.lang.Double	getFailBuildOnCVSS() Get the value of failBuildOnCVSS.
java.lang.String	getLogFile() Get the value of logFile.
java.lang.String	getNexusUrl() Get the value of nexusUrl.
java.lang.String	getNvdApiKey() Get the value of nvdApiKey.
java.lang.String	getPathToDotnetCore() Get the value of pathToCore.
java.lang.String	getPropertiesFilePath() Get the value of propertiesFilePath.
java.lang.String	getProxyPassword() Get the value of proxyPassword.
java.lang.String	getProxyPort() Get the value of proxyPort.
java.lang.String	getProxyServer() Get the value of proxyServer.
java.lang.String	getProxyUrl() Deprecated. use getProxyServer() instead
java.lang.String	getProxyUsername() Get the value of proxyUsername.
java.lang.String	getReadTimeout() Get the value of readTimeout.
ReportGenerator.Format	getReportFormat() Get the value of reportFormat.
java.lang.String	getReportOutputDirectory() Get the value of reportOutputDirectory.
java.lang.String	getSuppressionFile() Get the value of suppressionFile.
java.lang.String	getZipExtensions() Get the value of zipExtensions.
boolean	isAutoUpdate() Get the value of autoUpdate.
boolean	isCentralAnalyzerEnabled() Get the value of centralAnalyzerEnabled.
boolean	isGenerateReport() Get the value of generateReport.
boolean	isNexusAnalyzerEnabled() Get the value of nexusAnalyzerEnabled.
boolean	isNexusUsesProxy() Get the value of nexusUsesProxy.
boolean	isShowSummary() Get the value of showSummary.
boolean	isUpdateOnly() Get the value of updateOnly.
void	setApplicationName(java.lang.String applicationName) Set the value of applicationName.
void	setAutoUpdate(boolean autoUpdate) Set the value of autoUpdate.
void	setCentralAnalyzerEnabled(boolean centralAnalyzerEnabled) Set the value of centralAnalyzerEnabled.
void	setCentralUrl(java.lang.String centralUrl) Set the value of centralUrl.
void	setConnectionString(java.lang.String connectionString) Set the value of connectionString.
void	setConnectionTimeout(java.lang.String connectionTimeout) Set the value of connectionTimeout.
void	setCpeStartsWithFilter(java.lang.String cpeStartsWithFilter) Sets starting string that identifies CPEs that are qualified to be imported.
void	setDatabaseDriverName(java.lang.String databaseDriverName) Set the value of databaseDriverName.
void	setDatabaseDriverPath(java.lang.String databaseDriverPath) Set the value of databaseDriverPath.
void	setDatabasePassword(java.lang.String databasePassword) Set the value of databasePassword.
void	setDatabaseUser(java.lang.String databaseUser) Set the value of databaseUser.
void	setDataDirectory(java.lang.String dataDirectory) Set the value of dataDirectory.
void	setDependencies(java.util.List<Dependency> dependencies) Sets the list of dependencies to scan.
void	setFailBuildOnCVSS(java.lang.Double failBuildOnCVSS) Set the value of failBuildOnCVSS.
void	setGenerateReport(boolean generateReport) Set the value of generateReport.
void	setLogFile(java.lang.String logFile) Set the value of logFile.
void	setNexusAnalyzerEnabled(boolean nexusAnalyzerEnabled) Set the value of nexusAnalyzerEnabled.
void	setNexusUrl(java.lang.String nexusUrl) Set the value of nexusUrl.
void	setNexusUsesProxy(boolean nexusUsesProxy) Set the value of nexusUsesProxy.
void	setNvdApiKey(java.lang.String nvdApiKey) Set the value of nvdApiKey.
void	setPathToDotnetCore(java.lang.String pathToCore) Set the value of pathToCore.
void	setPropertiesFilePath(java.lang.String propertiesFilePath) Set the value of propertiesFilePath.
void	setProxyPassword(java.lang.String proxyPassword) Set the value of proxyPassword.
void	setProxyPort(java.lang.String proxyPort) Set the value of proxyPort.
void	setProxyServer(java.lang.String proxyServer) Set the value of proxyServer.
void	setProxyUrl(java.lang.String proxyUrl) Deprecated. use setProxyServer(java.lang.String) instead
void	setProxyUsername(java.lang.String proxyUsername) Set the value of proxyUsername.
void	setReadTimeout(java.lang.String readTimeout) Set the value of readTimeout.
void	setReportFormat(ReportGenerator.Format reportFormat) Set the value of reportFormat.
void	setReportOutputDirectory(java.lang.String reportOutputDirectory) Set the value of reportOutputDirectory.
void	setShowSummary(boolean showSummary) Set the value of showSummary.
void	setSuppressionFile(java.lang.String suppressionFile) Set the value of suppressionFile.
void	setUpdateOnly(boolean updateOnly) Set the value of updateOnly.
void	setZipExtensions(java.lang.String zipExtensions) Set the value of zipExtensions.
static void	showSummary(Dependency[] dependencies) Generates a warning message listing a summary of dependencies and their associated CPE and CVE entries.
static void	showSummary(java.lang.String projectName, Dependency[] dependencies) Generates a warning message listing a summary of dependencies and their associated CPE and CVE entries.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DependencyCheckScanAgent

