You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nutch.apache.org by le...@apache.org on 2021/02/01 00:07:02 UTC
[nutch] branch master updated: NUTCH-2840 Fix
'report-vulnerabilities' ant target in build.xml (#561)
This is an automated email from the ASF dual-hosted git repository.
lewismc pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nutch.git
The following commit(s) were added to refs/heads/master by this push:
new 66bb62a NUTCH-2840 Fix 'report-vulnerabilities' ant target in build.xml (#561)
66bb62a is described below
commit 66bb62a589ac2651771bf61b62786991e65539f8
Author: Lewis John McGibbney <le...@gmail.com>
AuthorDate: Sun Jan 31 16:06:52 2021 -0800
NUTCH-2840 Fix 'report-vulnerabilities' ant target in build.xml (#561)
* NUTCH-2840 Fix 'report-vulnerabilities' ant target in build.xml
---
.gitignore | 2 ++
build.xml | 46 ++++++++++++++++++++++-----------
ivy/dependency-check-ant/lib/.gitignore | 19 ++++++++++++++
3 files changed, 52 insertions(+), 15 deletions(-)
diff --git a/.gitignore b/.gitignore
index 6d96644..0612a99 100644
--- a/.gitignore
+++ b/.gitignore
@@ -25,3 +25,5 @@ naivebayes-model
*.iml
*.swp
csvindexwriter
+lib/spotbugs-*
+ivy/dependency-check-ant/*
diff --git a/build.xml b/build.xml
index 882a54a..02a7cdd 100644
--- a/build.xml
+++ b/build.xml
@@ -37,9 +37,11 @@
<property name="maven-javadoc-jar" value="${release.dir}/${artifactId}-${version}-javadoc.jar" />
<property name="maven-sources-jar" value="${release.dir}/${artifactId}-${version}-sources.jar" />
- <property environment="env"/>
+ <property name="dependency-check-ant.version" value="6.1.0" />
+ <property name="dependency-check-ant.home" value="${ivy.dir}/dependency-check-ant" />
+ <property name="dependency-check-ant.jar" value="${dependency-check-ant.home}/dependency-check-ant.jar" />
- <property name="dependency-check.home" value="${ivy.dir}/dependency-check-ant/"/>
+ <property environment="env"/>
<property name="spotbugs.version" value="4.2.0" />
<property name="spotbugs.home" value="${ivy.dir}/spotbugs-${spotbugs.version}" />
@@ -646,24 +648,38 @@
</target>
<!-- Check dependencies for security vulnerabilities -->
- <!-- requires installation of OWASP dependency check tool, see -->
- <!-- https://jeremylong.github.io/DependencyCheck/dependency-check-ant/index.html -->
- <!-- get http://dl.bintray.com/jeremy-long/owasp/dependency-check-ant-3.3.2-release.zip -->
- <!-- and unzip in directory ./ivy/ -->
- <path id="dependency-check.path">
- <pathelement location="${dependency-check.home}/dependency-check-ant.jar"/>
- <fileset dir="${dependency-check.home}/lib" erroronmissingdir="false">
+ <target name="dependency-check-ant-download" description="--> download dependency-check-ant jar">
+ <available file="${dependency-check-ant.jar}" property="dependency-check-ant.jar.found"/>
+ <antcall target="dependency-check-ant-download-unchecked"/>
+ </target>
+
+ <target name="dependency-check-ant-download-unchecked" unless="dependency-check-ant.jar.found"
+ description="--> downloads the dependency-check-ant binary (dependency-check-ant-*.zip).">
+ <get src="https://github.com/jeremylong/DependencyCheck/releases/download/v${dependency-check-ant.version}/dependency-check-ant-${dependency-check-ant.version}-release.zip"
+ dest="${ivy.dir}/dependency-check-ant-${dependency-check-ant.version}-release.zip" usetimestamp="false" />
+
+ <unzip src="${ivy.dir}/dependency-check-ant-${dependency-check-ant.version}-release.zip"
+ dest="${ivy.dir}">
+ </unzip>
+
+ <delete file="${ivy.dir}/dependency-check-ant-${dependency-check-ant.version}-release.zip" />
+ </target>
+
+ <path id="dependency-check-ant.path">
+ <pathelement location="${dependency-check-ant.home}/dependency-check-ant.jar"/>
+ <fileset dir="${dependency-check-ant.home}/lib">
<include name="*.jar"/>
</fileset>
</path>
- <taskdef resource="dependency-check-taskdefs.properties" onerror="ignore">
- <classpath refid="dependency-check.path" />
- </taskdef>
- <target name="report-vulnerabilities" description="--> check dependencies for security vulnerabilities">
+
+ <target name="report-vulnerabilities" depends="jar, compile-plugins, dependency-check-ant-download" description="--> check dependencies for security vulnerabilities">
+ <taskdef resource="dependency-check-taskdefs.properties">
+ <classpath refid="dependency-check-ant.path" />
+ </taskdef>
<dependency-check projectname="${name}"
- reportoutputdirectory="${build.dir}"
+ reportoutputdirectory="${dependency-check-ant.home}"
reportformat="ALL">
- <suppressionfile path="${dependency-check.home}/dependency-check-suppressions.xml" />
+ <suppressionfile path="${dependency-check-ant.home}/dependency-check-suppressions.xml" />
<retirejsFilter regex="copyright.*jeremy long" />
<fileset dir="${build.dir}">
<include name="lib/*.jar"/>
diff --git a/ivy/dependency-check-ant/lib/.gitignore b/ivy/dependency-check-ant/lib/.gitignore
new file mode 100644
index 0000000..e2dec72
--- /dev/null
+++ b/ivy/dependency-check-ant/lib/.gitignore
@@ -0,0 +1,19 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Ignore everything in this directory
+*
+# Except this file
+!.gitignore