From 41d59e77191181aadd7bcf644dd36c7b958cab6d Mon Sep 17 00:00:00 2001
From: Luigi Gubello <luigi@pitch.io>
Date: Fri, 24 May 2024 11:29:28 +0200
Subject: [PATCH] Fix issues 21 and 24

---
 Dockerfile          |  2 +-
 alerts_summary.sh   |  4 ++--
 antq.sh             | 12 ++++++------
 local_dependency.sh |  2 +-
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 965b160..c7c1591 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,7 +10,7 @@ RUN apt update && \
     curl -O https://download.clojure.org/install/linux-install-1.11.1.1165.sh && \
     chmod +x linux-install-1.11.1.1165.sh && \
     ./linux-install-1.11.1.1165.sh && \
-    curl --retry 5 --retry-max-time 120 -L -o maven-dependency-submission-linux-x64 https://github.com/advanced-security/maven-dependency-submission-action/raw/2ecce44ccb44fd4b52f43468d3644e2d3e2b3cf2/cli/maven-dependency-submission-linux-x64 && \
+    curl --retry 5 --retry-max-time 120 -L -o maven-dependency-submission-linux-x64 https://github.com/advanced-security/maven-dependency-submission-action/releases/download/v4.0.3/maven-dependency-submission-action-linux && \
     chmod +x maven-dependency-submission-linux-x64 && \
     mv maven-dependency-submission-linux-x64 /usr/bin/maven-dependency-submission-linux-x64 && \
     clojure -Ttools install-latest :lib com.github.liquidz/antq :as antq && \
diff --git a/alerts_summary.sh b/alerts_summary.sh
index 7e1786f..85ca479 100644
--- a/alerts_summary.sh
+++ b/alerts_summary.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 dependency_tree_summary () {
-    mvn dependency:tree -Dverbose=true -DoutputFile="dependency-tree.txt"
+    mvn -ntp dependency:tree -Dverbose=true -DoutputFile="dependency-tree.txt"
     if [[ "$INPUT_VERBOSE" == true ]]; then
         cat dependency-tree.txt
     fi
@@ -23,7 +23,7 @@ vulnerabilities_summary () {
     do
         IFS='|' read -r -a array_i <<< "$i" 
         cd "/${1/'pom.xml'/''}" || exit
-        dep_level=$(mvn dependency:tree -DoutputType=dot -Dincludes="${array_i[1]}" | grep -e "->" | cut -d ">" -f 2 | cut -d '"' -f 2 | cut -d ":" -f 1-2)
+        dep_level=$(mvn -ntp dependency:tree -DoutputType=dot -Dincludes="${array_i[1]}" | grep -e "->" | cut -d ">" -f 2 | cut -d '"' -f 2 | cut -d ":" -f 1-2)
         IFS=' ' read -r -a dependency_level <<< "$dep_level"
         array_i+=("${dependency_level[0]}")
         table_row="| "
diff --git a/antq.sh b/antq.sh
index cedd6af..6fa97ed 100644
--- a/antq.sh
+++ b/antq.sh
@@ -44,7 +44,7 @@ high_critical_check_security_fix () {
                 echo "Update omitted packages: false"
             fi   
             if [[ "${array_alertGh[4]}" == "$1" ]]; then
-                afterUpdateVersion=$(mvn dependency:tree -DoutputType=dot -Dincludes="${array_alertGh[0]}" | grep -e "->" | cut -d ">" -f 2 | cut -d '"' -f 2 | grep -e "${array_alertGh[0]}" | cut -d ":" -f 4)
+                afterUpdateVersion=$(mvn -ntp dependency:tree -DoutputType=dot -Dincludes="${array_alertGh[0]}" | grep -e "->" | cut -d ">" -f 2 | cut -d '"' -f 2 | grep -e "${array_alertGh[0]}" | cut -d ":" -f 4)
                 if [[ "$INPUT_VERBOSE" == true ]]; then
                     echo "Checking available security updates for ${array_alertGh[0]}. Current: ${array_alertGh[3]} Latest: $afterUpdateVersion"
                 fi
@@ -69,7 +69,7 @@ high_critical_check_security_fix () {
             if [[ "$INPUT_VERBOSE" == true ]]; then
                 echo "Update omitted packages: true"
             fi
-            tempDependencyTree=$(mvn dependency:tree -Dincludes="${array_alertGh[0]}" -Dverbose)
+            tempDependencyTree=$(mvn -ntp dependency:tree -Dincludes="${array_alertGh[0]}" -Dverbose)
             tempFirstLevelDependencies=$(echo "$tempDependencyTree" | grep -e "\\\-" -e "\+\-" | grep -v -e "\s\s\\\-" -e "\s\s+\-" | cut -d "-" -f 2-100)
             if [[ "$INPUT_VERBOSE" == true ]]; then
                 echo "Checking available security updates for ${array_alertGh[0]}. First patched version: ${array_alertGh[3]}"
@@ -97,7 +97,7 @@ high_critical_check_security_fix () {
                                         if [[ "$INPUT_VERBOSE" == true ]]; then
                                             echo "version_ge() passed"
                                         fi 
-                                        tempPreviousDependencyTree=$(cd previous || exit; mvn dependency:tree -Dincludes="${array_alertGh[0]}" -Dverbose)
+                                        tempPreviousDependencyTree=$(cd previous || exit; mvn -ntp dependency:tree -Dincludes="${array_alertGh[0]}" -Dverbose)
                                         tempPreviousFirstLevelDependencies=$(echo "$tempPreviousDependencyTree" | grep -e "\\\-" -e "\+\-" | grep -v -e "\s\s\\\-" -e "\s\s+\-" | cut -d "-" -f 2-100)
                                         if [[ "$INPUT_VERBOSE" == true ]]; then
                                             echo "First-level dependencies for ${array_alertGh[0]} in /previous/pom.xml."