public DependencyCheckScanAgent()

Method Detail

getApplicationName

public java.lang.String getApplicationName()

Get the value of applicationName.

Returns:

the value of applicationName

setApplicationName

public void setApplicationName(java.lang.String applicationName)

Set the value of applicationName.

Parameters:

applicationName - new value of applicationName

getNvdApiKey

public java.lang.String getNvdApiKey()

Get the value of nvdApiKey.

Returns:

the value of nvdApiKey

setNvdApiKey

public void setNvdApiKey(java.lang.String nvdApiKey)

Set the value of nvdApiKey.

Parameters:

nvdApiKey - new value of nvdApiKey

getDependencies

public java.util.List<Dependency> getDependencies()

Returns a list of pre-determined dependencies.

Returns:

returns a list of dependencies

setDependencies

public void setDependencies(java.util.List<Dependency> dependencies)

Sets the list of dependencies to scan.

Parameters:

dependencies - new value of dependencies

getDataDirectory

public java.lang.String getDataDirectory()

Get the value of dataDirectory.

Returns:

the value of dataDirectory

setDataDirectory

public void setDataDirectory(java.lang.String dataDirectory)

Set the value of dataDirectory.

Parameters:

dataDirectory - new value of dataDirectory

getReportOutputDirectory

public java.lang.String getReportOutputDirectory()

Get the value of reportOutputDirectory.

Returns:

the value of reportOutputDirectory

setReportOutputDirectory

public void setReportOutputDirectory(java.lang.String reportOutputDirectory)

Set the value of reportOutputDirectory.

Parameters:

reportOutputDirectory - new value of reportOutputDirectory

getFailBuildOnCVSS

public java.lang.Double getFailBuildOnCVSS()

Get the value of failBuildOnCVSS.

Returns:

the value of failBuildOnCVSS

setFailBuildOnCVSS

public void setFailBuildOnCVSS(java.lang.Double failBuildOnCVSS)

Set the value of failBuildOnCVSS.

Parameters:

failBuildOnCVSS - new value of failBuildOnCVSS

isAutoUpdate

public boolean isAutoUpdate()

Get the value of autoUpdate.

Returns:

the value of autoUpdate

setAutoUpdate

public void setAutoUpdate(boolean autoUpdate)

Set the value of autoUpdate.

Parameters:

autoUpdate - new value of autoUpdate

isUpdateOnly

public boolean isUpdateOnly()

Get the value of updateOnly.

Returns:

the value of updateOnly

setUpdateOnly

public void setUpdateOnly(boolean updateOnly)

Set the value of updateOnly.

Parameters:

updateOnly - new value of updateOnly

isGenerateReport

public boolean isGenerateReport()

Get the value of generateReport.

Returns:

the value of generateReport

setGenerateReport

public void setGenerateReport(boolean generateReport)

Set the value of generateReport.

Parameters:

generateReport - new value of generateReport

getReportFormat

public ReportGenerator.Format getReportFormat()

Get the value of reportFormat.

Returns:

the value of reportFormat

setReportFormat

public void setReportFormat(ReportGenerator.Format reportFormat)

Set the value of reportFormat.

Parameters:

reportFormat - new value of reportFormat

getProxyServer

public java.lang.String getProxyServer()

Get the value of proxyServer.

