fix: migrate to Gradle Property API

README.md

@@ -150,3 +150,5 @@ configure<org.owasp.dependencycheck.gradle.extension.DependencyCheckExtension> {
     format = org.owasp.dependencycheck.reporting.ReportGenerator.Format.ALL.toString()
 }
 ```
+
+<img referrerpolicy="no-referrer-when-downgrade" src="https://static.scarf.sh/a.png?x-pxid=0218d602-986a-4fa2-a5f0-7c399019d793" />

src/main/groovy/org/owasp/dependencycheck/gradle/DependencyCheckPlugin.groovy

@@ -61,11 +61,11 @@ class DependencyCheckPlugin implements Plugin<Project> {
     }
 
     void initializeConfigurations(Project project) {
-        project.extensions.create(CHECK_EXTENSION_NAME, DependencyCheckExtension, project)
+        project.extensions.create(CHECK_EXTENSION_NAME, DependencyCheckExtension, project, project.objects)
     }
 
     void registerTasks(Project project) {
-        if (REGISTER_TASK_GRADLE_VERSION.compareTo(GradleVersion.current())<=0) {
+        if (REGISTER_TASK_GRADLE_VERSION.compareTo(GradleVersion.current()) <= 0) {
             project.tasks.register(PURGE_TASK, Purge)
             project.tasks.register(UPDATE_TASK, Update)
             project.tasks.register(ANALYZE_TASK, Analyze)

src/main/groovy/org/owasp/dependencycheck/gradle/extension/AdditionalCpe.groovy

@@ -1,29 +1,61 @@
 package org.owasp.dependencycheck.gradle.extension
 
 import org.gradle.api.Named
+import org.gradle.api.model.ObjectFactory
+import org.gradle.api.provider.Property
+import org.gradle.api.tasks.Input
+import org.gradle.api.tasks.Optional
+
+import javax.inject.Inject
 
 /**
  * Holder for the information regarding an additional CPE to be checked.
  */
 @groovy.transform.CompileStatic
 class AdditionalCpe implements Named {
 
-  AdditionalCpe(String name) {
-    this.name = name;
-  }
+    private final String name
+    private final Property<String> description
+    private final Property<String> cpe
+
+    @Inject
+    AdditionalCpe(String name, ObjectFactory objects) {
+        this.name = name
+        this.description = objects.property(String)
+        this.cpe = objects.property(String)
+    }
+
+    /**
+     * Name assigned to the CPE entry during configuration.
+     */
+    @Override
+    String getName() {
+        return name
+    }
+
+    /**
+     * Description for the what the CPE represents.
+     */
+    @Input
+    @Optional
+    Property<String> getDescription() {
+        return description
+    }
 
-  /**
-   * Name assigned to the CPE entry during configuration.
-   */
-  String name;
+    void setDescription(String value) {
+        description.set(value)
+    }
 
-  /**
-   * Description for the what the CPE represents.
-   */
-  String description
+    /**
+     * The CPE to be checked against the database.
+     */
+    @Input
+    @Optional
+    Property<String> getCpe() {
+        return cpe
+    }
 
-  /**
-   * The CPE to be checked against the database.
-   */
-  String cpe
+    void setCpe(String value) {
+        cpe.set(value)
+    }
 }

src/main/groovy/org/owasp/dependencycheck/gradle/extension/AnalyzerExtension.groovy

@@ -19,15 +19,25 @@ package org.owasp.dependencycheck.gradle.extension
 
 import org.gradle.api.Action
 import org.gradle.api.Project
+import org.gradle.api.model.ObjectFactory
+
+import javax.inject.Inject
 
 /**
  * The analyzer configuration extension. Any value not configured will use the dependency-check-core defaults.
  */
 @groovy.transform.CompileStatic
 class AnalyzerExtension {
 
-    AnalyzerExtension(Project project) {
+    @Inject
+    AnalyzerExtension(Project project, ObjectFactory objects) {
         this.project = project;
+        kev = objects.newInstance(KEVExtension, objects)
+        retirejs = objects.newInstance(RetireJSExtension, objects)
+        nodeAudit = objects.newInstance(NodeAuditExtension, objects)
+        nodePackage = objects.newInstance(NodePackageExtension, objects)
+        artifactory = objects.newInstance(ArtifactoryExtension, objects)
+        ossIndex = objects.newInstance(OssIndexExtension, objects)
     }
 
     Project project;
@@ -178,32 +188,32 @@ class AnalyzerExtension {
     /**
      * The configuration extension for known exploited vulnerabilities settings.
      */
-    KEVExtension kev = new KEVExtension()
+    KEVExtension kev
 
     /**
      * The configuration extension for retirejs settings.
      */
-    RetireJSExtension retirejs = new RetireJSExtension()
+    RetireJSExtension retirejs
 
     /**
      * The configuration extension for the node audit settings.
      */
-    NodeAuditExtension nodeAudit = new NodeAuditExtension()
+    NodeAuditExtension nodeAudit
 
     /**
      * The configuration extension for the node package settings.
      */
-    NodePackageExtension nodePackage = new NodePackageExtension()
+    NodePackageExtension nodePackage
 
     /**
      * The configuration extension for artifactory settings.
      */
-    ArtifactoryExtension artifactory = new ArtifactoryExtension()
+    ArtifactoryExtension artifactory
 
     /**
      * The configuration extension for artifactory settings.
