Skip to content

Commit

Permalink
fix: 7093 add username/password properties to be able to authenticate…
Browse files Browse the repository at this point in the history 
… for central.content.url and analyzer.central.url again (#7169)
  • Loading branch information
@drijkersbq
drijkersbq authored Dec 2, 2024
1 parent 6a13d58 commit 20e344c
Show file tree
Hide file tree
Showing 5 changed files with 52 additions and 0 deletions.
4 changes: 4 additions & 0 deletions cli/src/main/java/org/owasp/dependencycheck/App.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -604,6 +604,10 @@ protected void populateSettings(CliParser cli) throws InvalidSettingException {
cli.hasOption(CliParser.ARGUMENT.ENABLE_NEXUS));
settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_CENTRAL_URL,
cli.getStringArgument(CliParser.ARGUMENT.CENTRAL_URL));
settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_CENTRAL_USER,
cli.getStringArgument(CliParser.ARGUMENT.CENTRAL_USERNAME));
settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_CENTRAL_PASSWORD,
cli.getStringArgument(CliParser.ARGUMENT.CENTRAL_PASSWORD));
settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_URL,
cli.getStringArgument(CliParser.ARGUMENT.OSSINDEX_URL));
settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_USER,
Expand Down
8 changes: 8 additions & 0 deletions cli/src/main/java/org/owasp/dependencycheck/CliParser.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1360,6 +1360,14 @@ public static class ARGUMENT {
* The alternative URL for Maven Central Search.
*/
public static final String CENTRAL_URL = "centralUrl";
/**
* The username for the alternative Maven Central Search.
*/
public static final String CENTRAL_USERNAME = "centralUsername";
/**
* The password for the alternative Maven Central Search.
*/
public static final String CENTRAL_PASSWORD = "centralPassword";
/**
* Disables the Nexus Analyzer.
*/
Expand Down
2 changes: 2 additions & 0 deletions cli/src/site/markdown/arguments.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,8 @@ Advanced Options
| | \-\-disableCentral | | Sets whether the Central Analyzer will be used. **Disabling this analyzer is not recommended as it could lead to false negatives (e.g. libraries that have vulnerabilities may not be reported correctly).** If this analyzer is being disabled there is a good chance you also want to disable the Artifactory or Nexus Analyzer. |   |
| | \-\-disableCentralCache | | When the argument is present the Central Analyzer will not cache results locally. By default results are cached locally for 30 days. |   |
| | \-\-centralUrl | | Alternative URL for Maven Central Search. If not set the public Sonatype Maven Central will be used. | https://search.maven.org/solrsearch/select |
| | \-\-centralUsername | | The username to authenticate to the alternative Maven Central url set by the 'centralUrl' argument. If not set it will use an unauthenticated connection. |   |
| | \-\-centralPassword | | The password to authenticate to the alternative Maven Central url set by the 'centralUrl' argument. If not set it will use an unauthenticated connection. |   |
| | \-\-enableNexus | | Sets whether the Nexus Analyzer will be used (requires Nexus v2 or Pro v3). You can configure the Nexus URL to utilize an internally hosted Nexus server. |   |
| | \-\-enableArtifactory | | Sets whether Artifactory analyzer will be used |   |
| | \-\-artifactoryUrl | \<url\> | The Artifactory server URL. | &nbsp; |
Expand Down
22 changes: 22 additions & 0 deletions utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,6 +175,8 @@ public void configure(Settings settings) throws InvalidSettingException {
tryAddHostedSuppressionCredentials(settings, credentialsProvider);
tryAddKEVCredentials(settings, credentialsProvider);
tryAddNexusAnalyzerCredentials(settings, credentialsProvider);
tryAddCentralAnalyzerCredentials(settings, credentialsProvider);
tryAddCentralContentCredentials(settings, credentialsProvider);
tryAddNVDApiDatafeed(settings, credentialsProvider);
httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
httpClientBuilderExplicitNoproxy.setDefaultCredentialsProvider(credentialsProvider);
Expand Down Expand Up @@ -220,6 +222,26 @@ private void tryAddNexusAnalyzerCredentials(Settings settings, CredentialsStore
}
}

private void tryAddCentralAnalyzerCredentials(Settings settings, CredentialsStore credentialsStore) throws InvalidSettingException {
if (settings.getString(Settings.KEYS.ANALYZER_CENTRAL_PASSWORD) != null) {
addUserPasswordCreds(settings, credentialsStore,
Settings.KEYS.ANALYZER_CENTRAL_USER,
Settings.KEYS.ANALYZER_CENTRAL_URL,
Settings.KEYS.ANALYZER_CENTRAL_PASSWORD,
"Central Analyzer");
}
}

private void tryAddCentralContentCredentials(Settings settings, CredentialsStore credentialsStore) throws InvalidSettingException {
if (settings.getString(Settings.KEYS.CENTRAL_CONTENT_PASSWORD) != null) {
addUserPasswordCreds(settings, credentialsStore,
Settings.KEYS.CENTRAL_CONTENT_USER,
Settings.KEYS.CENTRAL_CONTENT_URL,
Settings.KEYS.CENTRAL_CONTENT_PASSWORD,
"Central Content");
}
}

private void tryAddNVDApiDatafeed(Settings settings, CredentialsStore credentialsStore) throws InvalidSettingException {
if (settings.getString(Settings.KEYS.NVD_API_DATAFEED_PASSWORD) != null) {
addUserPasswordCreds(settings, credentialsStore,
Expand Down
16 changes: 16 additions & 0 deletions utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -620,6 +620,14 @@ public static final class KEYS {
* Key for the URL to obtain content from Maven Central.
*/
public static final String CENTRAL_CONTENT_URL = "central.content.url";
/**
* Key for the Username to obtain content from Maven Central.
*/
public static final String CENTRAL_CONTENT_USER = "central.content.username";
/**
* Key for the Password to obtain content from Maven Central.
*/
public static final String CENTRAL_CONTENT_PASSWORD = "central.content.password";
/**
* The properties key for whether the Central analyzer should use
* parallel processing.
Expand Down Expand Up @@ -656,6 +664,14 @@ public static final class KEYS {
* The properties key for the Central search URL.
*/
public static final String ANALYZER_CENTRAL_URL = "analyzer.central.url";
/**
* The properties key for the Central search username.
*/
public static final String ANALYZER_CENTRAL_USER = "analyzer.central.username";
/**
* The properties key for the Central search password.
*/
public static final String ANALYZER_CENTRAL_PASSWORD = "analyzer.central.password";
/**
* The properties key for the Central search query.
*/
Expand Down

0 comments on commit 20e344c

Please sign in to comment.