From 1cae934861220c87a4edae9a7267aaca9d081de8 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Wed, 22 Mar 2023 07:02:10 -0400 Subject: [PATCH 1/4] chore: release 8.2.0 --- README.md | 8 ++++---- build.gradle | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index a608952..f879b05 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ buildscript { mavenCentral() } dependencies { - classpath 'org.owasp:dependency-check-gradle:8.1.2' + classpath 'org.owasp:dependency-check-gradle:8.2.0' } } @@ -62,7 +62,7 @@ buildscript { mavenCentral() } dependencies { - classpath 'org.owasp:dependency-check-gradle:8.1.2' + classpath 'org.owasp:dependency-check-gradle:8.2.0' } } @@ -79,7 +79,7 @@ buildscript { mavenCentral() } dependencies { - classpath 'org.owasp:dependency-check-gradle:8.1.2' + classpath 'org.owasp:dependency-check-gradle:8.2.0' } } @@ -108,7 +108,7 @@ subprojects { ```kotlin plugins { - id("org.owasp.dependencycheck") version "8.1.2" apply false + id("org.owasp.dependencycheck") version "8.2.0" apply false } allprojects { diff --git a/build.gradle b/build.gradle index fd7de19..49d4b1b 100644 --- a/build.gradle +++ b/build.gradle @@ -17,7 +17,7 @@ */ ext { - odcVersion = '8.1.2' + odcVersion = '8.2.0' slackWebhookVersion = '1.4.0' spockCoreVersion = '1.1-groovy-2.4' } From e3be223714b3184af39b8d93016141bcf78ba677 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Thu, 23 Mar 2023 08:32:00 -0400 Subject: [PATCH 2/4] dependency-check 8.2.1 --- README.md | 8 ++++---- build.gradle | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index f879b05..683bb03 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ buildscript { mavenCentral() } dependencies { - classpath 'org.owasp:dependency-check-gradle:8.2.0' + classpath 'org.owasp:dependency-check-gradle:8.2.1' } } @@ -62,7 +62,7 @@ buildscript { mavenCentral() } dependencies { - classpath 'org.owasp:dependency-check-gradle:8.2.0' + classpath 'org.owasp:dependency-check-gradle:8.2.1' } } @@ -79,7 +79,7 @@ buildscript { mavenCentral() } dependencies { - classpath 'org.owasp:dependency-check-gradle:8.2.0' + classpath 'org.owasp:dependency-check-gradle:8.2.1' } } @@ -108,7 +108,7 @@ subprojects { ```kotlin plugins { - id("org.owasp.dependencycheck") version "8.2.0" apply false + id("org.owasp.dependencycheck") version "8.2.1" apply false } allprojects { diff --git a/build.gradle b/build.gradle index 49d4b1b..2ed8449 100644 --- a/build.gradle +++ b/build.gradle @@ -17,7 +17,7 @@ */ ext { - odcVersion = '8.2.0' + odcVersion = '8.2.1' slackWebhookVersion = '1.4.0' spockCoreVersion = '1.1-groovy-2.4' } From a14478fb1d8686e4356de65339e50e20abd7fefd Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Mon, 12 Jun 2023 06:39:43 -0400 Subject: [PATCH 3/4] build: release 8.3.0 --- README.md | 8 ++++---- build.gradle | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 683bb03..aa62ead 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ buildscript { mavenCentral() } dependencies { - classpath 'org.owasp:dependency-check-gradle:8.2.1' + classpath 'org.owasp:dependency-check-gradle:8.3.0' } } @@ -62,7 +62,7 @@ buildscript { mavenCentral() } dependencies { - classpath 'org.owasp:dependency-check-gradle:8.2.1' + classpath 'org.owasp:dependency-check-gradle:8.3.0' } } @@ -79,7 +79,7 @@ buildscript { mavenCentral() } dependencies { - classpath 'org.owasp:dependency-check-gradle:8.2.1' + classpath 'org.owasp:dependency-check-gradle:8.3.0' } } @@ -108,7 +108,7 @@ subprojects { ```kotlin plugins { - id("org.owasp.dependencycheck") version "8.2.1" apply false + id("org.owasp.dependencycheck") version "8.3.0" apply false } allprojects { diff --git a/build.gradle b/build.gradle index 2ed8449..be30b9d 100644 --- a/build.gradle +++ b/build.gradle @@ -17,7 +17,7 @@ */ ext { - odcVersion = '8.2.1' + odcVersion = '8.3.0' slackWebhookVersion = '1.4.0' spockCoreVersion = '1.1-groovy-2.4' } From 76835a3bf06ad7624a8d1e75ecce31ac0730593d Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Thu, 22 Jun 2023 06:38:36 -0400 Subject: [PATCH 4/4] fix: resolve build failures - upgrade to latest ODC - bump gradle wrapper - modernize tests for newer version of gradle --- README.md | 8 +- build.gradle | 11 +- gradle/wrapper/gradle-wrapper.properties | 2 +- .../gradle/tasks/AbstractAnalyze.groovy | 2 +- .../gradle/tasks/ConfiguredTask.groovy | 4 +- ...heckConfigurationSelectionIntegSpec.groovy | 18 +-- .../DependencyCheckPluginIntegSpec.groovy | 117 ++++++++++-------- src/test/resources/aggregateApp.gradle | 4 +- src/test/resources/aggregateCore.gradle | 4 +- src/test/resources/noSkipTestGroups.gradle | 4 +- src/test/resources/outputDir.gradle | 2 +- src/test/resources/skipGroups.gradle | 6 +- src/test/resources/skipTestGroups.gradle | 2 +- src/test/resources/suppressionFiles.gradle | 2 +- 14 files changed, 99 insertions(+), 87 deletions(-) diff --git a/README.md b/README.md index aa62ead..b97f83c 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ buildscript { mavenCentral() } dependencies { - classpath 'org.owasp:dependency-check-gradle:8.3.0' + classpath 'org.owasp:dependency-check-gradle:8.3.1' } } @@ -62,7 +62,7 @@ buildscript { mavenCentral() } dependencies { - classpath 'org.owasp:dependency-check-gradle:8.3.0' + classpath 'org.owasp:dependency-check-gradle:8.3.1' } } @@ -79,7 +79,7 @@ buildscript { mavenCentral() } dependencies { - classpath 'org.owasp:dependency-check-gradle:8.3.0' + classpath 'org.owasp:dependency-check-gradle:8.3.1' } } @@ -108,7 +108,7 @@ subprojects { ```kotlin plugins { - id("org.owasp.dependencycheck") version "8.3.0" apply false + id("org.owasp.dependencycheck") version "8.3.1" apply false } allprojects { diff --git a/build.gradle b/build.gradle index be30b9d..80b7baa 100644 --- a/build.gradle +++ b/build.gradle @@ -17,9 +17,9 @@ */ ext { - odcVersion = '8.3.0' + odcVersion = '8.3.1' slackWebhookVersion = '1.4.0' - spockCoreVersion = '1.1-groovy-2.4' + spockCoreVersion = '2.3-groovy-3.0' } group = 'org.owasp' @@ -71,8 +71,13 @@ dependencies { testImplementation("org.spockframework:spock-core:$spockCoreVersion") { exclude module: 'groovy-all' } + testImplementation 'org.junit.jupiter:junit-jupiter-api:5.9.3' + testImplementation 'org.junit.jupiter:junit-jupiter-params:5.9.3' + testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.9.3' +} +test { + useJUnitPlatform() } - test.onlyIf { !project.hasProperty('skipTests') } java { diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index a9a1901..6caf95f 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ #Sat Feb 13 12:38:28 EST 2021 -distributionUrl=https\://services.gradle.org/distributions/gradle-6.1.1-all.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-7.6.1-all.zip distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists zipStorePath=wrapper/dists diff --git a/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/AbstractAnalyze.groovy b/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/AbstractAnalyze.groovy index 4acff98..1d8c65e 100644 --- a/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/AbstractAnalyze.groovy +++ b/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/AbstractAnalyze.groovy @@ -60,7 +60,7 @@ import static org.owasp.dependencycheck.utils.Checksum.