org.owasp.dependencycheck.maven.Mshared998Util Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of dependency-check-maven Show documentation

dependency-check-maven is a Maven Plugin that uses dependency-check-core to detect publicly disclosed vulnerabilities associated with the project's dependencies. The plugin will generate a report listing the dependency, any identified Common Platform Enumeration (CPE) identifiers, and the associated Common Vulnerability and Exposure (CVE) entries.

The newest version!

/*
 * This file is part of dependency-check-maven.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * Copyright (c) 2021 Jeremy Long. All Rights Reserved.
 */
package org.owasp.dependencycheck.maven;

import org.apache.maven.RepositoryUtils;
import org.apache.maven.shared.transfer.artifact.resolve.ArtifactResult;
import org.eclipse.aether.resolution.DependencyResolutionException;
import org.eclipse.aether.resolution.DependencyResult;

import java.util.ArrayList;
import java.util.List;

public final class Mshared998Util {

    /**
     * Empty constructor to prevent instantiation of utility-class.
     */
    private Mshared998Util() {
    }

    /**
     * Get the list of ArtifactResults from a resolution that ran into an exception.
     *
     * @param adre
     *         The DependencyResolutionException that might have embedded resolution results
     *
     * @return The list of ArtifactResults created from the dependencyResult of the exception.
     */
    public static List getResolutionResults(DependencyResolutionException adre) {
        final DependencyResult dependencyResult = adre.getResult();
        final List results = new ArrayList<>();
        if (dependencyResult != null) {
            for (org.eclipse.aether.resolution.ArtifactResult artifactResult : dependencyResult.getArtifactResults()) {
                results.add(new M31ArtifactResult(artifactResult));
            }
        }
        return results;
    }

    /**
     * Our own implementation of ArtifactResult because MShared library does not expose the
     * transformation from eclipse aether ArtifactResult to maven-shared ArtifactResult.
     * So we cannot reuse Maven's own implementation in
     * org.apache.maven.shared.transfer.artifact.resolve.internal
     * This class is a copy of it, but then hard-bound to eclipse aether implementation
     * as DependencyCheck is already not compatible with maven 3.0
     */
    static class M31ArtifactResult implements ArtifactResult {

        /**
         * The ArtifactResult of the Maven 3.1+ artifact resolution
         * implementation library (Eclipse Aether) that is wrapped by this instance
         */
        private final org.eclipse.aether.resolution.ArtifactResult artifactResult;

        /**
         * @param artifactResult
         *         {@link ArtifactResult}
         */
        M31ArtifactResult(org.eclipse.aether.resolution.ArtifactResult artifactResult) {
            this.artifactResult = artifactResult;
        }

        @Override
        public org.apache.maven.artifact.Artifact getArtifact() {
            return RepositoryUtils.toArtifact(artifactResult.getArtifact());
        }
    }
}