add switch to ant client for unused suppression rules failure

jeremylong · Dec 16, 2024 · 3c3b0ab · 3c3b0ab
1 parent 8466ad4
commit 3c3b0ab
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java b/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java
@@ -449,6 +449,11 @@ public class Check extends Update {
      */
     private Reference refId = null;
 
+    /**
+     * whether an unsused suppression rule should get force the build to fail
+     */
+    private boolean failBuildOnUnusedSuppressionRule = false;
+
     /**
      * Returns whether the version check is enabled.
      *
@@ -2092,6 +2097,13 @@ public String getArtifactoryAnalyzerBearerToken() {
     public void setArtifactoryAnalyzerBearerToken(String artifactoryAnalyzerBearerToken) {
         this.artifactoryAnalyzerBearerToken = artifactoryAnalyzerBearerToken;
     }
+
+    /**
+     * @return whether an unsused suppression rule should get force the build to fail
+     */
+	public boolean failBuildOnUnusedSuppressionRule() {
+		return failBuildOnUnusedSuppressionRule;
+	}
 
     //see note on `dealWithReferences()` for information on this suppression
     @SuppressWarnings("squid:RedundantThrowsDeclarationCheck")
@@ -2280,6 +2292,7 @@ protected void populateSettings() throws BuildException {
         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_OSSINDEX_USE_CACHE, ossindexAnalyzerUseCache);
         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_OSSINDEX_WARN_ONLY_ON_REMOTE_ERRORS, ossIndexAnalyzerWarnOnlyOnRemoteErrors);
         getSettings().setFloat(Settings.KEYS.JUNIT_FAIL_ON_CVSS, junitFailOnCVSS);
+        getSettings().setBooleanIfNotNull(Settings.KEYS.FAIL_ON_UNUSED_SUPPRESSION_RULE, failBuildOnUnusedSuppressionRule);
     }
 
     /**