Skip to content

Commit 03c6bbc

Browse files
authored
Merge pull request #890 from nsacyber/v3_issue_887-add-owasp-dependency-check
[#887] Add OWASP dependency check plugin
2 parents 70c918e + 065acb2 commit 03c6bbc

File tree

7 files changed

+67
-20
lines changed

7 files changed

+67
-20
lines changed

HIRS_AttestationCA/build.gradle

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,26 +25,36 @@ dependencies {
2525
implementation libs.spring.boot.starter.log4j2
2626
implementation libs.minimal.json
2727

28-
// pull the pci dependency and ...
2928
implementation libs.pci
30-
// and explicitly include the patched version of the apache http client dependency
29+
30+
// explicitly include the patched version of the apache http client dependency
3131
implementation libs.apacheHttpClient
3232

3333
implementation libs.protobuf.java
3434
implementation libs.spring.boot.starter.data.jpa
3535
implementation libs.spring.retry
3636
implementation libs.spring.boot.starter.web
37+
38+
// explicitly include the patched version of the spring framework webmvc dependency
3739
implementation libs.spring.framework.webmvc
3840

41+
// explicitly include the patched version of the logback-core dependency
42+
implementation libs.logback.classic
43+
3944
compileOnly libs.lombok
4045
annotationProcessor libs.lombok
4146

4247
compileOnly libs.spotbugs.annotations
4348
annotationProcessor libs.spotbugs.annotations
4449

4550
testImplementation libs.commons.io
51+
52+
// explicitly include the patched version of the logback-core dependency
53+
testImplementation libs.logback.classic
54+
4655
testImplementation libs.spring.boot.starter.test
4756

57+
4858
testCompileOnly libs.lombok
4959
testAnnotationProcessor libs.lombok
5060
}

HIRS_AttestationCAPortal/build.gradle

Lines changed: 25 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ plugins {
22
id 'application'
33
id 'war'
44
id 'com.netflix.nebula.ospackage' version '11.10.0'
5-
id 'org.springframework.boot' version '3.0.13'
5+
id 'org.springframework.boot' version '3.1.12'
66
id 'io.spring.dependency-management' version '1.1.7'
77
}
88

@@ -36,29 +36,49 @@ dependencies {
3636
implementation libs.jakarta.servlet
3737
implementation libs.jakarta.xml
3838

39-
// pull the pci dependency and ...
4039
implementation libs.pci
41-
// and explicitly include the patched version of the apache http client dependency
40+
41+
// explicitly include the patched version of the apache http client dependency
4242
implementation libs.apacheHttpClient
4343

4444
implementation libs.mariadb.java.client
4545
implementation libs.spring.boot.starter.web
46-
//implementation libs.spring.framework.webmvc
46+
47+
// explicitly include the patched version of the snake yaml dependency
48+
implementation libs.snake.yaml
49+
4750
implementation libs.spring.boot.starter.validation
4851
implementation libs.spring.boot.starter.data.jpa
4952
implementation libs.spring.boot.starter.log4j2
53+
54+
// explicitly include the patched version of the spring framework jdbc dependency
55+
implementation libs.spring.framework.jdbc
56+
57+
// explicitly include the patched version of spring framework expression dependency
58+
implementation libs.spring.framework.expression
59+
60+
// explicitly include the patched version of the tomcat embed core dependency
61+
implementation libs.tomcat.embed.core
62+
5063
implementation libs.tomcat.embed.jasper
5164

65+
// explicitly include the patched version of the tomcat embed websocket dependency
66+
implementation libs.tomcat.embed.websocket
67+
5268
compileOnly libs.lombok
5369
annotationProcessor libs.lombok
5470

55-
providedRuntime libs.spring.boot.starter.tomcat
71+
// explicitly include the patched version of the json path dependency
72+
testImplementation libs.jsonPath
5673

5774
testImplementation libs.hsqldb
5875
testImplementation libs.spring.boot.starter.test
5976

6077
testCompileOnly libs.lombok
6178
testAnnotationProcessor libs.lombok
79+
80+
// explicitly include the patched version of the xmlunit-core dependency
81+
testImplementation libs.xmlunit.core
6282
}
6383

