jeremylong · AntoineLange · Dec 18, 2024
diff --git a/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java b/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java
@@ -223,6 +223,11 @@ public class Check extends Update {
      * report.
      */
     private String reportOutputDirectory = ".";
+    /**
+     * Specifies a prefix of the filename for the generated Dependency-Check
+     * report.
+     */
+    private String reportPrefixName = "dependency-check";
     /**
      * If using the JUNIT report format the junitFailOnCVSS sets the CVSS score
      * threshold that is considered a failure. The default is 0.
@@ -610,6 +615,24 @@ public void setReportOutputDirectory(String reportOutputDirectory) {
         this.reportOutputDirectory = reportOutputDirectory;
     }
 
+    /**
+     * Get the value of reportPrefixName.
+     *
+     * @return the value of reportPrefixName
+     */
+    public String getReportPrefixName() {
+        return reportPrefixName;
+    }
+
+    /**
+     * Set the value of reportPrefixName.
+     *
+     * @param reportPrefixName new value of reportPrefixName
+     */
+    public void setReportPrefixName(String reportPrefixName) {
+        this.reportPrefixName = reportPrefixName;
+    }
+
     /**
      * Get the value of failBuildOnCVSS.
      *
@@ -2118,7 +2141,7 @@ protected void executeWithContextClassloader() throws BuildException {
             final ExceptionCollection exceptions = callExecuteAnalysis(engine);
             if (exceptions == null || !exceptions.isFatal()) {
                 for (String format : getReportFormats()) {
-                    engine.writeReports(getProjectName(), new File(reportOutputDirectory), format, exceptions);
+                    engine.writeReports(getProjectName(), new File(reportOutputDirectory), reportPrefixName, format, exceptions);
                 }
                 if (this.failBuildOnCVSS <= 10) {
                     checkForFailure(engine.getDependencies());

diff --git a/core/src/main/java/org/owasp/dependencycheck/Engine.java b/core/src/main/java/org/owasp/dependencycheck/Engine.java
@@ -1190,11 +1190,11 @@ private void throwFatalExceptionCollection(String message, @NotNull final Throwa
      * @param format the report format (see {@link ReportGenerator.Format})
      * @throws ReportException thrown if there is an error generating the report
      * @deprecated use
-     * {@link #writeReports(java.lang.String, java.io.File, java.lang.String, org.owasp.dependencycheck.exception.ExceptionCollection)}
+     * {@link #writeReports(java.lang.String, java.io.File, java.lang.String, java.lang.String, org.owasp.dependencycheck.exception.ExceptionCollection)}
      */
     @Deprecated
     public void writeReports(String applicationName, File outputDir, String format) throws ReportException {
-        writeReports(applicationName, null, null, null, outputDir, format, null);
+        writeReports(applicationName, null, null, null, outputDir, "dependency-check", format, null);
     }
 
     //CSOFF: LineLength
@@ -1204,13 +1204,14 @@ public void writeReports(String applicationName, File outputDir, String format)
      * @param applicationName the name of the application/project
      * @param outputDir the path to the output directory (can include the full
      * file name if the format is not ALL)
+     * @param reportPrefixName the prefix of the report filename
      * @param format the report format (see {@link ReportGenerator.Format})
      * @param exceptions a collection of exceptions that may have occurred
      * during the analysis
      * @throws ReportException thrown if there is an error generating the report
      */
-    public void writeReports(String applicationName, File outputDir, String format, ExceptionCollection exceptions) throws ReportException {
-        writeReports(applicationName, null, null, null, outputDir, format, exceptions);
+    public void writeReports(String applicationName, File outputDir, String reportPrefixName, String format, ExceptionCollection exceptions) throws ReportException {
+        writeReports(applicationName, null, null, null, outputDir, reportPrefixName, format, exceptions);
     }
     //CSON: LineLength
 
@@ -1226,13 +1227,13 @@ public void writeReports(String applicationName, File outputDir, String format,
      * @param format the report format (see {@link ReportGenerator.Format})
      * @throws ReportException thrown if there is an error generating the report
      * @deprecated use
-     * {@link #writeReports(String, String, String, String, File, String, ExceptionCollection)}
+     * {@link #writeReports(String, String, String, String, File, String, String, ExceptionCollection)}
      */
     @Deprecated
     public synchronized void writeReports(String applicationName, @Nullable final String groupId,
             @Nullable final String artifactId, @Nullable final String version,
             @NotNull final File outputDir, String format) throws ReportException {
-        writeReports(applicationName, groupId, artifactId, version, outputDir, format, null);
+        writeReports(applicationName, groupId, artifactId, version, outputDir, "dependency-check", format, null);
     }
 
     //CSOFF: LineLength
@@ -1245,14 +1246,16 @@ public synchronized void writeReports(String applicationName, @Nullable final St
      * @param version the Maven version
      * @param outputDir the path to the output directory (can include the full
      * file name if the format is not ALL)
+     * @param reportPrefixName the prefix of the report filename
      * @param format the report format  (see {@link ReportGenerator.Format})
      * @param exceptions a collection of exceptions that may have occurred
      * during the analysis
      * @throws ReportException thrown if there is an error generating the report
      */
     public synchronized void writeReports(String applicationName, @Nullable final String groupId,
             @Nullable final String artifactId, @Nullable final String version,
-            @NotNull final File outputDir, String format, ExceptionCollection exceptions) throws ReportException {
+            @NotNull final File outputDir, @NotNull String reportPrefixName,
+            String format, ExceptionCollection exceptions) throws ReportException {
         if (mode == Mode.EVIDENCE_COLLECTION) {
             throw new UnsupportedOperationException("Cannot generate report in evidence collection mode.");
         }
@@ -1261,7 +1264,7 @@ public synchronized void writeReports(String applicationName, @Nullable final St
         final ReportGenerator r = new ReportGenerator(applicationName, groupId, artifactId, version,
                 dependencies, getAnalyzers(), prop, settings, exceptions);
         try {
-            r.write(outputDir.getAbsolutePath(), format);
+            r.write(outputDir.getAbsolutePath(), reportPrefixName, format);
         } catch (ReportException ex) {
             final String msg = String.format("Error generating the report for %s", applicationName);
             LOGGER.debug(msg, ex);

