com.danielsomerfield.cvecheck.GradleTaskConfigurator.groovy Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of gradle-cve-dependency-check Show documentation
CVE Checking for Gradle
There is a newer version: 0.6.2-100
Show newest version
package com.danielsomerfield.cvecheck

import com.danielsomerfield.cvecheck.gradle.CVECheckExtension
import com.danielsomerfield.cvecheck.gradle.GradleProjectScanner
import com.danielsomerfield.cvecheck.gradle.ProjectConfiguration
import com.danielsomerfield.cvecheck.gradle.ScanTask
import com.danielsomerfield.cvecheck.gradle.handlers.buildRules.*
import com.danielsomerfield.cvecheck.owaspdependencycheck.OWASPGradleProjectScanner
import com.danielsomerfield.cvecheck.owaspdependencycheck.OWASPScanResult
import com.danielsomerfield.cvecheck.owaspdependencycheck.OWASPScanningEngine
import com.danielsomerfield.cvecheck.owaspdependencycheck.ScanningEngine
import com.danielsomerfield.cvecheck.owaspdependencycheck.reporting.OWASPScanReportGenerator
import com.danielsomerfield.cvecheck.reporting.ScanReportGenerator
import com.danielsomerfield.util.Maybe
import com.danielsomerfield.util.SystemTimeSource
import com.danielsomerfield.util.TimeSource
import com.danielsomerfield.util.io.FilePathInputStreamFactory
import com.danielsomerfield.util.io.FilePathOutputStreamFactory
import com.danielsomerfield.util.io.InputStreamFactory
import com.danielsomerfield.util.io.OutputStreamFactory
import org.gradle.api.Project
import org.owasp.dependencycheck.Engine
import org.owasp.dependencycheck.data.nvdcve.CveDB
import org.owasp.dependencycheck.reporting.ReportGenerator
import org.owasp.dependencycheck.utils.Settings

class GradleTaskConfigurator {

  private static final String CVS_RUNTIME_PROPERTIES_FILE =
      "${System.getProperty("user.home")}/.cvecheck/cvecheck-runtime.properties"
  private Configuration configuration;
  private TimeSource timeSource = new SystemTimeSource();

  def GradleTaskConfigurator(Project project) {
    this.configuration = new ProjectConfiguration(project);
  }

  def configuration() {
    return configuration;
  }

  def ScanTask scanTask() {
    new ScanTask(scanner(), scanResultHandler())
  }

  def ScanResultHandler scanResultHandler() {
    configuration.scanResultHandler()
  }

  private ScanReportGenerator scanReportGenerator() {
    return new OWASPScanReportGenerator(owaspReportGenerator(), ReportGenerator.Format.VULN, vulnerabilitiesFileOut())
  }

  def OutputStreamFactory vulnerabilitiesFileOut() {
    return new FilePathOutputStreamFactory("${configuration().buildRoot()}/reports/vulnerabilities.html")
  }

  private ReportGenerator owaspReportGenerator() {
    def engine = engine()
    new ReportGenerator("vulnerability scan", engine.dependencies, engine.analyzers, cveDB().databaseProperties)
  }

  private CveDB cveDB() {
    new CveDB()
  }

  private GradleProjectScanner scanner() {
    new OWASPGradleProjectScanner(scanReportGenerator(), scanningEngine(), engineUpdate())
  }

  private ScanningEngineSourceUpdate engineUpdate() {
    return new DefaultScanningEngineSourceUpdate(configuration(), runtimeStore(), timeSource())
  }

  private RuntimeStore runtimeStore() {
    return new DefaultRuntimeStore(runtimePropertiesOut(), runtimePropertiesIn(), timeSource())
  }

  private OutputStreamFactory runtimePropertiesOut() {
    return new FilePathOutputStreamFactory(CVS_RUNTIME_PROPERTIES_FILE)
  }

  private InputStreamFactory runtimePropertiesIn() {
    new FilePathInputStreamFactory(CVS_RUNTIME_PROPERTIES_FILE)
  }


  private TimeSource timeSource() {
    return timeSource;
  }

  private ScanningEngine scanningEngine() {
    return new OWASPScanningEngine(engine())
  }

  private Engine engine() {
    Settings.initialize()
    Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
    new Engine()
  }
}