* abstract class AbstractAnalyze extends ConfiguredTask { @Internal - String currentProjectName = project.getName() + transient String currentProjectName = project.getName() @Internal Attribute artifactType = Attribute.of('artifactType', String) // @Internal diff --git a/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/ConfiguredTask.groovy b/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/ConfiguredTask.groovy index ea3ca6d..fc2a262 100644 --- a/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/ConfiguredTask.groovy +++ b/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/ConfiguredTask.groovy @@ -37,9 +37,9 @@ import static org.owasp.dependencycheck.utils.Settings.KEYS.* abstract class ConfiguredTask extends DefaultTask { @Internal - DependencyCheckExtension config = (DependencyCheckExtension) project.getExtensions().findByName('dependencyCheck') + transient DependencyCheckExtension config = (DependencyCheckExtension) project.getExtensions().findByName('dependencyCheck') @Internal - Settings settings + transient Settings settings @Internal String PROPERTIES_FILE = 'task.properties' diff --git a/src/test/groovy/org/owasp/dependencycheck/gradle/DependencyCheckConfigurationSelectionIntegSpec.groovy b/src/test/groovy/org/owasp/dependencycheck/gradle/DependencyCheckConfigurationSelectionIntegSpec.groovy index b2c75a4..44bf4d6 100644 --- a/src/test/groovy/org/owasp/dependencycheck/gradle/DependencyCheckConfigurationSelectionIntegSpec.groovy +++ b/src/test/groovy/org/owasp/dependencycheck/gradle/DependencyCheckConfigurationSelectionIntegSpec.groovy @@ -2,17 +2,17 @@ package org.owasp.dependencycheck.gradle import org.gradle.testkit.runner.BuildResult import org.gradle.testkit.runner.GradleRunner -import org.junit.Rule -import org.junit.rules.TemporaryFolder + import spock.lang.Specification +import spock.lang.TempDir + import static org.gradle.testkit.runner.TaskOutcome.* import static org.owasp.dependencycheck.gradle.DependencyCheckPlugin.* class DependencyCheckConfigurationSelectionIntegSpec extends Specification { - @Rule - final TemporaryFolder testProjectDir = new TemporaryFolder() - + @TempDir + File testProjectDir def 'test dependencies are ignored by default'() { given: @@ -34,7 +34,7 @@ class DependencyCheckConfigurationSelectionIntegSpec extends Specification { //println "-----------------" //println result.output //println "-----------------" - //String fileContents = new File(new File(testProjectDir.root, 'build/reports'), 'dependency-check-report.html').text + //String fileContents = new File(new File(testProjectDir, 'build/reports'), 'dependency-check-report.html').text //println fileContents then: @@ -126,15 +126,15 @@ class DependencyCheckConfigurationSelectionIntegSpec extends Specification { private void copyResourceFileIntoProjectDir(String resourceFileName, String targetFileName) { def resourceFileContent = new File(getClass().getClassLoader().getResource(resourceFileName).toURI()).text - def targetDirectory = new File(testProjectDir.root, targetFileName).parentFile + def targetDirectory = new File(testProjectDir, targetFileName).parentFile targetDirectory.mkdirs() - def targetFile = testProjectDir.newFile(targetFileName) + def targetFile = new File(testProjectDir, targetFileName) targetFile << resourceFileContent } private BuildResult executeTaskAndGetResult(String taskName, boolean isBuildExpectedToPass) { def build = GradleRunner.create() - .withProjectDir(testProjectDir.root) + .withProjectDir(testProjectDir) .withArguments(taskName,"--stacktrace") .forwardOutput() .withDebug(true) diff --git a/src/test/groovy/org/owasp/dependencycheck/gradle/DependencyCheckPluginIntegSpec.groovy b/src/test/groovy/org/owasp/dependencycheck/gradle/DependencyCheckPluginIntegSpec.groovy index 828440d..650f2e5 100644 --- a/src/test/groovy/org/owasp/dependencycheck/gradle/DependencyCheckPluginIntegSpec.groovy +++ b/src/test/groovy/org/owasp/dependencycheck/gradle/DependencyCheckPluginIntegSpec.groovy @@ -1,36 +1,36 @@ package org.owasp.dependencycheck.gradle import org.gradle.testkit.runner.GradleRunner -import org.junit.Rule -import org.junit.rules.TemporaryFolder import spock.lang.Specification +import spock.lang.TempDir +import spock.util.io.FileSystemFixture -import static org.gradle.testkit.runner.TaskOutcome.