Skip to content

fix: improve configuration consistency (casing) #8355

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jeremylong wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: improve configuration consistency (casing) #8355

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
81 changes: 81 additions & 0 deletions ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -998,23 +998,49 @@ public void setNodeAuditSkipDevDependencies(Boolean nodeAuditSkipDevDependencies
*
* @param retirejsFilterNonVulnerable new value of
* retirejsFilterNonVulnerable
* @deprecated Use {@link #setRetireJsFilterNonVulnerable(Boolean)} instead.
*/
@Deprecated
public void setRetirejsFilterNonVulnerable(Boolean retirejsFilterNonVulnerable) {
this.retirejsFilterNonVulnerable = retirejsFilterNonVulnerable;
Copy link
Collaborator

@chadlwilson chadlwilson Mar 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be good if it renamed the internal variables (arguably even the parameters) to the target state.

}

/**
* Set the value of retireJsFilterNonVulnerable.
*
* @param retireJsFilterNonVulnerable new value of
* retireJsFilterNonVulnerable
*/
public void setRetireJsFilterNonVulnerable(Boolean retireJsFilterNonVulnerable) {
this.retirejsFilterNonVulnerable = retireJsFilterNonVulnerable;
}

/**
* Add a regular expression to the set of retire JS content filters.
* <p>
* This is called by Ant.
*
* @param retirejsFilter the regular expression used to filter based on file
* content
* @deprecated Use {@link #addConfiguredRetireJsFilter(RetirejsFilter)} instead.
*/
@Deprecated
public void addConfiguredRetirejsFilter(final RetirejsFilter retirejsFilter) {
Copy link
Collaborator

@chadlwilson chadlwilson Mar 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably should rename the class, but is a bit annoying when working with case-insensitive file systems and git. So no big deal.

Copy link
Collaborator

@marcelstoer marcelstoer Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I guess it's not worth the potential hassle. Could still leave a comment on that class to that effect.

retirejsFilters.add(retirejsFilter.getRegex());
}

/**
* Add a regular expression to the set of retire JS content filters.
* <p>
* This is called by Ant.
*
* @param retireJsFilter the regular expression used to filter based on file
* content
*/
public void addConfiguredRetireJsFilter(final RetirejsFilter retireJsFilter) {
retirejsFilters.add(retireJsFilter.getRegex());
}

/**
* Set the value of rubygemsAnalyzerEnabled.
*
Expand Down Expand Up @@ -1199,47 +1225,102 @@ public void setPathToDotnetCore(String pathToCore) {
* Set value of {@link #ossindexAnalyzerEnabled}.
*
* @param ossindexAnalyzerEnabled new value of ossindexAnalyzerEnabled
* @deprecated Use {@link #setOssIndexAnalyzerEnabled(Boolean)} instead.
*/
@Deprecated
public void setOssindexAnalyzerEnabled(Boolean ossindexAnalyzerEnabled) {
this.ossindexAnalyzerEnabled = ossindexAnalyzerEnabled;
}

/**
* Set value of ossIndexAnalyzerEnabled.
*
* @param ossIndexAnalyzerEnabled new value of ossIndexAnalyzerEnabled
*/
public void setOssIndexAnalyzerEnabled(Boolean ossIndexAnalyzerEnabled) {
this.ossindexAnalyzerEnabled = ossIndexAnalyzerEnabled;
}

/**
* Set value of {@link #ossindexAnalyzerUseCache}.
*
* @param ossindexAnalyzerUseCache new value of ossindexAnalyzerUseCache
* @deprecated Use {@link #setOssIndexAnalyzerUseCache(Boolean)} instead.
*/
@Deprecated
public void setOssindexAnalyzerUseCache(Boolean ossindexAnalyzerUseCache) {
this.ossindexAnalyzerUseCache = ossindexAnalyzerUseCache;
}

/**
* Set value of ossIndexAnalyzerUseCache.
*
* @param ossIndexAnalyzerUseCache new value of ossIndexAnalyzerUseCache
*/
public void setOssIndexAnalyzerUseCache(Boolean ossIndexAnalyzerUseCache) {
this.ossindexAnalyzerUseCache = ossIndexAnalyzerUseCache;
}

/**
* Set value of {@link #ossindexAnalyzerUrl}.
*
* @param ossindexAnalyzerUrl new value of ossindexAnalyzerUrl
* @deprecated Use {@link #setOssIndexAnalyzerUrl(String)} instead.
*/
@Deprecated
public void setOssindexAnalyzerUrl(String ossindexAnalyzerUrl) {
this.ossindexAnalyzerUrl = ossindexAnalyzerUrl;
}