@@ -171,7 +171,7 @@ high_critical_check_security_fix () {
                                         if [[ "$INPUT_VERBOSE" == true ]]; then
                                             echo "version_ge() passed"
                                         fi                                         
-                                        tempPreviousDependencyTree=$(cd previous || exit; mvn dependency:tree -Dincludes="${array_alertGh[0]}" -Dverbose)
+                                        tempPreviousDependencyTree=$(cd previous || exit; mvn -ntp dependency:tree -Dincludes="${array_alertGh[0]}" -Dverbose)
                                         tempPreviousFirstLevelDependencies=$(echo "$tempPreviousDependencyTree" | grep -e "\\\-" -e "\+\-" | grep -v -e "\s\s\\\-" -e "\s\s+\-" | cut -d "-" -f 2-100)
                                         if [[ "$INPUT_VERBOSE" == true ]]; then
                                             echo "First-level dependencies for ${array_alertGh[0]} in /previous/pom.xml."
@@ -337,10 +337,10 @@ do
         fi
         if [[ "$severityLevel" == *"${array_vulnPackage[1]}"* ]]; then
             cd "$pomManifestPath" || exit
-            dep_level=$(mvn dependency:tree -DoutputType=dot -Dincludes="${array_vulnPackage[0]}" | grep -e "->" | cut -d ">" -f 2 | cut -d '"' -f 2 | cut -d ":" -f 1-2)
+            dep_level=$(mvn -ntp dependency:tree -DoutputType=dot -Dincludes="${array_vulnPackage[0]}" | grep -e "->" | cut -d ">" -f 2 | cut -d '"' -f 2 | cut -d ":" -f 1-2)
             IFS=' ' read -r -a dependency_level <<< "$dep_level"
             vulPackage+="${dependency_level[0]}|"
-            tempFirstLevelDependencies=$(mvn dependency:tree -Dincludes="${array_vulnPackage[0]}" -Dverbose | grep -e "\\\-" -e "\+\-" | grep -v -e "\s\s\\\-" -e "\s\s+\-" | cut -d "-" -f 2-100)
+            tempFirstLevelDependencies=$(mvn -ntp dependency:tree -Dincludes="${array_vulnPackage[0]}" -Dverbose | grep -e "\\\-" -e "\+\-" | grep -v -e "\s\s\\\-" -e "\s\s+\-" | cut -d "-" -f 2-100)
             IFS=$'\n' read -d '' -r -a firstLevelDependencies <<< "$tempFirstLevelDependencies"
             vulPackage+="${firstLevelDependencies[*]}|"
             githubAlerts+=("$vulPackage")
diff --git a/local_dependency.sh b/local_dependency.sh
index b0b9c4d..22031c8 100644
--- a/local_dependency.sh
+++ b/local_dependency.sh
@@ -5,6 +5,6 @@ if [ -n "$INPUT_LOCAL_DEPENDENCY" ]; then
     for localDep in "${arrayLocalDeps[@]}"
     do
         IFS=':' read -r -a arrayLocalDep <<< "$localDep"
-        mvn install:install-file -Dfile="${arrayLocalDep[0]}" -DgroupId="${arrayLocalDep[1]}" -DartifactId="${arrayLocalDep[2]}" -Dversion="${arrayLocalDep[3]}" -Dpackaging="${arrayLocalDep[4]}"
+        mvn -ntp install:install-file -Dfile="${arrayLocalDep[0]}" -DgroupId="${arrayLocalDep[1]}" -DartifactId="${arrayLocalDep[2]}" -Dversion="${arrayLocalDep[3]}" -Dpackaging="${arrayLocalDep[4]}"
     done
 fi
\ No newline at end of file