[GitHub] [nutch] sebastian-nagel commented on a change in pull request #561: NUTCH-2840 Fix 'report-vulnerabilities' ant target in build.xml

Thu, 28 Jan 2021 04:04:08 -0800 


sebastian-nagel commented on a change in pull request #561:
URL: https://github.com/apache/nutch/pull/561#discussion_r566040843



##########
File path: build.xml
##########
@@ -646,24 +648,38 @@
   </target>
 
   <!-- Check dependencies for security vulnerabilities                         
           -->
-  <!-- requires installation of OWASP dependency check tool, see               
           -->
-  <!--   
https://jeremylong.github.io/DependencyCheck/dependency-check-ant/index.html    
 -->
-  <!-- get 
http://dl.bintray.com/jeremy-long/owasp/dependency-check-ant-3.3.2-release.zip 
-->
-  <!-- and unzip in directory ./ivy/                                           
           -->
-  <path id="dependency-check.path">
-    <pathelement location="${dependency-check.home}/dependency-check-ant.jar"/>
-    <fileset dir="${dependency-check.home}/lib" erroronmissingdir="false">
+  <target name="dependency-check-ant-download" description="--> download 
dependency-check-ant jar">
+    <available file="${dependency-check-ant.jar}" 
property="dependency-check-ant.jar.found"/>
+    <antcall target="dependency-check-ant-download-unchecked"/>
+  </target>
+
+  <target name="dependency-check-ant-download-unchecked" 
unless="dependency-check-ant.jar.found"
+          description="--> downloads the dependency-check-ant binary 
(dependency-check-ant-*.zip).">
+    <get 
src="https://github.com/jeremylong/DependencyCheck/releases/download/v${dependency-check-ant.version}/dependency-check-ant-${dependency-check-ant.version}-release.zip";
+         
dest="${ivy.dir}/dependency-check-ant-${dependency-check-ant.version}-release.zip"
 usetimestamp="false" />
+
+    <unzip 
src="${ivy.dir}/dependency-check-ant-${dependency-check-ant.version}-release.zip"
+           dest="${ivy.dir}">
+    </unzip>
+
+    <delete 
file="${ivy.dir}/dependency-check-ant-${dependency-check-ant.version}-release.zip"
 />
+  </target>
+
+  <path id="dependency-check-ant.path">
+    <pathelement 
location="${dependency-check-ant.home}/dependency-check-ant.jar"/>
+    <fileset dir="${dependency-check-ant.home}/lib">
       <include name="*.jar"/>
     </fileset>
   </path>
-  <taskdef resource="dependency-check-taskdefs.properties" onerror="ignore">
-    <classpath refid="dependency-check.path" />
+  <taskdef resource="dependency-check-taskdefs.properties">

Review comment:
       Verified: moving `taskdef` few lines down, just after `<target 
name="report-vulnerabilities" ...` works.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to