From f6782e4f69e50b0e9f5a20bad19b02cf59ba8730 Mon Sep 17 00:00:00 2001 From: mgroth0 Date: Fri, 18 Oct 2024 13:27:37 -0400 Subject: [PATCH] reduce usages of at execution time and document methods running at execution time --- .../gradle/tasks/AbstractAnalyze.groovy | 16 +++++++++++++--- .../gradle/tasks/Aggregate.groovy | 1 + .../dependencycheck/gradle/tasks/Analyze.groovy | 1 + 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/AbstractAnalyze.groovy b/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/AbstractAnalyze.groovy index f8acf5a..fbae706 100644 --- a/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/AbstractAnalyze.groovy +++ b/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/AbstractAnalyze.groovy @@ -65,6 +65,14 @@ abstract class AbstractAnalyze extends ConfiguredTask { @Internal String currentProjectName = project.getName() + @Internal + String currentProjectGroup = project.getGroup() + + @Internal + String currentProjectVersion = project.getVersion().toString() + + + /** * Gets the projects display name. Project.getDisplayName() has been * introduced with Gradle 3.3, thus we need to check for the method's @@ -123,8 +131,8 @@ abstract class AbstractAnalyze extends ConfiguredTask { try { String name = currentProjectName String displayName = currentProjectDisplayName - String groupId = project.getGroup() - String version = project.getVersion().toString() + String groupId = currentProjectGroup + String version = currentProjectVersion File output = new File(config.outputDirectory) for (String f : getReportFormats(config.format, config.formats)) { engine.writeReports(displayName, groupId, name, version, output, f, exCol) @@ -219,6 +227,7 @@ abstract class AbstractAnalyze extends ConfiguredTask { /** * Loads the projects dependencies into the dependency-check analysis engine. + * Runs at execution time */ abstract scanDependencies(Engine engine) @@ -404,6 +413,7 @@ abstract class AbstractAnalyze extends ConfiguredTask { /** * Process the incoming artifacts for the given project's configurations. + * Runs at execution time. * @param project the project to analyze * @param engine the dependency-check engine */ @@ -416,7 +426,7 @@ abstract class AbstractAnalyze extends ConfiguredTask { if (CUTOVER_GRADLE_VERSION.compareTo(GradleVersion.current()) > 0) { processConfigLegacy configuration, engine } else { - processConfigV4 project.name, configuration, engine, true + processConfigV4 currentProjectName, configuration, engine, true } } } diff --git a/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/Aggregate.groovy b/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/Aggregate.groovy index 96877c6..1c348fd 100644 --- a/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/Aggregate.groovy +++ b/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/Aggregate.groovy @@ -39,6 +39,7 @@ class Aggregate extends AbstractAnalyze { /** * Loads the projects dependencies into the dependency-check analysis engine. + * Runs at execution time */ def scanDependencies(Engine engine) { logger.lifecycle("Verifying dependencies for project ${currentProjectName}") diff --git a/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/Analyze.groovy b/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/Analyze.groovy index c1d2d4a..f13b4a6 100644 --- a/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/Analyze.groovy +++ b/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/Analyze.groovy @@ -41,6 +41,7 @@ class Analyze extends AbstractAnalyze { /** * Loads the projects dependencies into the dependency-check analysis engine. + * Runs at execution time */ def scanDependencies(Engine engine) { if (shouldBeScanned(currentProjectPath) && !shouldBeSkipped(currentProjectPath)) {