Skip to content

feat: package and utilize generated suppression file #8116

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jeremylong wants to merge 13 commits into
base: main
Choose a base branch
from
+65 −34
Open

feat: package and utilize generated suppression file #8116

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
a3513cc
feat: package and utilize generated suppression file
jeremylong Nov 10, 2025
2f3a2ea
fix: use different downloader per copilot
jeremylong Nov 10, 2025
c1f7ded
Apply suggestion from @jeremylong
jeremylong Nov 10, 2025
1d58894
Apply suggestion from @jeremylong
jeremylong Nov 10, 2025
f61f551
Apply suggestions from code review
jeremylong Nov 10, 2025
cab3470
Apply suggestion from @jeremylong
jeremylong Nov 10, 2025
aa38606
Apply suggestion from @jeremylong
jeremylong Nov 10, 2025
a9748b2
fix: dependency relocated
jeremylong Nov 18, 2025
ff0a23a
Merge branch 'main' into scratch/download-generated
nhumblot Nov 19, 2025
3b25d1c
Apply suggestion from @nhumblot
jeremylong Dec 10, 2025
33996d2
fix: improvements per peer review
jeremylong Dec 10, 2025
5d0ac78
Update core/src/main/java/org/owasp/dependencycheck/analyzer/Abstract…
jeremylong Dec 14, 2025
eceeada
fix: typos
jeremylong Dec 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions core/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,25 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
</testResource>
</testResources>
<plugins>
<plugin>
<groupId>com.googlecode.maven-download-plugin</groupId>
<artifactId>download-maven-plugin</artifactId>
<version>1.13.0</version>
<executions>
<execution>
<id>download-published-suppressions</id>
<phase>generate-resources</phase>
<goals>
<goal>wget</goal>
</goals>
<configuration>
<url>https://dependency-check.github.io/DependencyCheck/suppressions/publishedSuppressions.xml</url>
<outputDirectory>${project.build.directory}/classes</outputDirectory>
<outputFileName>generated-suppressions.xml</outputFileName>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.jsonschema2pojo</groupId>
<artifactId>jsonschema2pojo-maven-plugin</artifactId>
Expand Down
21 changes: 18 additions & 3 deletions core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,10 @@ public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer {
* The file name of the base suppression XML file.
*/
private static final String BASE_SUPPRESSION_FILE = "dependencycheck-base-suppression.xml";
/**
* The file name of the generated suppression XML file.
*/
private static final String GENERATED_SUPPRESSION_FILE = "generated-suppressions.xml";
/**
* The key used to store and retrieve the suppression files.
*/
Expand Down Expand Up @@ -195,17 +199,28 @@ private void loadSuppressionBaseData(final Engine engine) throws SuppressionPars
* @throws SuppressionParseException thrown if the XML cannot be parsed.
*/
private void loadPackagedSuppressionBaseData(final SuppressionParser parser, final Engine engine) throws SuppressionParseException {
loadPackagedSuppressionBaseData(BASE_SUPPRESSION_FILE, parser, engine);
loadPackagedSuppressionBaseData(GENERATED_SUPPRESSION_FILE, parser, engine);
}
/**
* Loads the base suppression rules packaged with the application.
*
* @param parser The suppression parser to use
* @param engine a reference the dependency-check engine
* @throws SuppressionParseException thrown if the XML cannot be parsed.
*/
private void loadPackagedSuppressionBaseData(final String packagedFileName, final SuppressionParser parser, final Engine engine) throws SuppressionParseException {
List<SuppressionRule> ruleList = null;
final URL jarLocation = AbstractSuppressionAnalyzer.class.getProtectionDomain().getCodeSource().getLocation();
String suppressionFileLocation = jarLocation.getFile();
if (suppressionFileLocation.endsWith(".jar")) {
suppressionFileLocation = "jar:file:" + suppressionFileLocation + "!/" + BASE_SUPPRESSION_FILE;
suppressionFileLocation = "jar:file:" + suppressionFileLocation + "!/" + packagedFileName;
} else if (suppressionFileLocation.startsWith("nested:") && suppressionFileLocation.endsWith(".jar!/")) {
// suppressionFileLocation -> nested:/app/app.jar/!BOOT-INF/lib/dependency-check-core-<version>.jar!/
// goal-> jar:nested:/app/app.jar/!BOOT-INF/lib/dependency-check-core-<version>.jar!/dependencycheck-base-suppression.xml
suppressionFileLocation = "jar:" + suppressionFileLocation + BASE_SUPPRESSION_FILE;
suppressionFileLocation = "jar:" + suppressionFileLocation + packagedFileName;
} else {
suppressionFileLocation = "file:" + suppressionFileLocation + BASE_SUPPRESSION_FILE;
suppressionFileLocation = "file:" + suppressionFileLocation + packagedFileName;
}
URL baseSuppresssionURL = null;
try {
Expand Down
5 changes: 5 additions & 0 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,11 @@ Copyright (c) 2012 - Jeremy Long
<defaultGoal>clean install</defaultGoal>
<pluginManagement>
<plugins>
<plugin>
<groupId>com.googlecode.maven-download-plugin</groupId>
<artifactId>download-maven-plugin</artifactId>
<version>1.13.0</version>
</plugin>
<plugin>
<groupId>org.jsonschema2pojo</groupId>
<artifactId>jsonschema2pojo-maven-plugin</artifactId>
Expand Down