This is an automated email from the ASF dual-hosted git repository. lewismc pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nutch.git
The following commit(s) were added to refs/heads/master by this push: new 66bb62a NUTCH-2840 Fix 'report-vulnerabilities' ant target in build.xml (#561) 66bb62a is described below commit 66bb62a589ac2651771bf61b62786991e65539f8 Author: Lewis John McGibbney <lewis.mcgibb...@gmail.com> AuthorDate: Sun Jan 31 16:06:52 2021 -0800 NUTCH-2840 Fix 'report-vulnerabilities' ant target in build.xml (#561) * NUTCH-2840 Fix 'report-vulnerabilities' ant target in build.xml --- .gitignore | 2 ++ build.xml | 46 ++++++++++++++++++++++----------- ivy/dependency-check-ant/lib/.gitignore | 19 ++++++++++++++ 3 files changed, 52 insertions(+), 15 deletions(-) diff --git a/.gitignore b/.gitignore index 6d96644..0612a99 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,5 @@ naivebayes-model *.iml *.swp csvindexwriter +lib/spotbugs-* +ivy/dependency-check-ant/* diff --git a/build.xml b/build.xml index 882a54a..02a7cdd 100644 --- a/build.xml +++ b/build.xml @@ -37,9 +37,11 @@ <property name="maven-javadoc-jar" value="${release.dir}/${artifactId}-${version}-javadoc.jar" /> <property name="maven-sources-jar" value="${release.dir}/${artifactId}-${version}-sources.jar" /> - <property environment="env"/> + <property name="dependency-check-ant.version" value="6.1.0" /> + <property name="dependency-check-ant.home" value="${ivy.dir}/dependency-check-ant" /> + <property name="dependency-check-ant.jar" value="${dependency-check-ant.home}/dependency-check-ant.jar" /> - <property name="dependency-check.home" value="${ivy.dir}/dependency-check-ant/"/> + <property environment="env"/> <property name="spotbugs.version" value="4.2.0" /> <property name="spotbugs.home" value="${ivy.dir}/spotbugs-${spotbugs.version}" /> @@ -646,24 +648,38 @@ </target> <!-- Check dependencies for security vulnerabilities --> - <!-- requires installation of OWASP dependency check tool, see --> - <!-- https://jeremylong.github.io/DependencyCheck/dependency-check-ant/index.html --> - <!-- get http://dl.bintray.com/jeremy-long/owasp/dependency-check-ant-3.3.2-release.zip --> - <!-- and unzip in directory ./ivy/ --> - <path id="dependency-check.path"> - <pathelement location="${dependency-check.home}/dependency-check-ant.jar"/> - <fileset dir="${dependency-check.home}/lib" erroronmissingdir="false"> + <target name="dependency-check-ant-download" description="--> download dependency-check-ant jar"> + <available file="${dependency-check-ant.jar}" property="dependency-check-ant.jar.found"/> + <antcall target="dependency-check-ant-download-unchecked"/> + </target> + + <target name="dependency-check-ant-download-unchecked" unless="dependency-check-ant.jar.found" + description="--> downloads the dependency-check-ant binary (dependency-check-ant-*.zip)."> + <get src="https://github.com/jeremylong/DependencyCheck/releases/download/v${dependency-check-ant.version}/dependency-check-ant-${dependency-check-ant.version}-release.zip" + dest="${ivy.dir}/dependency-check-ant-${dependency-check-ant.version}-release.zip" usetimestamp="false" /> + + <unzip src="${ivy.dir}/dependency-check-ant-${dependency-check-ant.version}-release.zip" + dest="${ivy.dir}"> + </unzip> + + <delete file="${ivy.dir}/dependency-check-ant-${dependency-check-ant.version}-release.zip" /> + </target> + + <path id="dependency-check-ant.path"> + <pathelement location="${dependency-check-ant.home}/dependency-check-ant.jar"/> + <fileset dir="${dependency-check-ant.home}/lib"> <include name="*.jar"/> </fileset> </path> - <taskdef resource="dependency-check-taskdefs.properties" onerror="ignore"> - <classpath refid="dependency-check.path" /> - </taskdef> - <target name="report-vulnerabilities" description="--> check dependencies for security vulnerabilities"> + + <target name="report-vulnerabilities" depends="jar, compile-plugins, dependency-check-ant-download" description="--> check dependencies for security vulnerabilities"> + <taskdef resource="dependency-check-taskdefs.properties"> + <classpath refid="dependency-check-ant.path" /> + </taskdef> <dependency-check projectname="${name}" - reportoutputdirectory="${build.dir}" + reportoutputdirectory="${dependency-check-ant.home}" reportformat="ALL"> - <suppressionfile path="${dependency-check.home}/dependency-check-suppressions.xml" /> + <suppressionfile path="${dependency-check-ant.home}/dependency-check-suppressions.xml" /> <retirejsFilter regex="copyright.*jeremy long" /> <fileset dir="${build.dir}"> <include name="lib/*.jar"/> diff --git a/ivy/dependency-check-ant/lib/.gitignore b/ivy/dependency-check-ant/lib/.gitignore new file mode 100644 index 0000000..e2dec72 --- /dev/null +++ b/ivy/dependency-check-ant/lib/.gitignore @@ -0,0 +1,19 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Ignore everything in this directory +* +# Except this file +!.gitignore