diff --git a/src/main/groovy/org/owasp/dependencycheck/gradle/DependencyCheckPlugin.groovy b/src/main/groovy/org/owasp/dependencycheck/gradle/DependencyCheckPlugin.groovy index fafadea..e6a9f9a 100644 --- a/src/main/groovy/org/owasp/dependencycheck/gradle/DependencyCheckPlugin.groovy +++ b/src/main/groovy/org/owasp/dependencycheck/gradle/DependencyCheckPlugin.groovy @@ -29,6 +29,10 @@ import org.owasp.dependencycheck.gradle.tasks.Analyze import org.owasp.dependencycheck.gradle.tasks.Purge import org.owasp.dependencycheck.gradle.tasks.Update +import java.nio.charset.StandardCharsets +import java.util.logging.Level +import java.util.logging.LogManager + @CompileStatic class DependencyCheckPlugin implements Plugin { static final GradleVersion MINIMUM_GRADLE_VERSION = GradleVersion.version("4.0") @@ -42,6 +46,10 @@ class DependencyCheckPlugin implements Plugin { /* configuration extensions */ private static final String CHECK_EXTENSION_NAME = "dependencyCheck" + static { + muteNoisyLoggers() + } + void apply(Project project) { checkGradleVersion(project) initializeConfigurations(project) @@ -77,4 +85,22 @@ class DependencyCheckPlugin implements Plugin { } } } + + /** + * Hacky method of muting the noisy logging from certain libraries. + * + * Normally in ODC we'd rely on the jul-to-slf4j bridge and then configuration of the SLF4J logging backend, but + * we shouldn't make assumptions about the backend within Gradle, and Gradle has its own logging bridges; + * so all we can really do is adjust java.util.logging configuration directly + */ + private static void muteNoisyLoggers() { + // Mirrors the configuration within cli/src/main/resources/logback.xml + final String noisyJavaUtilLoggerConfig = Map.of( + "org.apache.lucene", Level.SEVERE, + ).collect { cat -> "${cat.key}.level = ${cat.value}" }.join(System.lineSeparator()) + + try (def configStream = new ByteArrayInputStream(noisyJavaUtilLoggerConfig.getBytes(StandardCharsets.UTF_8))) { + LogManager.logManager.updateConfiguration(configStream, null) + } + } }