Merge pull request #33 from dependency-check/develop

5.3.2 Release

.gitignore

@@ -30,4 +30,5 @@ node_modules
 
 # Dep check data directory files
 src/Tasks/dependency-check-build-task/dependency-check/data/*.json
-src/Tasks/dependency-check-build-task/dependency-check/data/*.db
+src/Tasks/dependency-check-build-task/dependency-check/data/*.db
+src/Tasks/dependency-check-build-task/dependency-check-*.zip

build/set-installer-version.ps1

@@ -0,0 +1,66 @@
+if ([string]::IsNullOrWhiteSpace($env:BUILD_VERSION)) {
+	Write-Host "Error: Major version number environment variable is required"
+	exit 1
+}
+
+if ([string]::IsNullOrWhiteSpace($env:BUILD_ENVIRONMENT)) {
+	Write-Host "Error: Build environment variable is required"
+	exit 2
+}
+
+$taskDefPath = ".\src\Tasks\dependency-check-build-task\task.json"
+if (!(Test-Path $taskDefPath -PathType Leaf)) {
+	Write-Host "Error: $taskDefPath not found"
+	exit 3
+}
+
+# Set build env vars
+if ($env:BUILD_ENVIRONMENT -eq "Release") {
+	$taskId = "47EA1F4A-57BA-414A-B12E-C44F42765E72"
+	$taskName = "dependency-check-build-task"
+	$vssExtensionPath = ".\vss-extension.prod.json"
+}
+else {
+	$taskId = "04450B31-9F11-415A-B37A-514D69EF69A1"
+	$taskName = "dependency-check-build-task-dev"
+	$vssExtensionPath = ".\vss-extension.dev.json"
+}
+
+#Parse version vars
+$versionMajor,$versionMinor,$versionPatch,$versionRevision = $env:BUILD_VERSION.Split('.')
+$versionPatchRevision = [string]::Format("{0}{1}", $versionPatch, $versionRevision.PadLeft(3, '0'))
+
+if (!(Test-Path $vssExtensionPath -PathType Leaf)) {
+	Write-Host "Error: $vssExtensionPath not found"
+	exit 4
+}
+
+Write-Host "Setting build environment for $env:BUILD_ENVIRONMENT"
+Write-Host "Setting extension version: $env:BUILD_VERSION"
+Write-Host "Setting build task version: $versionMajor.$versionMinor.$versionPatchRevision"
+
+# task.json (set build task id / name)
+Write-Host "Reading task.json"
+$task = Get-Content $taskDefPath -raw | ConvertFrom-Json
+
+Write-Host "Setting task definition id and name"
+$task.id = $taskId
+$task.name = $taskName
+
+Write-Host "Setting task definition version"
+$task.version.Major = $versionMajor
+$task.version.Minor = $versionMinor
+$task.version.Patch = $versionPatchRevision
+
+Write-Host "Saving new task definition..."
+$task | ConvertTo-Json -depth 32| set-content $taskDefPath
+
+# vss-extension-[env].json (set vesion)
+Write-Host "Reading $vssExtensionPath"
+$vssExtension = Get-Content $vssExtensionPath -raw | ConvertFrom-Json
+
+Write-Host "Setting version"
+$vssExtension.version = $env:BUILD_VERSION
+
+Write-Host "Saving new task definition..."
+$vssExtension | ConvertTo-Json -depth 32| set-content $vssExtensionPath

overview.md

@@ -70,7 +70,9 @@ More details on configuring and running Dependency Check can be found at [https:
 
 ## Contributors
 
-Thank you to the following contributor(s) for this extension:
+First thank [Jeremy Long](https://twitter.com/ctxt) and the folks working on the [OWASP Dependency Check](https://owasp.org/www-project-dependency-check/) project.
+
+The following contributor(s) help maintain the Azure DevOps extension:
 
