From 8e81f58d24e4bcfe84ef326ac5774c630863b25b Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sat, 9 Nov 2024 06:05:16 -0500 Subject: [PATCH] fix: expose flag to disable version check resolves #7142 --- .../owasp/dependencycheck/taskdefs/Check.java | 26 ++++++++++++++++++- ant/src/site/markdown/configuration.md | 1 + .../java/org/owasp/dependencycheck/App.java | 2 ++ .../org/owasp/dependencycheck/CliParser.java | 6 +++++ cli/src/site/markdown/arguments.md | 3 ++- 5 files changed, 36 insertions(+), 2 deletions(-) diff --git a/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java b/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java index 39e5983564..1033ab4142 100644 --- a/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java +++ b/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java @@ -430,6 +430,10 @@ public class Check extends Update { * The Artifactory bearer token. */ private String artifactoryAnalyzerBearerToken; + /** + * Whether the version check is enabled + */ + private Boolean versionCheckEnabled; //The following code was copied Apache Ant PathConvert //BEGIN COPY from org.apache.tools.ant.taskdefs.PathConvert @@ -442,6 +446,25 @@ public class Check extends Update { */ private Reference refId = null; + /** + * Returns whether the version check is enabled. + * + * @return true if the version check is enabled; otherwise false. + */ + public Boolean getVersionCheckEnabled() { + return versionCheckEnabled; + } + + /** + * Sets whether the version check is enabled. + * + * @param versionCheckEnabled a Boolean indicating if the version check is + * enabled. + */ + public void setVersionCheckEnabled(Boolean versionCheckEnabled) { + this.versionCheckEnabled = versionCheckEnabled; + } + /** * Add an arbitrary ResourceCollection. * @@ -947,7 +970,7 @@ public Boolean isComposerAnalyzerEnabled() { public void setComposerAnalyzerEnabled(Boolean composerAnalyzerEnabled) { this.composerAnalyzerEnabled = composerAnalyzerEnabled; } - + /** * Get the value of composerAnalyzerSkipDev. * @@ -2173,6 +2196,7 @@ protected void populateSettings() throws BuildException { super.populateSettings(); getSettings().setBooleanIfNotNull(Settings.KEYS.AUTO_UPDATE, autoUpdate); getSettings().setArrayIfNotEmpty(Settings.KEYS.SUPPRESSION_FILE, suppressionFiles); + getSettings().setBooleanIfNotNull(Settings.KEYS.UPDATE_VERSION_CHECK_ENABLED, versionCheckEnabled); getSettings().setStringIfNotEmpty(Settings.KEYS.HINTS_FILE, hintsFile); getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_EXPERIMENTAL_ENABLED, enableExperimental); getSettings().setBooleanIfNotNull(Settings.KEYS.PRETTY_PRINT, prettyPrint); diff --git a/ant/src/site/markdown/configuration.md b/ant/src/site/markdown/configuration.md index a186890fa8..125c975dfa 100644 --- a/ant/src/site/markdown/configuration.md +++ b/ant/src/site/markdown/configuration.md @@ -138,6 +138,7 @@ pathToCore | The path to dotnet core .NET assembly anal golangDepEnabled | Sets whether the [experimental](../analyzers/index.html) Golang Dependency Analyzer should be used. `enableExperimental` must be set to true. | true golangModEnabled | Sets whether the [experimental](../analyzers/index.html) Goland Module Analyzer should be used; requires `go` to be installed. `enableExperimental` must be set to true. | true pathToGo | The path to `go`. |   +versionCheckEnabled | Whether dependency-check should check if a new version of dependency-check-maven exists. | true Advanced Configuration ==================== diff --git a/cli/src/main/java/org/owasp/dependencycheck/App.java b/cli/src/main/java/org/owasp/dependencycheck/App.java index ff1049ca6f..bac9da24cc 