6484
test {

HIRS_Structs/build.gradle

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,9 @@ dependencies {
66

77
testImplementation libs.spring.boot.starter.test
88

9+
// explicitly include the patched version of the logback-core dependency
10+
testImplementation libs.logback.classic
11+
912
testCompileOnly libs.lombok
1013
testAnnotationProcessor libs.lombok
1114
}

HIRS_Utils/build.gradle

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -24,17 +24,18 @@ dependencies {
2424
implementation libs.spring.boot.starter.log4j2
2525
implementation libs.minimal.json
2626

27-
// pull the pci dependency and ...
2827
implementation libs.pci
29-
// and explicitly include the patched version of the apache http client dependency
28+
// explicitly include the patched version of the apache http client dependency
3029
implementation libs.apacheHttpClient
3130

32-
implementation libs.slf4j.simple
33-
3431
compileOnly libs.lombok
3532
annotationProcessor libs.lombok
3633

3734
testImplementation libs.spring.boot.starter.test
35+
36+
// explicitly include the patched version of the logback-core dependency
37+
testImplementation libs.logback.classic
38+
3839
testImplementation project(path: ':HIRS_AttestationCA')
3940

4041
testCompileOnly libs.lombok

build.gradle

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ plugins {
77
id 'application'
88
id 'checkstyle'
99
id 'com.github.spotbugs' version '6.0.13' apply false
10+
id 'org.owasp.dependencycheck' version '11.1.1'
1011
id 'java'
1112
}
1213

@@ -17,6 +18,7 @@ subprojects {
1718
apply plugin: "com.github.spotbugs"
1819
apply plugin: "java"
1920
apply plugin: "checkstyle"
21+
apply plugin: "org.owasp.dependencycheck"
2022

2123
repositories {
2224
flatDir { dirs "lib" }

gradle/versions.toml

Lines changed: 19 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -7,27 +7,30 @@ commonsLang3Version = "3.17.0"
77
gsonVersion = "2.11.0"
88
glassfishJakartaJsonVersion = "2.0.1"
99
glassfishJaxbRuntimeVersion = "4.0.5"
10-
guavaVersion = "33.3.1-jre"
10+
guavaVersion = "33.4.0-jre"
1111
jacksonVersion = "2.18.2"
12-
jakartaPersistenceApiVersion = "3.2.0"
12+
jakartaPersistenceApiVersion = "3.1.0"
1313
jakartaServletVersion = "3.0.0"
1414
jakartaXmlVersion = "4.0.2"
1515
jcommanderVersion = "2.0"
1616
lombokVersion = "1.18.36"
17+
logbackClassicVersion = "1.5.13"
1718
mariadbVersion = "3.5.1"
1819
minimalJsonVersion = "0.9.5"
1920
ospackageVersion = "11.2.0"
2021
pciVersion = "0.3"
2122
protobufJavaVersion = "4.28.3"
22-
springBootVersion = "3.4.0"
23-
springCoreVersion = "6.2.1"
23+
snakeYamlVersion = "2.0"
24+
springBootVersion = "3.4.1"
25+
springFrameworkVersion = "6.2.1"
2426
springRetryVersion = "2.0.10"
25-
tomcatVersion = "10.1.33"
27+
tomcatVersion = "10.1.34"
2628

2729
#test dependencies versions
2830
hsqldbVersion = "2.7.3"
29-
slf4jVersion = "2.0.16"
31+
jsonPathVersion = "2.9.0"
3032
spotBugAnnotationVersion = "4.8.6"
33+
xmlunitCoreVersion = "2.10.0"
3134