/**
* Set value of ossIndexAnalyzerUrl.
*
* @param ossIndexAnalyzerUrl new value of ossIndexAnalyzerUrl
*/
public void setOssIndexAnalyzerUrl(String ossIndexAnalyzerUrl) {
this.ossindexAnalyzerUrl = ossIndexAnalyzerUrl;
}

/**
* Set value of {@link #ossindexAnalyzerUsername}.
*
* @param ossindexAnalyzerUsername new value of ossindexAnalyzerUsername
* @deprecated Use {@link #setOssIndexAnalyzerUsername(String)} instead.
*/
@Deprecated
public void setOssindexAnalyzerUsername(String ossindexAnalyzerUsername) {
this.ossindexAnalyzerUsername = ossindexAnalyzerUsername;
}

/**
* Set value of ossIndexAnalyzerUsername.
*
* @param ossIndexAnalyzerUsername new value of ossIndexAnalyzerUsername
*/
public void setOssIndexAnalyzerUsername(String ossIndexAnalyzerUsername) {
this.ossindexAnalyzerUsername = ossIndexAnalyzerUsername;
}

/**
* Set value of {@link #ossindexAnalyzerPassword}.
*
* @param ossindexAnalyzerPassword new value of ossindexAnalyzerPassword
* @deprecated Use {@link #setOssIndexAnalyzerPassword(String)} instead.
*/
@Deprecated
public void setOssindexAnalyzerPassword(String ossindexAnalyzerPassword) {
this.ossindexAnalyzerPassword = ossindexAnalyzerPassword;
}

/**
* Set value of ossIndexAnalyzerPassword.
*
* @param ossIndexAnalyzerPassword new value of ossIndexAnalyzerPassword
*/
public void setOssIndexAnalyzerPassword(String ossIndexAnalyzerPassword) {
this.ossindexAnalyzerPassword = ossIndexAnalyzerPassword;
}