100644 --- a/cli/src/main/java/org/owasp/dependencycheck/App.java +++ b/cli/src/main/java/org/owasp/dependencycheck/App.java @@ -513,6 +513,8 @@ protected void populateSettings(CliParser cli) throws InvalidSettingException { cli.hasOption(CliParser.ARGUMENT.RETIREJS_FILTER_NON_VULNERABLE)); settings.setBoolean(Settings.KEYS.ANALYZER_JAR_ENABLED, !cli.isDisabled(CliParser.ARGUMENT.DISABLE_JAR, Settings.KEYS.ANALYZER_JAR_ENABLED)); + settings.setBoolean(Settings.KEYS.UPDATE_VERSION_CHECK_ENABLED, + !cli.isDisabled(CliParser.ARGUMENT.DISABLE_VERSION_CHECK, Settings.KEYS.UPDATE_VERSION_CHECK_ENABLED)); settings.setBoolean(Settings.KEYS.ANALYZER_MSBUILD_PROJECT_ENABLED, !cli.isDisabled(CliParser.ARGUMENT.DISABLE_MSBUILD, Settings.KEYS.ANALYZER_MSBUILD_PROJECT_ENABLED)); settings.setBoolean(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, diff --git a/cli/src/main/java/org/owasp/dependencycheck/CliParser.java b/cli/src/main/java/org/owasp/dependencycheck/CliParser.java index 46264191fc..7a02e7d87e 100644 --- a/cli/src/main/java/org/owasp/dependencycheck/CliParser.java +++ b/cli/src/main/java/org/owasp/dependencycheck/CliParser.java @@ -341,6 +341,7 @@ private void addStandardOptions(final Options options) { "The file path to write verbose logging information.")) .addOptionGroup(newOptionGroup(newOptionWithArg(ARGUMENT.SUPPRESSION_FILES, "file", "The file path to the suppression XML file. This can be specified more then once to utilize multiple suppression files"))) + .addOption(newOption(ARGUMENT.DISABLE_VERSION_CHECK, "Disables the dependency-check version check")) .addOption(newOption(ARGUMENT.EXPERIMENTAL, "Enables the experimental analyzers.")) .addOption(newOptionWithArg(ARGUMENT.NVD_API_KEY, "apiKey", "The API Key to access the NVD API.")) .addOption(newOptionWithArg(ARGUMENT.FAIL_ON_CVSS, "score", @@ -1038,6 +1039,11 @@ public static class ARGUMENT { * should not be automatically updated. */ public static final String DISABLE_AUTO_UPDATE = "noupdate"; + /** + * The long CLI argument name specifying that the version check should + * not be performed. + */ + public static final String DISABLE_VERSION_CHECK = "disableVersionCheck"; /** * The short CLI argument name specifying that the CPE/CVE/etc. data * should not be automatically updated. diff --git a/cli/src/site/markdown/arguments.md b/cli/src/site/markdown/arguments.md index 676020ce39..9eeddb4263 100644 --- a/cli/src/site/markdown/arguments.md +++ b/cli/src/site/markdown/arguments.md @@ -106,7 +106,8 @@ Advanced Options | | \-\-disableGolangMod | | Sets whether the [experimental](../analyzers/index.html) Go Mod Analyzer should be used. |   | | | \-\-disableMixAudit | | Sets whether the [experimental](../analyzers/index.html) Elixir mix audit Analyze should be used. |   | | | \-\-disablePoetry | | Sets whether the [experimental](../analyzers/index.html) Poetry Analyzer should be used. |   | -| | \-\-go | \ | The path to `go` executable for the Go Mode Analyzer; only necessary if `go` is not on the path. |   | +| | \-\-disableVersionCheck | | Sets whether dependency-check should check if a new version is available. |   | +| | \-\-go | \ | The path to `go` executable for the Go Mode Analyzer; only necessary if `go` is not on the path. |   | | | \-\-bundleAudit | | The path to the bundle-audit executable. |   | | | \-\-bundleAuditWorkingDirectory | \ | The path to working directory that the bundle-audit command should be executed from when doing Gem bundle analysis. |   | | | \-\-proxyserver | \ | The proxy server to use when downloading resources; see the [proxy configuration](../data/proxy.html) page for more information. |   |