Add functionality to suppress CVEs in upload goal (pmckeown#423)

pom.xml

@@ -53,7 +53,7 @@
     </ciManagement>
 
     <distributionManagement>
-        <snapshotRepository>
+		<snapshotRepository>
             <id>ossrh</id>
             <url>https://oss.sonatype.org/content/repositories/snapshots</url>
         </snapshotRepository>
@@ -62,7 +62,7 @@
             <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
         </repository>
     </distributionManagement>
-
+    
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <maven.compiler.source>1.8</maven.compiler.source>

src/main/java/io/github/pmckeown/dependencytrack/AbstractDependencyTrackMojo.java

@@ -1,168 +1,165 @@
 package io.github.pmckeown.dependencytrack;
 
-import io.github.pmckeown.util.Logger;
-import kong.unirest.Unirest;
-import kong.unirest.jackson.JacksonObjectMapper;
+import static io.github.pmckeown.dependencytrack.ObjectMapperFactory.relaxedObjectMapper;
+import static kong.unirest.HeaderNames.ACCEPT;
+import static kong.unirest.HeaderNames.ACCEPT_ENCODING;
+
 import org.apache.commons.lang3.builder.ToStringBuilder;
 import org.apache.maven.artifact.ArtifactUtils;
 import org.apache.maven.plugin.AbstractMojo;
 import org.apache.maven.plugin.MojoExecutionException;
 import org.apache.maven.plugin.MojoFailureException;
 import org.apache.maven.plugins.annotations.Parameter;
 
-import static io.github.pmckeown.dependencytrack.ObjectMapperFactory.relaxedObjectMapper;
-import static kong.unirest.HeaderNames.ACCEPT;
-import static kong.unirest.HeaderNames.ACCEPT_ENCODING;
+import io.github.pmckeown.util.Logger;
+import kong.unirest.Unirest;
+import kong.unirest.jackson.JacksonObjectMapper;
 
 /**
- * Base class for Mojos in this project.
- *
- * Provides common configuration options:
+ * Base class for Mojos in this project. Provides common configuration options:
  * <ol>
- *     <li>projectName</li>
- *     <li>projectVersion</li>
- *     <li>dependencyTrackBaseUrl</li>
- *     <li>apiKey</li>
- *     <li>failOnError</li>
- *     <li>skip</li>
- *     <li>verifySsl</li>
+ * <li>projectName</li>
+ * <li>projectVersion</li>
+ * <li>dependencyTrackBaseUrl</li>
+ * <li>apiKey</li>
+ * <li>failOnError</li>
+ * <li>skip</li>
+ * <li>verifySsl</li>
  * </ol>
  *
  * @author Paul McKeown
  */
 public abstract class AbstractDependencyTrackMojo extends AbstractMojo {
 
