#!/bin/sh

# By default, this writes to /var/cache/owasp-dependency-check/data/dc.h2.db to cache vulnerability databases.
# Both read and write access to the cached database requires an exclusive lock file inside the same directory
# (even with `--noupdate`), so it's recommended to specify `--data PATH_TO_DATA_DIRECTORY` to ensure usability
# of the database by non-root users. Without the parameter, it defaults to write files into
# /var/cache/owasp-dependency-check/data.
#
# `--cve*` arguments fix https://github.com/jeremylong/DependencyCheck/issues/1171 until the changed URLs
# get released.
"%%LOCALBASE%%/bin/java" \
	-Dbasedir="/var/cache/owasp-dependency-check" \
	-jar "%%JAVAJARDIR%%/owasp-dependency-check-%%PORTVERSION%%-jar-with-dependencies.jar" \
	--cveUrl12Base "https://nvd.nist.gov/feeds/xml/cve/1.2/nvdcve-%d.xml.gz" \
	--cveUrl20Base "https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-%d.xml.gz" \
	--cveUrl12Modified "https://nvd.nist.gov/feeds/xml/cve/1.2/nvdcve-modified.xml.gz" \
	--cveUrl20Modified "https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-modified.xml.gz" \
	"$@"