nonProxyHosts are not working

[GFriedrich]

Hi @jeremylong, even though a fix for the nonProxyHosts property was tried via #185, it is still broken. Reason is this code snippet: https://github.com/jeremylong/dependency-check-gradle/blob/b3206077654ff9090d2633b8ad67bf7654e2b13f/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/ConfiguredTask.groovy#L175-L177 It checks via Groovy magic whether the object has the property "nonProxyHosts". It does ... but sadly the field is private and can't be accessed. Therefore this check always returns false and the configuration is never used. So either you add some more hackish reflection there or go a completely different way. But the current solution sadly is not working at all. 😢

[GFriedrich]

I've found even more issues: The JavaSystemPropertiesProxySettings class already converts the values to a Pattern class whereas the ProxyExtension class still expects a List<String> and not List<Pattern>

But there is even more: Once the List<String> is available the setArrayIfNotEmpty method is called. It will convert the list to a JSON String so you end up with something like: ["no.proxy.com","even.no.proxy.com"] But the OWASP check expects a completely different format, which is: no.proxy.com|even.no.proxy.com

So the entire support for nonProxyHosts looks a bit fishy to me.

[jeremylong]

Sorry about the delayed response - we accept PRs... I haven't found a good way to obtain the non-proxy host from gradle itself.

[dietzsch]

Hi @jeremylong, is there any update on this issue since 2020? It seems that the no proxy is still not used even in the latest version. Thx!

[jeremylong]

@dietzsch thanks for pinging me on the issue. See #286 - this will be included in the next release.

[dietzsch]

Hi @jeremylong, thank you for the update! Then I will check on the next release.