-    @Parameter(required = true, defaultValue = "${project.artifactId}", property = "dependency-track.projectName")
-    protected String projectName;
-
-    @Parameter(required = true, defaultValue = "${project.version}", property = "dependency-track.projectVersion")
-    protected String projectVersion;
-
-    @Parameter(required = true, property = "dependency-track.dependencyTrackBaseUrl")
-    private String dependencyTrackBaseUrl;
-
-    @Parameter(required = true, property = "dependency-track.apiKey")
-    private String apiKey;
-
-    @Parameter(defaultValue = "false", property = "dependency-track.failOnError")
-    private boolean failOnError;
-
-    /**
-     * Set this to 'true' to bypass dependencyTrack plugin
-     * It's not a real boolean as it can have more than 2 values:
-     * <ul>
-     *     <li><code>true</code>: will skip as usual</li>
-     *     <li><code>releases</code>: will skip if current version of the project is a release</li>
-     *     <li><code>snapshots</code>: will skip if current version of the project is a snapshot</li>
-     *     <li>any other values will be considered as <code>false</code></li>
-     * </ul>
-     */
-    @Parameter(defaultValue = "false", property = "dependency-track.skip", alias = "dependency-track.skip")
-    private String skip = Boolean.FALSE.toString();
-
-    @Parameter(defaultValue = "true", property = "dependency-track.verifySsl")
-    private boolean verifySsl;
-
-    @Parameter
-    private PollingConfig pollingConfig;
-
-    protected Logger logger;
-
-    protected CommonConfig commonConfig;
-
-    protected AbstractDependencyTrackMojo(CommonConfig commonConfig, Logger logger) {
-        this.logger = logger;
-        this.commonConfig = commonConfig;
-    }
-
-    /**
-     * Initialises the {@link Logger} and {@link CommonConfig} instances that were injected by the SISU inversion of
-     * control container (using Guice under the hood) by providing the data provided by the Plexus IOC container.
-     *
-     * Then performs the action defined by the subclass.
-     */
-    @Override
-    public final void execute() throws MojoExecutionException, MojoFailureException {
-        // Set up Mojo environment
-        this.logger.setLog(getLog());
-        this.commonConfig.setProjectName(projectName);
-        this.commonConfig.setProjectVersion(projectVersion);
-        this.commonConfig.setDependencyTrackBaseUrl(dependencyTrackBaseUrl);
-        this.commonConfig.setApiKey(apiKey);
-        this.commonConfig.setPollingConfig(this.pollingConfig != null ? this.pollingConfig : PollingConfig.defaults());
-
-        // Configure Unirest with additional user-supplied configuration
-        configureUnirest();
-
-        // Perform the requested action
-        if (getSkip()) {
-            logger.info("dependency-track.skip = true: Skipping analysis.");
-            return;
-        }
-        this.performAction();
-    }
-
-    /**
-     * Template method to be implemented by subclasses.
-     *
-     * @throws MojoExecutionException when an error is encountered during Mojo execution
-     * @throws MojoFailureException when the Mojo fails
-     */
-    protected abstract void performAction() throws MojoExecutionException, MojoFailureException;
-
-    public void setProjectName(String projectName) {
-        this.projectName = projectName;
-    }
-
-    public void setProjectVersion(String projectVersion) {
-        this.projectVersion = projectVersion;
-    }
-
-    public void setDependencyTrackBaseUrl(String url) {
-        this.dependencyTrackBaseUrl = url;
-    }
-
-    public void setApiKey(String apiKey) {
-        this.apiKey = apiKey;
-    }
-
-    public void setFailOnError(boolean fail) {
-        this.failOnError = fail;
-    }
-
-    public void setVerifySsl(boolean verifySsl) {
-        this.verifySsl = verifySsl;
-    }
-
-    public void setSkip(String skip) {
-        this.skip = skip;
-    }
-
-    public void setPollingConfig(PollingConfig commonConfig) {
-        this.pollingConfig = commonConfig;
-    }
-
-    protected void handleFailure(String message) throws MojoFailureException {
-        getLog().error(message);
-        if (failOnError) {
-            throw new MojoFailureException(message);
-        }
-    }
-
-    protected void handleFailure(String message, Throwable ex) throws MojoExecutionException {
-        getLog().debug(message, ex);
-        if (failOnError) {
-            throw new MojoExecutionException(message);
-        }
-    }
-
-    private boolean getSkip() {
-        return Boolean.parseBoolean(skip)
-                 || ("releases".equals(skip) && !ArtifactUtils.isSnapshot(projectVersion))
-                 || ("snapshots".equals(skip) && ArtifactUtils.isSnapshot(projectVersion));
-    }
-
-    /**
+	@Parameter(required = true, defaultValue = "${project.artifactId}", property = "dependency-track.projectName")
+	protected String projectName;
+
+	@Parameter(required = true, defaultValue = "${project.version}", property = "dependency-track.projectVersion")
+	protected String projectVersion;
+
+	@Parameter(required = true, property = "dependency-track.dependencyTrackBaseUrl")
+	private String dependencyTrackBaseUrl;
+
+	@Parameter(required = true, property = "dependency-track.apiKey")
+	private String apiKey;
+
+	@Parameter(defaultValue = "false", property = "dependency-track.failOnError")
+	private boolean failOnError;
+
+	/**
+	 * Set this to 'true' to bypass dependencyTrack plugin It's not a real boolean as it can have more than 2 values:
+	 * <ul>
+	 * <li><code>true</code>: will skip as usual</li>
+	 * <li><code>releases</code>: will skip if current version of the project is a release</li>
+	 * <li><code>snapshots</code>: will skip if current version of the project is a snapshot</li>
+	 * <li>any other values will be considered as <code>false</code></li>
+	 * </ul>
+	 */
+	@Parameter(defaultValue = "false", property = "dependency-track.skip", alias = "dependency-track.skip")
+	private String skip = Boolean.FALSE.toString();
+
+	@Parameter(defaultValue = "true", property = "dependency-track.verifySsl")
+	private boolean verifySsl;
+
+	@Parameter
+	private PollingConfig pollingConfig;
+
+	protected Logger logger;
+
+	protected CommonConfig commonConfig;
+
+	protected AbstractDependencyTrackMojo(final CommonConfig commonConfig, final Logger logger) {
+		this.logger = logger;
+		this.commonConfig = commonConfig;
+	}
+
+	/**
+	 * Initialises the {@link Logger} and {@link CommonConfig} instances that were injected by the SISU inversion of
+	 * control container (using Guice under the hood) by providing the data provided by the Plexus IOC container. Then
+	 * performs the action defined by the subclass.
+	 */
+	@Override
+	public final void execute() throws MojoExecutionException, MojoFailureException {
+		// Set up Mojo environment
+		logger.setLog(getLog());
+		commonConfig.setProjectName(projectName);
+		commonConfig.setProjectVersion(projectVersion);
+		commonConfig.setDependencyTrackBaseUrl(dependencyTrackBaseUrl);
+		commonConfig.setApiKey(apiKey);
+		commonConfig.setPollingConfig(pollingConfig != null ? pollingConfig : PollingConfig.defaults());
+
+		// Configure Unirest with additional user-supplied configuration
+		configureUnirest();
+
+		// Perform the requested action
+		if (getSkip()) {
+			logger.info("dependency-track.skip = true: Skipping analysis.");
+			return;
+		}
+		performAction();
+	}
+
+	/**
+	 * Template method to be implemented by subclasses.
+	 *
+	 * @throws MojoExecutionException when an error is encountered during Mojo execution
+	 * @throws MojoFailureException   when the Mojo fails
+	 */
+	protected abstract void performAction() throws MojoExecutionException, MojoFailureException;
+
+	public void setProjectName(final String projectName) {
+		this.projectName = projectName;
+	}
+
+	public void setProjectVersion(final String projectVersion) {
+		this.projectVersion = projectVersion;
+	}
+
+	public void setDependencyTrackBaseUrl(final String url) {
+		dependencyTrackBaseUrl = url;
+	}
+
+	public void setApiKey(final String apiKey) {
+		this.apiKey = apiKey;
+	}
+
+	public void setFailOnError(final boolean fail) {
+		failOnError = fail;
+	}
+
+	public void setVerifySsl(final boolean verifySsl) {
+		this.verifySsl = verifySsl;
+	}
+
+	public void setSkip(final String skip) {
+		this.skip = skip;
+	}
+
+	public void setPollingConfig(final PollingConfig commonConfig) {
+		pollingConfig = commonConfig;
+	}
+
+	protected void handleFailure(final String message) throws MojoFailureException {
+		getLog().error(message);
+		if (failOnError) {
+			throw new MojoFailureException(message);
+		}
+	}
+
+	protected void handleFailure(final String message, final Throwable ex) throws MojoExecutionException {
+		getLog().debug(message, ex);
+		if (failOnError) {
+			throw new MojoExecutionException(message);
+		}
+	}
+
+	private boolean getSkip() {
+		return Boolean.parseBoolean(skip) || ("releases".equals(skip) && !ArtifactUtils.isSnapshot(projectVersion))
+				|| ("snapshots".equals(skip) && ArtifactUtils.isSnapshot(projectVersion));
+	}
+
+
+	 /**
      * Unirest is configured globally using a static `Unirest.config()` method.  Doing so here allows for user-supplied
      * configuration.
      */
@@ -173,10 +170,10 @@ private void configureUnirest() {
                 .setDefaultHeader(ACCEPT, "application/json")
                 .verifySsl(this.verifySsl);
 
