Class: Pipeline::OWASPDependencyCheck

Inherits:

BaseTask

• Object
• BaseTask
• Pipeline::OWASPDependencyCheck

Includes:

Util

Defined in:

lib/pipeline/tasks/owasp-dep-check.rb

Instance Attribute Summary

Attributes inherited from BaseTask

#appname, #description, #findings, #labels, #name, #stage, #trigger, #warnings

Instance Method Summary

• #analyze ⇒ Object
• #get_warnings(path) ⇒ Object
• #initialize(trigger, tracker) ⇒ OWASPDependencyCheck constructor

  A new instance of OWASPDependencyCheck.

• #run ⇒ Object
• #supported? ⇒ Boolean

Methods included from Util

#fingerprint, #relative_path, #runsystem, #strip_archive_path

Methods inherited from BaseTask

#directories_with?, #report, #severity, #warn

Constructor Details

#initialize(trigger, tracker) ⇒ OWASPDependencyCheck

Returns a new instance of OWASPDependencyCheck.

# File 'lib/pipeline/tasks/owasp-dep-check.rb', line 76

def initialize(trigger,tracker)
  super(trigger,tracker)
  @name = "OWASP Dependency Check"
  @description = "Dependency analysis for Java and .NET"
  @stage = :code
  @labels << "code" << "java" << ".net"
end

Instance Method Details

#analyze ⇒ Object

# File 'lib/pipeline/tasks/owasp-dep-check.rb', line 90

def analyze
  path = @trigger.path + "/dependency-check-report.xml"
  begin
    Pipeline.debug "Parsing report #{path}"
    get_warnings(path)
  rescue Exception => e
    Pipeline.notify "Problem running OWASP Dep Check ... skipped."
    Pipeline.notify e.message
    raise e
  end
end

#get_warnings(path) ⇒ Object

# File 'lib/pipeline/tasks/owasp-dep-check.rb', line 112

def get_warnings(path)
  listener = Pipeline::DepCheckListener.new(self)
  parser = Parsers::StreamParser.new(File.new(path), listener)
  parser.parse
end

#run ⇒ Object

# File 'lib/pipeline/tasks/owasp-dep-check.rb', line 84

def run
  Pipeline.notify "#{@name}"
  rootpath = @trigger.path
  @result= runsystem(true, "/home/pipe/line/tools/dependency-check/bin/dependency-check.sh", "-a", "pipeline", "-f", "XML", "-out", "#{rootpath}", "-s", "#{rootpath}")
end

#supported? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/pipeline/tasks/owasp-dep-check.rb', line 102

def supported?
  supported=runsystem(true, "/home/pipe/line/tools//dependency-check/bin/dependency-check.sh", "-v")
  if supported =~ /command not found/
    Pipeline.notify "Install dependency-check."
    return false
  else
    return true
  end
end