package net.ossindex.gradle; import net.ossindex.gradle.audit.AuditorFactory; import net.ossindex.gradle.audit.DependencyAuditor; import net.ossindex.gradle.audit.MavenPackageDescriptor; import net.ossindex.gradle.audit.Proxy; import net.ossindex.gradle.input.ArtifactGatherer; import net.ossindex.gradle.input.GradleArtifact; import net.ossindex.gradle.output.AuditResultReporter; import net.ossindex.gradle.output.JunitXmlReportWriter; import net.ossindex.gradle.output.PackageTreeReporter; import org.gradle.api.GradleException; import org.gradle.api.Plugin; import org.gradle.api.Project; import org.gradle.api.Task; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.util.Collection; import java.util.LinkedList; import java.util.List; import java.util.Set; public class OssIndexPlugin implements Plugin<Project> { private JunitXmlReportWriter junitXmlReportWriter = new JunitXmlReportWriter(); public static String junitReport = null; private static AuditExtensions settings = null; private static final Logger logger = LoggerFactory.getLogger(OssIndexPlugin.class); private List<Proxy> proxies = new LinkedList<>(); private Project project = null; private AuditorFactory factory = new AuditorFactory(); public void setAuditorFactory(AuditorFactory factory) { this.factory = factory; } @Override public synchronized void apply(Project project) { logger.info("Apply OSS Index Plugin"); this.project = project; project.getExtensions().create("audit", AuditExtensions.class, project); Task audit = project.task("audit"); Proxy proxy = getProxy(project, "http"); if (proxy != null) { proxies.add(proxy); }proxy = getProxy(project, "https"); if (proxy != null) { proxies.add(proxy); } audit.doLast(this::doAudit); } /** * Get the proxy if it exists. Check 3 different places: * * 1. The build.gradle file * 2. The local properties * 3. The system properties */ private Proxy getProxy(Project project, String scheme) { Proxy proxy = new Proxy(); // Try build.gradle properties if (settings != null && scheme.equals(settings.proxyScheme) && settings.proxyHost != null) { proxy = new Proxy(); proxy.setHost(settings.proxyHost); proxy.setPort(settings.proxyPort); proxy.setUser(settings.proxyUser); proxy.setPassword(settings.proxyPassword); proxy.setNonProxyHosts(settings.nonProxyHosts); } // Try the local properties if (!proxy.isValid() && project.hasProperty(scheme + ".proxyHost")) { proxy = new Proxy(); proxy.setHost((String) project.findProperty(scheme + ".proxyHost")); Object port = project.findProperty(scheme + ".proxyPort"); proxy.setPort(port == null ? null : Integer.parseInt((String) port)); proxy.setUser((String) project.findProperty(scheme + ".proxyUser")); proxy.setPassword((String) project.findProperty(scheme + ".proxyPassword")); proxy.setNonProxyHosts((String) project.findProperty(scheme + ".nonProxyHosts")); } // Look for the system properties if (!proxy.isValid() && project.hasProperty("systemProp." + scheme + ".proxyHost")) { proxy = new Proxy(); proxy.setHost((String) project.findProperty("systemProp." + scheme + ".proxyHost")); Object port = project.findProperty("systemProp." + scheme + ".proxyPort"); proxy.setPort(port == null ? null : Integer.parseInt((String) port)); proxy.setUser((String) project.findProperty("systemProp." + scheme + ".proxyUser")); proxy.setPassword((String) project.findProperty("systemProp." + scheme + ".proxyPassword")); proxy.setNonProxyHosts((String) project.findProperty("systemProp." + scheme + ".nonProxyHosts")); } if (proxy.isValid()) { return proxy; } else { return null; } } private synchronized void doAudit(Task task) { if (this.settings == null) { this.settings = getAuditExtensions(task.getProject()); } // Mocked tests may not have settings junitReport = settings != null ? settings.junitReport : null; if (settings != null) { junitXmlReportWriter.init(junitReport); } ArtifactGatherer gatherer = factory.getGatherer(); Set<GradleArtifact> gradleArtifacts = gatherer != null ? gatherer.gatherResolvedArtifacts(task.getProject()) : null; AuditExtensions auditConfig = getAuditExtensions(task.getProject()); DependencyAuditor auditor = factory.getDependencyAuditor(auditConfig, gradleArtifacts, proxies); String tmpTask = project.getDisplayName().split(" ")[1].replaceAll("\'","") + ":audit"; AuditResultReporter reporter = new AuditResultReporter(gradleArtifacts, getAuditExtensions(task.getProject()), junitXmlReportWriter, project.getDisplayName().split(" ")[1].replaceAll("\'","") + ":audit"); logger.info(String.format("Found %s gradleArtifacts to audit", gradleArtifacts.size())); Collection<MavenPackageDescriptor> packagesWithVulnerabilities = auditor.runAudit(); try { reporter.reportResult(packagesWithVulnerabilities); } catch (GradleException e) { if (shouldFailOnError(task.getProject())) { throw e; } } finally { PackageTreeReporter treeReporter = new PackageTreeReporter(auditConfig); treeReporter.reportDependencyTree(gradleArtifacts, packagesWithVulnerabilities); if (junitReport != null) { try { junitXmlReportWriter.writeXmlReport(junitReport); junitXmlReportWriter = null; } catch (Exception e) { logger.error("ERROR: Failed to create JUnit Plugin report: " + e.getMessage()); } } } } private boolean shouldFailOnError(Project project) { return getAuditExtensions(project).failOnError; } private AuditExtensions getAuditExtensions(Project project) { return (AuditExtensions) project.getExtensions().getByName("audit"); } }