diff --git a/core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java b/core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java
@@ -22,6 +22,7 @@
 import com.fasterxml.jackson.core.JsonParser;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import org.apache.commons.io.FilenameUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.text.WordUtils;
 import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
@@ -308,13 +309,14 @@ private VelocityEngine createVelocityEngine() {
      * Writes the dependency-check report to the given output location.
      *
      * @param outputLocation the path where the reports should be written
+     * @param reportPrefixName the prefix of the report filename
      * @param format the format the report should be written in (a valid member
      * of {@link Format}) or even the path to a custom velocity template
      * (either fully qualified or the template name on the class path).
      * @throws ReportException is thrown if there is an error creating out the
      * reports
      */
-    public void write(String outputLocation, String format) throws ReportException {
+    public void write(String outputLocation, String reportPrefixName, String format) throws ReportException {
         Format reportFormat = null;
         try {
             reportFormat = Format.valueOf(format.toUpperCase());
@@ -323,9 +325,9 @@ public void write(String outputLocation, String format) throws ReportException {
         }
 
         if (reportFormat != null) {
-            write(outputLocation, reportFormat);
+            write(outputLocation, reportPrefixName, reportFormat);
         } else {
-            File out = getReportFile(outputLocation, null);
+            File out = getReportFile(outputLocation, reportPrefixName, null);
             if (out.isDirectory()) {
                 out = new File(out, FilenameUtils.getBaseName(format));
                 LOGGER.warn("Writing non-standard VSL output to a directory using template name as file name.");
@@ -340,20 +342,21 @@ public void write(String outputLocation, String format) throws ReportException {
      * Writes the dependency-check report(s).
      *
      * @param outputLocation the path where the reports should be written
+     * @param reportPrefixName the prefix of the report filename
      * @param format the format the report should be written in (see
      * {@link Format})
      * @throws ReportException is thrown if there is an error creating out the
      * reports
      */
-    public void write(String outputLocation, Format format) throws ReportException {
+    public void write(String outputLocation, String reportPrefixName, Format format) throws ReportException {
         if (format == Format.ALL) {
             for (Format f : Format.values()) {
                 if (f != Format.ALL) {
-                    write(outputLocation, f);
+                    write(outputLocation, reportPrefixName, f);
                 }
             }
         } else {
-            final File out = getReportFile(outputLocation, format);
+            final File out = getReportFile(outputLocation, reportPrefixName, format);
             final String templateName = format.toString().toLowerCase() + "Report";
             LOGGER.info("Writing {} report to: {}", format, out.getAbsolutePath());
             processTemplate(templateName, out);
@@ -375,38 +378,39 @@ public void write(String outputLocation, Format format) throws ReportException {
      * will generate the correct name for the given output format.
      *
      * @param outputLocation the specified output location
+     * @param reportPrefixName the prefix of the report filename
      * @param format the report format
      * @return the report File
      */
-    public static File getReportFile(String outputLocation, Format format) {
+    public static File getReportFile(String outputLocation, String reportPrefixName, Format format) {
         File outFile = new File(outputLocation);
         if (outFile.getParentFile() == null) {
             outFile = new File(".", outputLocation);
         }
         final String pathToCheck = outputLocation.toLowerCase();
         if (format == Format.XML && !pathToCheck.endsWith(".xml")) {
-            return new File(outFile, "dependency-check-report.xml");
+            return new File(outFile, reportPrefixName + "-report.xml");
         }
         if (format == Format.HTML && !pathToCheck.endsWith(".html") && !pathToCheck.endsWith(".htm")) {
-            return new File(outFile, "dependency-check-report.html");
+            return new File(outFile, reportPrefixName + "-report.html");
         }
         if (format == Format.JENKINS && !pathToCheck.endsWith(".html") && !pathToCheck.endsWith(".htm")) {
-            return new File(outFile, "dependency-check-jenkins.html");
+            return new File(outFile, reportPrefixName + "-jenkins.html");
         }
         if (format == Format.JSON && !pathToCheck.endsWith(".json")) {
-            return new File(outFile, "dependency-check-report.json");
+            return new File(outFile, reportPrefixName + "-report.json");
         }
         if (format == Format.CSV && !pathToCheck.endsWith(".csv")) {
-            return new File(outFile, "dependency-check-report.csv");
+            return new File(outFile, reportPrefixName + "-report.csv");
         }
         if (format == Format.JUNIT && !pathToCheck.endsWith(".xml")) {
-            return new File(outFile, "dependency-check-junit.xml");
+            return new File(outFile, reportPrefixName + "-report.xml");
         }
         if (format == Format.SARIF && !pathToCheck.endsWith(".sarif")) {
-            return new File(outFile, "dependency-check-report.sarif");
+            return new File(outFile, reportPrefixName + "-report.sarif");
         }
         if (format == Format.GITLAB && !pathToCheck.endsWith(".json")) {
-            return new File(outFile, "dependency-check-gitlab.json");
+            return new File(outFile, reportPrefixName + "-gitlab.json");
         }
         return outFile;
     }