-        // Debug all Unirest config
-        logger.debug("Unirest Configuration: %s", ToStringBuilder.reflectionToString(Unirest.config()));
+		// Debug all Unirest config
+		logger.debug("Unirest Configuration: %s", ToStringBuilder.reflectionToString(Unirest.config()));
 
-        // Info print user specified
-        logger.info("SSL Verification enabled: %b", this.verifySsl);
-    }
+		// Info print user specified
+		logger.info("SSL Verification enabled: %b", verifySsl);
+	}
 }

src/main/java/io/github/pmckeown/dependencytrack/ResourceConstants.java

@@ -7,16 +7,17 @@
  */
 public final class ResourceConstants {
 
-    public static final String V1_BOM = "/api/v1/bom";
-    public static final String V1_BOM_TOKEN_UUID = "/api/v1/bom/token/{uuid}";
-    public static final String V1_PROJECT = "/api/v1/project?limit=1000000&offset=0";
-    public static final String V1_PROJECT_UUID = "/api/v1/project/{uuid}";
-    public static final String V1_FINDING_PROJECT_UUID = "/api/v1/finding/project/{uuid}";
-    public static final String V1_METRICS_PROJECT_UUID_CURRENT = "/api/v1/metrics/project/{uuid}/current";
-    public static final String V1_METRICS_PROJECT_UUID_REFRESH = "/api/v1/metrics/project/{uuid}/refresh";
-    public static final String V1_POLICY_VIOLATION_PROJECT_UUID = "/api/v1/violation/project/{uuid}";
+	public static final String V1_ANALYSIS = "/api/v1/analysis";
+	public static final String V1_BOM = "/api/v1/bom";
+	public static final String V1_BOM_TOKEN_UUID = "/api/v1/bom/token/{uuid}";
+	public static final String V1_PROJECT = "/api/v1/project?limit=1000000&offset=0";
+	public static final String V1_PROJECT_UUID = "/api/v1/project/{uuid}";
+	public static final String V1_FINDING_PROJECT_UUID = "/api/v1/finding/project/{uuid}";
+	public static final String V1_METRICS_PROJECT_UUID_CURRENT = "/api/v1/metrics/project/{uuid}/current";
+	public static final String V1_METRICS_PROJECT_UUID_REFRESH = "/api/v1/metrics/project/{uuid}/refresh";
+	public static final String V1_POLICY_VIOLATION_PROJECT_UUID = "/api/v1/violation/project/{uuid}";
 
-    private ResourceConstants() {
-        // Constants file
-    }
+	private ResourceConstants() {
+		// Constants file
+	}
 }