Skip to content

Commit

Permalink
reduce usages of in task action
Browse files Browse the repository at this point in the history
  • Loading branch information
mgroth0 committed Sep 6, 2024
1 parent fd54350 commit b6c4a56
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 28 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,16 @@ abstract class AbstractAnalyze extends ConfiguredTask {

@Internal
String currentProjectName = project.getName()

/**
* Gets the projects display name. Project.getDisplayName() has been
* introduced with Gradle 3.3, thus we need to check for the method's
* existence first. Fallback: use project NAME
* @return the display name
*/
@Internal
String currentProjectDisplayName = project.metaClass.respondsTo(project, "getDisplayName") ? project.getDisplayName() : project.getName()

@Internal
Attribute artifactType = Attribute.of('artifactType', String)
// @Internal
Expand Down Expand Up @@ -111,11 +121,11 @@ abstract class AbstractAnalyze extends ConfiguredTask {

logger.lifecycle("Generating report for project ${currentProjectName}")
try {
String name = project.getName()
String displayName = determineDisplayName()
String name = currentProjectName
String displayName = currentProjectDisplayName
String groupId = project.getGroup()
String version = project.getVersion().toString()
File output = project.file(config.outputDirectory)
File output = new File(config.outputDirectory)
for (String f : getReportFormats(config.format, config.formats)) {
engine.writeReports(displayName, groupId, name, version, output, f, exCol)
}
Expand Down Expand Up @@ -145,15 +155,6 @@ abstract class AbstractAnalyze extends ConfiguredTask {
}
}

/**
* Gets the projects display name. Project.getDisplayName() has been
* introduced with Gradle 3.3, thus we need to check for the method's
* existence first. Fallback: use project NAME
* @return the display name
*/
String determineDisplayName() {
return project.metaClass.respondsTo(project, "getDisplayName") ? project.getDisplayName() : project.getName()
}
/**
* Verifies aspects of the configuration to ensure dependency-check can run correctly.
*/
Expand Down Expand Up @@ -232,7 +233,7 @@ abstract class AbstractAnalyze extends ConfiguredTask {

logger.warn("Found ${vulnerabilities.size()} vulnerabilities in project ${currentProjectName}")
if (config.showSummary) {
DependencyCheckScanAgent.showSummary(project.name, engine.getDependencies());
DependencyCheckScanAgent.showSummary(currentProjectName, engine.getDependencies());
}
}

Expand Down Expand Up @@ -301,17 +302,17 @@ abstract class AbstractAnalyze extends ConfiguredTask {
* project's path.
*/
@groovy.transform.CompileStatic
def shouldBeScanned(Project project) {
!config.scanProjects || config.scanProjects.contains(project.path)
def shouldBeScanned(String projectPath) {
!config.scanProjects || config.scanProjects.contains(projectPath)
}

/**
* Checks whether the given project should be skipped
* because skipProjects contains the project's path.
*/
@groovy.transform.CompileStatic
def shouldBeSkipped(Project project) {
config.skipProjects.contains(project.path)
def shouldBeSkipped(String projectPath) {
config.skipProjects.contains(projectPath)
}

/**
Expand Down Expand Up @@ -415,7 +416,7 @@ abstract class AbstractAnalyze extends ConfiguredTask {
if (CUTOVER_GRADLE_VERSION.compareTo(GradleVersion.current()) > 0) {
processConfigLegacy configuration, engine
} else {
processConfigV4 project, configuration, engine, true
processConfigV4 project.name, configuration, engine, true
}
}
}
Expand All @@ -434,7 +435,7 @@ abstract class AbstractAnalyze extends ConfiguredTask {
if (CUTOVER_GRADLE_VERSION.compareTo(GradleVersion.current()) > 0) {
processConfigLegacy configuration, engine
} else {
processConfigV4 project, configuration, engine
processConfigV4 currentProjectName, configuration, engine
}
}
if (config.scanSet == null) {
Expand All @@ -443,18 +444,18 @@ abstract class AbstractAnalyze extends ConfiguredTask {
'./npm-shrinkwrap.json', './yarn.lock',
'./pnpm.lock', 'pnpm-lock.yaml', './Gopkg.lock', './go.mod']
toScan.each {
File f = project.file it
File f = new File(it)
if (f.exists()) {
engine.scan(f, project.name)
engine.scan(f, currentProjectName)
}
}
} else {
config.scanSet.each {
File f = project.file it
File f = it
if (f.exists()) {
engine.scan(f, project.name)
engine.scan(f, currentProjectName)
} else {
logger.warn("ScanSet file `${f}` does not exist in ${project.name}")
logger.warn("ScanSet file `${f}` does not exist in ${currentProjectName}")
}
}
}
Expand Down Expand Up @@ -550,8 +551,7 @@ abstract class AbstractAnalyze extends ConfiguredTask {
* @param engine the dependency-check engine
* @param scanningBuildEnv true if scanning the build environment; otherwise false
*/
protected void processConfigV4(Project project, Configuration configuration, Engine engine, boolean scanningBuildEnv = false) {
String projectName = project.name
protected void processConfigV4(String projectName, Configuration configuration, Engine engine, boolean scanningBuildEnv = false) {
String scope = "$projectName:$configuration.name"
if (scanningBuildEnv) {
scope += " (buildEnv)"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ class Aggregate extends AbstractAnalyze {

private def scanProject(Set<Project> projects, Engine engine) {
projects.each { Project project ->
if (shouldBeScanned(project) && !shouldBeSkipped(project)) {
if (shouldBeScanned(project.path) && !shouldBeSkipped(project.path)) {
if (this.config.scanDependencies) {
processConfigurations(project, engine)
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@

package org.owasp.dependencycheck.gradle.tasks

import org.gradle.api.tasks.Internal
import org.owasp.dependencycheck.Engine

/**
Expand All @@ -26,6 +27,9 @@ import org.owasp.dependencycheck.Engine
@groovy.transform.CompileStatic
class Analyze extends AbstractAnalyze {

@Internal
String currentProjectPath = project.path

Analyze() {
group = 'OWASP dependency-check'
description = 'Identifies and reports known vulnerabilities (CVEs) in project dependencies.'
Expand All @@ -39,7 +43,7 @@ class Analyze extends AbstractAnalyze {
* Loads the projects dependencies into the dependency-check analysis engine.
*/
def scanDependencies(Engine engine) {
if (shouldBeScanned(project) && !shouldBeSkipped(project)) {
if (shouldBeScanned(currentProjectPath) && !shouldBeSkipped(currentProjectPath)) {
logger.lifecycle("Verifying dependencies for project ${currentProjectName}")
if (this.config.scanDependencies) {
processConfigurations(project, engine)
Expand Down

0 comments on commit b6c4a56

Please sign in to comment.