Returns:

the value of proxyServer

setProxyServer

public void setProxyServer(java.lang.String proxyServer)

Set the value of proxyServer.

Parameters:

proxyServer - new value of proxyServer

getProxyUrl

@Deprecated
public java.lang.String getProxyUrl()

Deprecated. use getProxyServer() instead

Get the value of proxyServer.

Returns:

the value of proxyServer

setProxyUrl

@Deprecated
public void setProxyUrl(java.lang.String proxyUrl)

Deprecated. use setProxyServer(java.lang.String) instead

Set the value of proxyServer.

Parameters:

proxyUrl - new value of proxyServer

getProxyPort

public java.lang.String getProxyPort()

Get the value of proxyPort.

Returns:

the value of proxyPort

setProxyPort

public void setProxyPort(java.lang.String proxyPort)

Set the value of proxyPort.

Parameters:

proxyPort - new value of proxyPort

getProxyUsername

public java.lang.String getProxyUsername()

Get the value of proxyUsername.

Returns:

the value of proxyUsername

setProxyUsername

public void setProxyUsername(java.lang.String proxyUsername)

Set the value of proxyUsername.

Parameters:

proxyUsername - new value of proxyUsername

getProxyPassword

public java.lang.String getProxyPassword()

Get the value of proxyPassword.

Returns:

the value of proxyPassword

setProxyPassword

public void setProxyPassword(java.lang.String proxyPassword)

Set the value of proxyPassword.

Parameters:

proxyPassword - new value of proxyPassword

getConnectionTimeout

public java.lang.String getConnectionTimeout()

Get the value of connectionTimeout.

Returns:

the value of connectionTimeout

setConnectionTimeout

public void setConnectionTimeout(java.lang.String connectionTimeout)

Set the value of connectionTimeout.

Parameters:

connectionTimeout - new value of connectionTimeout

getReadTimeout

public java.lang.String getReadTimeout()

Get the value of readTimeout.

Returns:

the value of readTimeout

setReadTimeout

public void setReadTimeout(java.lang.String readTimeout)

Set the value of readTimeout.

Parameters:

readTimeout - new value of readTimeout

getLogFile

public java.lang.String getLogFile()

Get the value of logFile.

Returns:

the value of logFile

setLogFile

public void setLogFile(java.lang.String logFile)

Set the value of logFile.

Parameters:

logFile - new value of logFile

getSuppressionFile

public java.lang.String getSuppressionFile()

Get the value of suppressionFile.

Returns:

the value of suppressionFile

setSuppressionFile

public void setSuppressionFile(java.lang.String suppressionFile)

Set the value of suppressionFile.

Parameters:

suppressionFile - new value of suppressionFile

isShowSummary

public boolean isShowSummary()

Get the value of showSummary.

Returns:

the value of showSummary

setShowSummary

public void setShowSummary(boolean showSummary)

Set the value of showSummary.

Parameters:

showSummary - new value of showSummary

setCpeStartsWithFilter

public void setCpeStartsWithFilter(java.lang.String cpeStartsWithFilter)

Sets starting string that identifies CPEs that are qualified to be imported.

Parameters:

cpeStartsWithFilter - filters CPEs based on this starting string (i.e. cpe:/a: )

getCpeStartsWithFilter

public java.lang.String getCpeStartsWithFilter()

Returns the starting string that identifies CPEs that are qualified to be imported.

Returns:

the CPE starting filter (i.e. cpe:/a: )

isCentralAnalyzerEnabled

public boolean isCentralAnalyzerEnabled()

Get the value of centralAnalyzerEnabled.

Returns:

the value of centralAnalyzerEnabled

setCentralAnalyzerEnabled

public void setCentralAnalyzerEnabled(boolean centralAnalyzerEnabled)

Set the value of centralAnalyzerEnabled.

Parameters:

centralAnalyzerEnabled - new value of centralAnalyzerEnabled

getCentralUrl

public java.lang.String getCentralUrl()

Get the value of centralUrl.

Returns:

the value of centralUrl

setCentralUrl

public void setCentralUrl(java.lang.String centralUrl)

Set the value of centralUrl.

Parameters:

centralUrl - new value of centralUrl

isNexusAnalyzerEnabled

public boolean isNexusAnalyzerEnabled()

Get the value of nexusAnalyzerEnabled.