/**
* Set value of {@link #ossIndexAnalyzerWarnOnlyOnRemoteErrors}.
*
Expand Down
16 changes: 8 additions & 8 deletions ant/src/site/markdown/configuration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ the project's dependencies.
reportoutputdirectory="${basedir}"
reportformat="ALL">
<suppressionfile path="${basedir}/path/to/suppression.xml"/>
<retirejsFilter regex="copyright.*jeremy long"/>
<retireJsFilter regex="copyright.*jeremy long"/>
<fileset dir="lib">
<include name="**/*.jar"/>
</fileset>
Expand Down Expand Up @@ -84,11 +84,11 @@ be needed.
| dartAnalyzerEnabled | Sets whether the [experimental](../analyzers/index.html) Dart Analyzer will be used. | true |
| knownExploitedEnabled | Sets whether the Known Exploited Vulnerability update and analyzer are enabled. | true |
| knownExploitedUrl | Sets URL to the CISA Known Exploited Vulnerabilities JSON data feed. | https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json |
| ossindexAnalyzerEnabled | Sets whether the [OSS Index Analyzer](../analyzers/oss-index-analyzer.html) will be enabled. This analyzer requires an internet connection. | true |
| ossindexAnalyzerUseCache | Sets whether the OSS Index Analyzer will cache results. Cached results expire after 24 hours. | true |
| ossindexAnalyzerUrl | Alternative URL for the OSS Index. If not set the public Sonatype OSS Index will be used. | https://ossindex.sonatype.org |
| ossindexAnalyzerUsername | Sets the username for OSS Index - note an account with OSS Index is not required. | &nbsp; |
| ossindexAnalyzerPassword | Sets the password for OSS Index. | &nbsp; |
| ossIndexAnalyzerEnabled | Sets whether the [OSS Index Analyzer](../analyzers/oss-index-analyzer.html) will be enabled. This analyzer requires an internet connection. *Deprecated alias: `ossindexAnalyzerEnabled`* | true |
| ossIndexAnalyzerUseCache | Sets whether the OSS Index Analyzer will cache results. Cached results expire after 24 hours. *Deprecated alias: `ossindexAnalyzerUseCache`* | true |
| ossIndexAnalyzerUrl | Alternative URL for the OSS Index. If not set the public Sonatype OSS Index will be used. *Deprecated alias: `ossindexAnalyzerUrl`* | https://ossindex.sonatype.org |
| ossIndexAnalyzerUsername | Sets the username for OSS Index - note an account with OSS Index is not required. *Deprecated alias: `ossindexAnalyzerUsername`* | &nbsp; |
| ossIndexAnalyzerPassword | Sets the password for OSS Index. *Deprecated alias: `ossindexAnalyzerPassword`* | &nbsp; |
| ossIndexAnalyzerWarnOnlyOnRemoteErrors | Whether we should only warn about Sonatype OSS Index remote errors instead of failing completely. | &nbsp; |
| nexusAnalyzerEnabled | Sets whether Nexus Analyzer will be used. This analyzer is an alternative to the Central or Artifactory Analyzers, allowing retrieval from Sonatype Nexus installations. | true |
| nexusUrl | Defines the Nexus web service endpoint (example http://domain.enterprise/nexus/service/local/). If not set the Nexus Analyzer will be disabled. | &nbsp; |
Expand Down Expand Up @@ -124,8 +124,8 @@ be needed.
| pathToYarn | The path to `yarn`. | &nbsp; |
| pathToPnpm | The path to `pnpm`. | &nbsp; |
| retireJsAnalyzerEnabled | Sets whether the RetireJS Analyzer update and analyzer are enabled. | true |
| retirejsFilterNonVulnerable | Configures the RetireJS Analyzer to remove non-vulnerable JS dependencies from the report. | false |
| retirejsFilter | A nested configuration that can be specified multple times; The regex defined is used to filter JS files based on content. | &nbsp; |
| retireJsFilterNonVulnerable | Configures the RetireJS Analyzer to remove non-vulnerable JS dependencies from the report. *Deprecated alias: `retirejsFilterNonVulnerable`* | false |
| retireJsFilter | A nested configuration that can be specified multple times; The regex defined is used to filter JS files based on content. *Deprecated alias: `retirejsFilter`* | &nbsp; |
| nuspecAnalyzerEnabled | Sets whether the .NET Nuget Nuspec Analyzer will be used. | true |
| nugetconfAnalyzerEnabled | Sets whether the [experimental](../analyzers/index.html) .NET Nuget packages.config Analyzer will be used. `enableExperimental` must be set to true. | true |
| libmanAnalyzerEnabled | Sets whether the Libman Analyzer will be used. | true |
Expand Down
14 changes: 10 additions & 4 deletions cli/src/main/java/org/owasp/dependencycheck/App.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -539,10 +539,16 @@ protected void populateSettings(CliParser cli) throws InvalidSettingException {
cli.getStringArgument(CliParser.ARGUMENT.RETIREJS_URL_BEARER_TOKEN));
settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_RETIREJS_FORCEUPDATE,
cli.hasOption(CliParser.ARGUMENT.RETIRE_JS_FORCEUPDATE));
settings.setStringIfNotNull(Settings.KEYS.ANALYZER_RETIREJS_FILTERS,
cli.getStringArgument(CliParser.ARGUMENT.RETIREJS_FILTERS));
settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_RETIREJS_FILTER_NON_VULNERABLE,
cli.hasOption(CliParser.ARGUMENT.RETIREJS_FILTER_NON_VULNERABLE));
String retireJsFilters = cli.getStringArgument(CliParser.ARGUMENT.RETIRE_JS_FILTERS);
if (retireJsFilters == null) {
retireJsFilters = cli.getStringArgument(CliParser.ARGUMENT.RETIREJS_FILTERS);
}
settings.setStringIfNotNull(Settings.KEYS.ANALYZER_RETIREJS_FILTERS, retireJsFilters);
Boolean retireJsFilterNonVuln = cli.hasOption(CliParser.ARGUMENT.RETIRE_JS_FILTER_NON_VULNERABLE);
if (retireJsFilterNonVuln == null) {
retireJsFilterNonVuln = cli.hasOption(CliParser.ARGUMENT.RETIREJS_FILTER_NON_VULNERABLE);
}
settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_RETIREJS_FILTER_NON_VULNERABLE, retireJsFilterNonVuln);
settings.setBoolean(Settings.KEYS.ANALYZER_JAR_ENABLED,
!cli.isDisabled(CliParser.ARGUMENT.DISABLE_JAR, Settings.KEYS.ANALYZER_JAR_ENABLED));
settings.setBoolean(Settings.KEYS.UPDATE_VERSION_CHECK_ENABLED,
Expand Down
Loading
Loading