3235
[libraries]
3336
apacheHttpClient = { module = "org.apache.httpcomponents:httpclient", version.ref = "apacheHttpClientVersion" }
@@ -45,24 +48,31 @@ jakarta-persistence-api = { module = "jakarta.persistence:jakarta.persistence-ap
4548
jakarta-servlet = { module = "org.glassfish.web:jakarta.servlet.jsp.jstl", version.ref = "jakartaServletVersion" }
4649
jakarta-xml = { module = "jakarta.xml.bind:jakarta.xml.bind-api", version.ref = "jakartaXmlVersion" }
4750
jcommander = { module = "org.jcommander:jcommander", version.ref = "jcommanderVersion" }
51+
logback-classic = { module = "ch.qos.logback:logback-classic", version.ref = "logbackClassicVersion" }
4852
lombok = { module = "org.projectlombok:lombok", version.ref = "lombokVersion" }
4953
mariadb-java-client = { module = "org.mariadb.jdbc:mariadb-java-client", version.ref = "mariadbVersion" }
5054
minimal-json = { module = "com.eclipsesource.minimal-json:minimal-json", version.ref = "minimalJsonVersion" }
5155
pci = { module = "com.github.marandus:pci-ids", version.ref = "pciVersion" }
5256
protobuf-java = { module = "com.google.protobuf:protobuf-java", version.ref = "protobufJavaVersion" }
53-
slf4j-simple = { module = "org.slf4j:slf4j-simple", version.ref = "slf4jVersion" }
57+
snake-yaml = { module = "org.yaml:snakeyaml", version.ref = "snakeYamlVersion" }
5458
spring-boot-starter-data-jpa = { module = "org.springframework.boot:spring-boot-starter-data-jpa", version.ref = "springBootVersion" }
5559
spring-boot-starter-log4j2 = { module = "org.springframework.boot:spring-boot-starter-log4j2", version.ref = "springBootVersion" }
56-
spring-boot-starter-tomcat = { module = "org.springframework.boot:spring-boot-starter-tomcat", version.ref = "springBootVersion" }
5760
spring-boot-starter-validation = { module = "org.springframework.boot:spring-boot-starter-validation", version.ref = "springBootVersion" }
5861
spring-boot-starter-web = { module = "org.springframework.boot:spring-boot-starter-web", version.ref = "springBootVersion" }
59-
spring-framework-webmvc = { module = "org.springframework:spring-webmvc", version.ref = "springCoreVersion" }
62+
spring-framework-expression = { module = "org.springframework:spring-expression", version.ref = "springFrameworkVersion" }
63+
spring-framework-jdbc = { module = "org.springframework:spring-jdbc", version.ref = "springFrameworkVersion" }
64+
spring-framework-webmvc = { module = "org.springframework:spring-webmvc", version.ref = "springFrameworkVersion" }
6065
spring-retry = { module = "org.springframework.retry:spring-retry", version.ref = "springRetryVersion" }
66+
tomcat-embed-core = { module = "org.apache.tomcat.embed:tomcat-embed-core", version.ref = "tomcatVersion" }
6167
tomcat-embed-jasper = { module = "org.apache.tomcat.embed:tomcat-embed-jasper", version.ref = "tomcatVersion" }
68+
tomcat-embed-websocket = { module = "org.apache.tomcat.embed:tomcat-embed-websocket", version.ref = "tomcatVersion" }
69+
6270

6371
# test dependencies
6472
hsqldb = { module = "org.hsqldb:hsqldb", version.ref = "hsqldbVersion" }
73+
jsonPath = { module = "com.jayway.jsonpath:json-path", version.ref = "jsonPathVersion" }
6574
spring-boot-starter-test = { module = "org.springframework.boot:spring-boot-starter-test", version.ref = "springBootVersion" }
6675
spotbugs-annotations = { module = "com.github.spotbugs:spotbugs-annotations", version.ref = "spotBugAnnotationVersion" }
76+
xmlunit-core = { module = "org.xmlunit:xmlunit-core", version.ref = "xmlunitCoreVersion" }
6777

6878
[plugins]

tools/tcg_rim_tool/build.gradle

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ dependencies {
2121
implementation libs.jakarta.xml
2222
implementation libs.spring.boot.starter.log4j2
2323
implementation libs.spring.boot.starter.data.jpa
24+
implementation libs.logback.classic
2425

2526
compileOnly libs.lombok
2627
annotationProcessor libs.lombok

0 commit comments

Comments
 (0)