* +import static org.gradle.testkit.runner.TaskOutcome.SUCCESS class DependencyCheckPluginIntegSpec extends Specification { - @Rule final TemporaryFolder testProjectDir = new TemporaryFolder() - File buildFile + @TempDir + private FileSystemFixture fileSystemFixture - def setup() { - buildFile = testProjectDir.newFile('build.gradle') - } def "Plugin can be added"() { given: - buildFile << """ - plugins { - id 'org.owasp.dependencycheck' + fileSystemFixture.create { + dir("app") { + file("build.gradle").text = """ + plugins { + id 'org.owasp.dependencycheck' + } + """.stripIndent() } - """ - + } when: def result = GradleRunner.create() - .withProjectDir(testProjectDir.root) - .withArguments('tasks') - .withPluginClasspath() - .forwardOutput() - .build() + .withProjectDir(fileSystemFixture.resolve("app").toFile()) + .withArguments('tasks') + .withPluginClasspath() + .forwardOutput() + .build() then: result.output.contains("$DependencyCheckPlugin.ANALYZE_TASK") @@ -38,28 +38,32 @@ class DependencyCheckPluginIntegSpec extends Specification { def "custom configurations are skipped when only scanning whitelisted configurations"() { given: - buildFile << """ - plugins { - id 'org.owasp.dependencycheck' + fileSystemFixture.create { + dir("custom") { + file("build.gradle").text = """ + plugins { + id 'org.owasp.dependencycheck' + } + apply plugin: 'java' + + sourceCompatibility = 1.5 + version = '1.0' + + repositories { + mavenLocal() + mavenCentral() + } + + dependencies { + implementation group: 'commons-collections', name: 'commons-collections', version: '3.2' + } + """.stripIndent() } - apply plugin: 'java' - - sourceCompatibility = 1.5 - version = '1.0' - - repositories { - mavenLocal() - mavenCentral() - } - - dependencies { - compile group: 'commons-collections', name: 'commons-collections', version: '3.2' - } - """ + } when: def result = GradleRunner.create() - .withProjectDir(testProjectDir.root) + .withProjectDir(fileSystemFixture.resolve("custom").toFile()) .withArguments(DependencyCheckPlugin.ANALYZE_TASK) .withPluginClasspath() .withDebug(true) @@ -72,29 +76,32 @@ class DependencyCheckPluginIntegSpec extends Specification { def "task completes successfully when configuration cache is enabled in Gradle 7.4"() { given: - buildFile << """ - plugins { - id 'org.owasp.dependencycheck' - } - apply plugin: 'java' - - sourceCompatibility = 1.5 - version = '1.0' - - repositories { - mavenLocal() - mavenCentral() - } - - dependencies { - implementation group: 'commons-collections', name: 'commons-collections', version: '3.2' + fileSystemFixture.create { + dir("configCache") { + file("build.gradle").text = """ + plugins { + id 'org.owasp.dependencycheck' + } + apply plugin: 'java' + + sourceCompatibility = 1.5 + version = '1.0' + + repositories { + mavenLocal() + mavenCentral() + } + + dependencies { + implementation group: 'commons-collections', name: 'commons-collections', version: '3.2' + } + """.stripIndent() } - """ + } when: def result = GradleRunner.create() - .withGradleVersion("7.4") - .withProjectDir(testProjectDir.root) + .withProjectDir(fileSystemFixture.resolve("configCache").toFile()) .withArguments(DependencyCheckPlugin.ANALYZE_TASK, "--configuration-cache") .withPluginClasspath() .withDebug(true) diff --git a/src/test/resources/aggregateApp.gradle b/src/test/resources/aggregateApp.gradle index c3943fa..5231e49 100644 --- a/src/test/resources/aggregateApp.gradle +++ b/src/test/resources/aggregateApp.gradle @@ -1,6 +1,6 @@ apply plugin: 'application' dependencies { - compile 'log4j:log4j:1.2.17' - compile group: 'commons-collections', name: 'commons-collections', version: '3.2' + implementation 'log4j:log4j:1.2.17' + implementation group: 'commons-collections', name: 'commons-collections', version: '3.2' } diff --git a/src/test/resources/aggregateCore.gradle b/src/test/resources/aggregateCore.gradle index 2b9dedb..18f0bcf 100644 --- a/src/test/resources/aggregateCore.gradle +++ b/src/test/resources/aggregateCore.gradle @@ -1,4 +1,4 @@ dependencies { - testCompile 'junit:junit:4.11' - compile 'com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.7.0' + testImplementation 'junit:junit:4.11' + implementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.7.0' } \ No newline at end of file diff --git a/src/test/resources/noSkipTestGroups.gradle b/src/test/resources/noSkipTestGroups.gradle index 7cd4e27..f9edebe 100644 --- a/src/test/resources/noSkipTestGroups.gradle +++ b/src/test/resources/noSkipTestGroups.gradle @@ -16,12 +16,12 @@ sourceSets { } configurations { - intTestCompile.extendsFrom(testCompile) + intTestCompile.extendsFrom(testImplementation) intTestRuntime.extendsFrom(testRuntime) } dependencies { - testCompile group: 'commons-collections', name: 'commons-collections', version: '3.2' + testImplementation group: 'commons-collections', name: 'commons-collections', version: '3.2' intTestCompileOnly group: 'commons-beanutils', name: 'commons-beanutils-core', version: '1.8.3' intTestCompile group: 'commons-fileupload', name: 'commons-fileupload', version: '1.3.1' intTestRuntime group: 'commons-httpclient', name: 'commons-httpclient', version: '3.1' diff --git a/src/test/resources/outputDir.gradle b/src/test/resources/outputDir.gradle index bc62046..131ae4e 100644 --- a/src/test/resources/outputDir.gradle +++ b/src/test/resources/outputDir.gradle @@ -16,7 +16,7 @@ repositories { } dependencies { - compile group: 'commons-collections', name: 'commons-collections', version: '3.2' + implementation group: 'commons-collections', name: 'commons-collections', version: '3.2' } dependencyCheck { diff --git a/src/test/resources/skipGroups.gradle b/src/test/resources/skipGroups.gradle index b460fd0..ca497b8 100644 --- a/src/test/resources/skipGroups.gradle +++ b/src/test/resources/skipGroups.gradle @@ -12,9 +12,9 @@ repositories { } dependencies { - compile group: 'commons-collections', name: 'commons-collections', version: '3.2' - compile group: 'commons-httpclient', name: 'commons-httpclient', version: '3.1' - compile group: 'commons-fileupload', name: 'commons-fileupload', version: '1.3.1' + implementation group: 'commons-collections', name: 'commons-collections', version: '3.2' + implementation group: 'commons-httpclient', name: 'commons-httpclient', version: '3.1' + implementation group: 'commons-fileupload', name: 'commons-fileupload', version: '1.3.1' } dependencyCheck { diff --git a/src/test/resources/skipTestGroups.gradle b/src/test/resources/skipTestGroups.gradle index faae37c..60fb92a 100644 --- a/src/test/resources/skipTestGroups.gradle +++ b/src/test/resources/skipTestGroups.gradle @@ -12,7 +12,7 @@ repositories { } dependencies { - testCompile group: 'commons-collections', name: 'commons-collections', version: '3.2' + testImplementation group: 'commons-collections', name: 'commons-collections', version: '3.2' } dependencyCheck { diff --git a/src/test/resources/suppressionFiles.gradle b/src/test/resources/suppressionFiles.gradle index d5db4b4..8606cbd 100644 --- a/src/test/resources/suppressionFiles.gradle +++ b/src/test/resources/suppressionFiles.gradle @@ -9,7 +9,7 @@ repositories { } dependencies { - compile 'commons-collections:commons-collections:3.2' + implementation 'commons-collections:commons-collections:3.2' } dependencyCheck {