Class: Pipeline::OWASPDependencyCheck
Instance Attribute Summary
Attributes inherited from BaseTask
#appname, #description, #findings, #labels, #name, #stage, #trigger, #warnings
Instance Method Summary
collapse
Methods included from Util
#fingerprint, #relative_path, #runsystem, #strip_archive_path
Methods inherited from BaseTask
#report, #severity, #warn
Constructor Details
Returns a new instance of OWASPDependencyCheck.
76
77
78
79
80
81
82
|
# File 'lib/pipeline/tasks/owasp-dep-check.rb', line 76
def initialize(trigger,tracker)
super(trigger,tracker)
@name = "OWASP Dependency Check"
@description = "Dependency analysis for Java and .NET"
@stage = :code
@labels << "code" << "java" << ".net"
end
|
Instance Method Details
#analyze ⇒ Object
90
91
92
93
94
95
96
97
98
99
100
|
# File 'lib/pipeline/tasks/owasp-dep-check.rb', line 90
def analyze
path = @trigger.path + "/dependency-check-report.xml"
begin
Pipeline.debug "Parsing report #{path}"
get_warnings(path)
rescue Exception => e
Pipeline.notify "Problem running OWASP Dep Check ... skipped."
Pipeline.notify e.message
raise e
end
end
|
#get_warnings(path) ⇒ Object
112
113
114
115
116
|
# File 'lib/pipeline/tasks/owasp-dep-check.rb', line 112
def get_warnings(path)
listener = Pipeline::DepCheckListener.new(self)
parser = Parsers::StreamParser.new(File.new(path), listener)
parser.parse
end
|
#run ⇒ Object
84
85
86
87
88
|
# File 'lib/pipeline/tasks/owasp-dep-check.rb', line 84
def run
Pipeline.notify "#{@name}"
rootpath = @trigger.path
@result= runsystem(true, "/home/pipe/line/tools/dependency-check/bin/dependency-check.sh", "-a", "pipeline", "-f", "XML", "-out", "#{rootpath}", "-s", "#{rootpath}")
end
|
#supported? ⇒ Boolean
102
103
104
105
106
107
108
109
110
|
# File 'lib/pipeline/tasks/owasp-dep-check.rb', line 102
def supported?
supported=runsystem(true, "/home/pipe/line/tools//dependency-check/bin/dependency-check.sh", "-v")
if supported =~ /command not found/
Pipeline.notify "Install dependency-check."
return false
else
return true
end
end
|