Returns:

the value of nexusAnalyzerEnabled

setNexusAnalyzerEnabled

public void setNexusAnalyzerEnabled(boolean nexusAnalyzerEnabled)

Set the value of nexusAnalyzerEnabled.

Parameters:

nexusAnalyzerEnabled - new value of nexusAnalyzerEnabled

getNexusUrl

public java.lang.String getNexusUrl()

Get the value of nexusUrl.

Returns:

the value of nexusUrl

setNexusUrl

public void setNexusUrl(java.lang.String nexusUrl)

Set the value of nexusUrl.

Parameters:

nexusUrl - new value of nexusUrl

isNexusUsesProxy

public boolean isNexusUsesProxy()

Get the value of nexusUsesProxy.

Returns:

the value of nexusUsesProxy

setNexusUsesProxy

public void setNexusUsesProxy(boolean nexusUsesProxy)

Set the value of nexusUsesProxy.

Parameters:

nexusUsesProxy - new value of nexusUsesProxy

getDatabaseDriverName

public java.lang.String getDatabaseDriverName()

Get the value of databaseDriverName.

Returns:

the value of databaseDriverName

setDatabaseDriverName

public void setDatabaseDriverName(java.lang.String databaseDriverName)

Set the value of databaseDriverName.

Parameters:

databaseDriverName - new value of databaseDriverName

getDatabaseDriverPath

public java.lang.String getDatabaseDriverPath()

Get the value of databaseDriverPath.

Returns:

the value of databaseDriverPath

setDatabaseDriverPath

public void setDatabaseDriverPath(java.lang.String databaseDriverPath)

Set the value of databaseDriverPath.

Parameters:

databaseDriverPath - new value of databaseDriverPath

getConnectionString

public java.lang.String getConnectionString()

Get the value of connectionString.

Returns:

the value of connectionString

setConnectionString

public void setConnectionString(java.lang.String connectionString)

Set the value of connectionString.

Parameters:

connectionString - new value of connectionString

getDatabaseUser

public java.lang.String getDatabaseUser()

Get the value of databaseUser.

Returns:

the value of databaseUser

setDatabaseUser

public void setDatabaseUser(java.lang.String databaseUser)

Set the value of databaseUser.

Parameters:

databaseUser - new value of databaseUser

getDatabasePassword

public java.lang.String getDatabasePassword()

Get the value of databasePassword.

Returns:

the value of databasePassword

setDatabasePassword

public void setDatabasePassword(java.lang.String databasePassword)

Set the value of databasePassword.

Parameters:

databasePassword - new value of databasePassword

getZipExtensions

public java.lang.String getZipExtensions()

Get the value of zipExtensions.

Returns:

the value of zipExtensions

setZipExtensions

public void setZipExtensions(java.lang.String zipExtensions)

Set the value of zipExtensions.

Parameters:

zipExtensions - new value of zipExtensions

getPathToDotnetCore

public java.lang.String getPathToDotnetCore()

Get the value of pathToCore.

Returns:

the value of pathToCore

setPathToDotnetCore

public void setPathToDotnetCore(java.lang.String pathToCore)

Set the value of pathToCore.

Parameters:

pathToCore - new value of pathToCore

getPropertiesFilePath

public java.lang.String getPropertiesFilePath()

Get the value of propertiesFilePath.

Returns:

the value of propertiesFilePath

setPropertiesFilePath

public void setPropertiesFilePath(java.lang.String propertiesFilePath)

Set the value of propertiesFilePath.

Parameters:

propertiesFilePath - new value of propertiesFilePath

execute

public Engine execute()
               throws ScanAgentException

Executes the dependency-check and generates the report.

Returns:

a reference to the engine used to perform the scan.

Throws:

ScanAgentException - thrown if there is an exception executing the scan.

showSummary

public static void showSummary(Dependency[] dependencies)

Generates a warning message listing a summary of dependencies and their associated CPE and CVE entries.

Parameters:

dependencies - a list of dependency objects

showSummary

public static void showSummary(java.lang.String projectName,
                               Dependency[] dependencies)

Generates a warning message listing a summary of dependencies and their associated CPE and CVE entries.

Parameters:

projectName - the name of the project

dependencies - a list of dependency objects