      */
-    OssIndexExtension ossIndex = new OssIndexExtension()
+    OssIndexExtension ossIndex
 
     /**
      * Allows programmatic configuration of the KEV extension

src/main/groovy/org/owasp/dependencycheck/gradle/extension/ArtifactoryExtension.groovy

@@ -17,37 +17,126 @@
  */
 package org.owasp.dependencycheck.gradle.extension
 
+import org.gradle.api.model.ObjectFactory
+import org.gradle.api.provider.Property
+import org.gradle.api.tasks.Input
+import org.gradle.api.tasks.Optional
+
+import javax.inject.Inject
+
 /**
  * The artifactory analyzer configuration.
  */
 @groovy.transform.CompileStatic
 class ArtifactoryExtension {
+
+    private final Property<Boolean> enabled
+    private final Property<String> url
+    private final Property<Boolean> usesProxy
+    private final Property<Boolean> parallelAnalysis
+    private final Property<String> username
+    private final Property<String> apiToken
+    private final Property<String> bearerToken
+
+    @Inject
+    ArtifactoryExtension(ObjectFactory objects) {
+        this.enabled = objects.property(Boolean)
+        this.url = objects.property(String)
+        this.usesProxy = objects.property(Boolean)
+        this.parallelAnalysis = objects.property(Boolean)
+        this.username = objects.property(String)
+        this.apiToken = objects.property(String)
+        this.bearerToken = objects.property(String)
+    }
+
     /**
      * Sets whether the Artifactory Analyzer should be used.
      */
-    Boolean enabled
+    @Input
+    @Optional
+    Property<Boolean> getEnabled() {
+        return enabled
+    }
+
+    void setEnabled(Boolean value) {
+        enabled.set(value)
+    }
+
     /**
      * The Artifactory server URL.
      */
-    String url
+    @Input
+    @Optional
+    Property<String> getUrl() {
+        return url
+    }
+
+    void setUrl(String value) {
+        url.set(value)
+    }
+
     /**
      * Whether Artifactory should be accessed through a proxy or not.
      */
-    Boolean usesProxy
+    @Input
+    @Optional
+    Property<Boolean> getUsesProxy() {
+        return usesProxy
+    }
+
+    void setUsesProxy(Boolean value) {
+        usesProxy.set(value)
+    }
+
     /**
      * Whether the Artifactory analyzer should be run in parallel or not.
      */
-    Boolean parallelAnalysis
+    @Input
+    @Optional
+    Property<Boolean> getParallelAnalysis() {
+        return parallelAnalysis
+    }
+
+    void setParallelAnalysis(Boolean value) {
+        parallelAnalysis.set(value)
+    }
+
     /**
      * The user name (only used with API token) to connect to Artifactory instance.
      */
-    String username
+    @Input
+    @Optional
+    Property<String> getUsername() {
+        return username
+    }
+
+    void setUsername(String value) {
+        username.set(value)
+    }
+
     /**
      * The API token to connect to Artifactory instance.
      */
-    String apiToken
+    @Input
+    @Optional
+    Property<String> getApiToken() {
+        return apiToken
+    }
+
+    void setApiToken(String value) {
+        apiToken.set(value)
+    }
+
     /**
      * The bearer token to connect to Artifactory instance.
      */
-    String bearerToken
+    @Input
+    @Optional
+    Property<String> getBearerToken() {
+        return bearerToken
+    }
+
+    void setBearerToken(String value) {
+        bearerToken.set(value)
+    }
 }

src/main/groovy/org/owasp/dependencycheck/gradle/extension/CacheExtension.groovy

@@ -17,24 +17,69 @@
  */
 package org.owasp.dependencycheck.gradle.extension
 
+import org.gradle.api.model.ObjectFactory
+import org.gradle.api.provider.Property
+import org.gradle.api.tasks.Input
+import org.gradle.api.tasks.Optional
+
+import javax.inject.Inject
+
 /**
  * The configuration for caching external results.
  */
 @groovy.transform.CompileStatic
 class CacheExtension {
+
+    private final Property<Boolean> ossIndex
+    private final Property<Boolean> central
+    private final Property<Boolean> nodeAudit
+
+    @Inject
+    CacheExtension(ObjectFactory objects) {
+        this.ossIndex = objects.property(Boolean)
+        this.central = objects.property(Boolean)
+        this.nodeAudit = objects.property(Boolean)
+    }
+
     /**
      * Sets whether the OSS Index Analyzer's results should be cached locally.
      * Cache expires after 24 hours.
      */
-    Boolean ossIndex
+    @Input
+    @Optional
+    Property<Boolean> getOssIndex() {
+        return ossIndex
+    }
+
+    void setOssIndex(Boolean value) {
+        ossIndex.set(value)
+    }
+
     /**
      * Sets whether the Central Analyzer's results should be cached locally.
      * Cache expires after 30 days.
      */
-    Boolean central
+    @Input
+    @Optional
+    Property<Boolean> getCentral() {
+        return central
+    }
+
+    void setCentral(Boolean value) {
+        central.set(value)
+    }
+
     /**
      * Sets whether the Node Audit Analyzer's results should be cached locally.
      * Cache expires after 24 hours.
      */
-    Boolean nodeAudit
+    @Input
+    @Optional
+    Property<Boolean> getNodeAudit() {
+        return nodeAudit
+    }
+
+    void setNodeAudit(Boolean value) {
+        nodeAudit.set(value)
+    }
 }