From ea3ad7b5269c0ee7941251964ee1c642920df2b7 Mon Sep 17 00:00:00 2001 From: Daan Rijkers Date: Tue, 19 Nov 2024 15:23:01 +0100 Subject: [PATCH] fix: 7093 add username/password properties to be able to authenticate for central.content.url and analyzer.central.url again --- .../java/org/owasp/dependencycheck/App.java | 4 ++++ .../org/owasp/dependencycheck/CliParser.java | 8 +++++++ .../dependencycheck/utils/Downloader.java | 22 +++++++++++++++++++ .../owasp/dependencycheck/utils/Settings.java | 16 ++++++++++++++ 4 files changed, 50 insertions(+) diff --git a/cli/src/main/java/org/owasp/dependencycheck/App.java b/cli/src/main/java/org/owasp/dependencycheck/App.java index bac9da24cc3..2b176c96d31 100644 --- a/cli/src/main/java/org/owasp/dependencycheck/App.java +++ b/cli/src/main/java/org/owasp/dependencycheck/App.java @@ -604,6 +604,10 @@ protected void populateSettings(CliParser cli) throws InvalidSettingException { cli.hasOption(CliParser.ARGUMENT.ENABLE_NEXUS)); settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_CENTRAL_URL, cli.getStringArgument(CliParser.ARGUMENT.CENTRAL_URL)); + settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_CENTRAL_USER, + cli.getStringArgument(CliParser.ARGUMENT.CENTRAL_USERNAME)); + settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_CENTRAL_PASSWORD, + cli.getStringArgument(CliParser.ARGUMENT.CENTRAL_PASSWORD)); settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_URL, cli.getStringArgument(CliParser.ARGUMENT.OSSINDEX_URL)); settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_USER, diff --git a/cli/src/main/java/org/owasp/dependencycheck/CliParser.java b/cli/src/main/java/org/owasp/dependencycheck/CliParser.java index 7a02e7d87e6..4afa1c479ab 100644 --- a/cli/src/main/java/org/owasp/dependencycheck/CliParser.java +++ b/cli/src/main/java/org/owasp/dependencycheck/CliParser.java @@ -1360,6 +1360,14 @@ public static class ARGUMENT { * The alternative URL for Maven Central Search. */ public static final String CENTRAL_URL = "centralUrl"; + /** + * The username for the alternative Maven Central Search. + */ + public static final String CENTRAL_USERNAME = "centralUsername"; + /** + * The password for the alternative Maven Central Search. + */ + public static final String CENTRAL_PASSWORD = "centralPassword"; /** * Disables the Nexus Analyzer. */ diff --git a/utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java b/utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java index 2647b900140..de2f955cec9 100644 --- a/utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java +++ b/utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java @@ -175,6 +175,8 @@ public void configure(Settings settings) throws InvalidSettingException { tryAddHostedSuppressionCredentials(settings, credentialsProvider); tryAddKEVCredentials(settings, credentialsProvider); tryAddNexusAnalyzerCredentials(settings, credentialsProvider); + tryAddCentralAnalyzerCredentials(settings, credentialsProvider); + tryAddCentralContentCredentials(settings, credentialsProvider); tryAddNVDApiDatafeed(settings, credentialsProvider); httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider); httpClientBuilderExplicitNoproxy.setDefaultCredentialsProvider(credentialsProvider); @@ -220,6 +222,26 @@ private void tryAddNexusAnalyzerCredentials(Settings settings, CredentialsStore } } + private void tryAddCentralAnalyzerCredentials(Settings settings, CredentialsStore credentialsStore) throws InvalidSettingException { + if (settings.getString(Settings.KEYS.ANALYZER_CENTRAL_PASSWORD) != null) { + addUserPasswordCreds(settings, credentialsStore, + Settings.KEYS.ANALYZER_CENTRAL_USER, + Settings.KEYS.ANALYZER_CENTRAL_URL, + Settings.KEYS.ANALYZER_CENTRAL_PASSWORD, + "Central Analyzer"); + } + } + + private void tryAddCentralContentCredentials(Settings settings, CredentialsStore credentialsStore) throws InvalidSettingException { + if (settings.getString(Settings.KEYS.CENTRAL_CONTENT_PASSWORD) != null) { + addUserPasswordCreds(settings, credentialsStore, + Settings.KEYS.CENTRAL_CONTENT_USER, + Settings.KEYS.CENTRAL_CONTENT_URL, + Settings.KEYS.CENTRAL_CONTENT_PASSWORD, + "Central Content"); + } + } + private void tryAddNVDApiDatafeed(Settings settings, CredentialsStore credentialsStore) throws InvalidSettingException { if (settings.getString(Settings.KEYS.NVD_API_DATAFEED_PASSWORD) != null) { addUserPasswordCreds(settings, credentialsStore, diff --git a/utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java index ed5a48142da..d8c48eab53e 100644 --- a/utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -620,6 +620,14 @@ public static final class KEYS { * Key for the URL to obtain content from Maven Central. */ public static final String CENTRAL_CONTENT_URL = "central.content.url"; + /** + * Key for the Username to obtain content from Maven Central. + */ + public static final String CENTRAL_CONTENT_USER = "central.content.username"; + /** + * Key for the Password to obtain content from Maven Central. + */ + public static final String CENTRAL_CONTENT_PASSWORD = "central.content.password"; /** * The properties key for whether the Central analyzer should use * parallel processing. @@ -656,6 +664,14 @@ public static final class KEYS { * The properties key for the Central search URL. */ public static final String ANALYZER_CENTRAL_URL = "analyzer.central.url"; + /** + * The properties key for the Central search username. + */ + public static final String ANALYZER_CENTRAL_USER = "analyzer.central.username"; + /** + * The properties key for the Central search password. + */ + public static final String ANALYZER_CENTRAL_PASSWORD = "analyzer.central.password"; /** * The properties key for the Central search query. */