 - Eric Johnson ([@emjohn20](https://twitter.com/emjohn20)) - Principal Security Engineer, Puma Security
 

package.json

@@ -5,10 +5,9 @@
   "description": "OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.",
   "scripts": {
     "build": "tsc -p .",
-    "postbuild": "npm run package",
-    "package": "tfx extension create --manifest-globs vss-extension.json",
-    "package-dev": "npm run clean && tfx extension create --manifest-globs vss-extension.dev.json",
-    "gallery-publish": "tfx extension publish",
+    "package-prod": "tfx extension create --manifest-globs vss-extension.prod.json",
+    "package-dev": "tfx extension create --manifest-globs vss-extension.dev.json",
+    "gallery-publish": "tfx extension publish --rev-version",
     "clean": "rimraf ./dist && rimraf ./*.vsix"
   },
   "devDependencies": {

src/Tasks/dependency-check-build-task/dependency-check-build-task.ps1

@@ -35,6 +35,8 @@ try {
     $enableExperimental = Get-VstsInput -Name 'enableExperimental' -Require -AsBool
     $enableRetired = Get-VstsInput -Name 'enableRetired' -Require -AsBool
     $enableVerbose = Get-VstsInput -Name 'enableVerbose' -Require -AsBool
+    $dataMirrorJson = Get-VstsInput -Name 'dataMirrorJson' -Default ''
+    $dataMirrorOdc = Get-VstsInput -Name 'dataMirrorOdc' -Default ''
     $additionalArguments = Get-VstsInput -Name 'additionalArguments' -Default ''
 
     #Trim the strings
@@ -103,17 +105,39 @@ try {
         $arguments = $arguments + " " + $additionalArguments
     }
 
+    #Get dependency check path
+    $binDirectory = "dependency-check"
+    $binDirectory = $binDirectory | Resolve-Path
+
+    #Set PS invoke web args
+    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+    $ProgressPreference = 'SilentlyContinue'
+
+    # Pull installer file
+    if(Test-Path $binDirectory -PathType Container) {
+        Write-Host -Verbose "Downloading Dependency Check installer..."
+        Invoke-WebRequest "https://dl.bintray.com/jeremy-long/owasp/dependency-check-5.3.2-release.zip" -OutFile "dependency-check-5.3.2-release.zip"
+        Expand-Archive -Path dependency-check-5.3.2-release.zip -DestinationPath .
+    }
+
     #Get dependency check data dir path
     $dataDirectory = "dependency-check/data"
     $dataDirectoryPath = $dataDirectory | Resolve-Path
 
-    # Pull cached files
-    if(Test-Path $dataDirectoryPath -PathType Container) {
-        Write-Host -Verbose "Downloading Dependency Check vulnerability data..."
-        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-        $ProgressPreference = 'SilentlyContinue'
-        Invoke-WebRequest "https://dependencycheck.sec540.com/data/jsrepository.json" -OutFile "$dataDirectory/jsrepository.json"
-        Invoke-WebRequest "https://dependencycheck.sec540.com/data/odc.mv.db" -OutFile "$dataDirectory/odc.mv.db"
+    # Pull JSON cached file
+    if([string]::IsNullOrEmpty($dataMirrorJson) -eq $false ) {
+        if(Test-Path $dataDirectoryPath -PathType Container) {
+            Write-Host -Verbose "Downloading Dependency Check vulnerability JSON data mirror..."
+            Invoke-WebRequest $dataMirrorJson -OutFile "$dataDirectory/jsrepository.json"
+        }
+    }
+
+    # Pull ODC cached file
+    if([string]::IsNullOrEmpty($dataMirrorOdc) -eq $false ) {
+        if(Test-Path $dataDirectoryPath -PathType Container) {
+            Write-Host -Verbose "Downloading Dependency Check vulnerability DB data mirror..."
+            Invoke-WebRequest $dataMirrorOdc -OutFile "$dataDirectory/odc.mv.db"
+        }
     }
 
     #Get dependency check script path