Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: 7093 add username/password properties to be able to authenticate for central.content.url and analyzer.central.url again #7169

Merged
merged 2 commits into from
Dec 2, 2024
+52 −0
Merged

fix: 7093 add username/password properties to be able to authenticate for central.content.url and analyzer.central.url again #7169

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ea3ad7b
fix: 7093 add username/password properties to be able to authenticate…
drijkersbq Nov 19, 2024
3ad6492
fix: 7093 Add cli arguments to arguments.md
drijkersbq Nov 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions cli/src/main/java/org/owasp/dependencycheck/App.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -604,6 +604,10 @@ protected void populateSettings(CliParser cli) throws InvalidSettingException {
cli.hasOption(CliParser.ARGUMENT.ENABLE_NEXUS));
settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_CENTRAL_URL,
cli.getStringArgument(CliParser.ARGUMENT.CENTRAL_URL));
settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_CENTRAL_USER,
cli.getStringArgument(CliParser.ARGUMENT.CENTRAL_USERNAME));
settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_CENTRAL_PASSWORD,
cli.getStringArgument(CliParser.ARGUMENT.CENTRAL_PASSWORD));
settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_URL,
cli.getStringArgument(CliParser.ARGUMENT.OSSINDEX_URL));
settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_USER,
Expand Down
8 changes: 8 additions & 0 deletions cli/src/main/java/org/owasp/dependencycheck/CliParser.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1360,6 +1360,14 @@ public static class ARGUMENT {
* The alternative URL for Maven Central Search.
*/
public static final String CENTRAL_URL = "centralUrl";
/**
* The username for the alternative Maven Central Search.
*/
public static final String CENTRAL_USERNAME = "centralUsername";
/**
* The password for the alternative Maven Central Search.
*/
public static final String CENTRAL_PASSWORD = "centralPassword";
/**
* Disables the Nexus Analyzer.
*/
Expand Down
2 changes: 2 additions & 0 deletions cli/src/site/markdown/arguments.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,8 @@ Advanced Options
| | \-\-disableCentral | | Sets whether the Central Analyzer will be used. **Disabling this analyzer is not recommended as it could lead to false negatives (e.g. libraries that have vulnerabilities may not be reported correctly).** If this analyzer is being disabled there is a good chance you also want to disable the Artifactory or Nexus Analyzer. |   |
| | \-\-disableCentralCache | | When the argument is present the Central Analyzer will not cache results locally. By default results are cached locally for 30 days. |   |
| | \-\-centralUrl | | Alternative URL for Maven Central Search. If not set the public Sonatype Maven Central will be used. | https://search.maven.org/solrsearch/select |
| | \-\-centralUsername | | The username to authenticate to the alternative Maven Central url set by the 'centralUrl' argument. If not set it will use an unauthenticated connection. |   |
| | \-\-centralPassword | | The password to authenticate to the alternative Maven Central url set by the 'centralUrl' argument. If not set it will use an unauthenticated connection. |   |
| | \-\-enableNexus | | Sets whether the Nexus Analyzer will be used (requires Nexus v2 or Pro v3). You can configure the Nexus URL to utilize an internally hosted Nexus server. |   |
| | \-\-enableArtifactory | | Sets whether Artifactory analyzer will be used |   |
| | \-\-artifactoryUrl | \<url\> | The Artifactory server URL. | &nbsp; |
Expand Down
22 changes: 22 additions & 0 deletions utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,6 +175,8 @@ public void configure(Settings settings) throws InvalidSettingException {
tryAddHostedSuppressionCredentials(settings, credentialsProvider);
tryAddKEVCredentials(settings, credentialsProvider);
tryAddNexusAnalyzerCredentials(settings, credentialsProvider);
tryAddCentralAnalyzerCredentials(settings, credentialsProvider);
tryAddCentralContentCredentials(settings, credentialsProvider);
tryAddNVDApiDatafeed(settings, credentialsProvider);
httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
httpClientBuilderExplicitNoproxy.setDefaultCredentialsProvider(credentialsProvider);
Expand Down Expand Up @@ -220,6 +222,26 @@ private void tryAddNexusAnalyzerCredentials(Settings settings, CredentialsStore
}
}

private void tryAddCentralAnalyzerCredentials(Settings settings, CredentialsStore credentialsStore) throws InvalidSettingException {
if (settings.getString(Settings.KEYS.ANALYZER_CENTRAL_PASSWORD) != null) {
addUserPasswordCreds(settings, credentialsStore,
Settings.KEYS.ANALYZER_CENTRAL_USER,
Settings.KEYS.ANALYZER_CENTRAL_URL,
Settings.KEYS.ANALYZER_CENTRAL_PASSWORD,
"Central Analyzer");
}
}

private void tryAddCentralContentCredentials(Settings settings, CredentialsStore credentialsStore) throws InvalidSettingException {
if (settings.getString(Settings.KEYS.CENTRAL_CONTENT_PASSWORD) != null) {
addUserPasswordCreds(settings, credentialsStore,
Settings.KEYS.CENTRAL_CONTENT_USER,
Settings.KEYS.CENTRAL_CONTENT_URL,
Settings.KEYS.CENTRAL_CONTENT_PASSWORD,
"Central Content");
}
}

private void tryAddNVDApiDatafeed(Settings settings, CredentialsStore credentialsStore) throws InvalidSettingException {
if (settings.getString(Settings.KEYS.NVD_API_DATAFEED_PASSWORD) != null) {
addUserPasswordCreds(settings, credentialsStore,
Expand Down
16 changes: 16 additions & 0 deletions utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -620,6 +620,14 @@ public static final class KEYS {
* Key for the URL to obtain content from Maven Central.
*/
public static final String CENTRAL_CONTENT_URL = "central.content.url";
/**
* Key for the Username to obtain content from Maven Central.
*/
public static final String CENTRAL_CONTENT_USER = "central.content.username";
/**
* Key for the Password to obtain content from Maven Central.
*/
public static final String CENTRAL_CONTENT_PASSWORD = "central.content.password";
/**
* The properties key for whether the Central analyzer should use
* parallel processing.
Expand Down Expand Up @@ -656,6 +664,14 @@ public static final class KEYS {
* The properties key for the Central search URL.
*/
public static final String ANALYZER_CENTRAL_URL = "analyzer.central.url";
/**
* The properties key for the Central search username.
*/
public static final String ANALYZER_CENTRAL_USER = "analyzer.central.username";
/**
* The properties key for the Central search password.
*/
public static final String ANALYZER_CENTRAL_PASSWORD = "analyzer.central.password";
/**
* The properties key for the Central search query.
*/
Expand Down