chore: allow messages via EngineVersionCheck (#7353)

Author: jeremylong

core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java

@@ -21,7 +21,9 @@
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
 import javax.annotation.concurrent.ThreadSafe;
+
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
@@ -167,13 +169,21 @@ public boolean update(Engine engine) throws UpdateException {
      * github documentation site or accessing the local database.
      */
     protected boolean shouldUpdate(final long lastChecked, final long now, final DatabaseProperties properties,
-            String currentVersion) throws UpdateException {
+                                   String currentVersion) throws UpdateException {
         //check every 30 days if we know there is an update, otherwise check every 7 days
         final int checkRange = 30;
         if (!DateUtil.withinDateRange(lastChecked, now, checkRange)) {
             LOGGER.debug("Checking web for new version.");
-            final String currentRelease = getCurrentReleaseVersion();
-            if (currentRelease != null) {
+            final String publishedData = getCurrentReleaseVersion();
+            if (publishedData != null) {
+                final String[] parts = publishedData.split("\n");
+                if (parts.length > 1) {
+                    final String message = String.join("\n", Arrays.copyOfRange(parts, 1, parts.length)).trim();
+                    LOGGER.warn("\n\n*********************************************************\n"
+                            + message
+                            + "\n*********************************************************\n");
+                }
+                final String currentRelease = parts[0].trim();
                 final DependencyVersion v = new DependencyVersion(currentRelease);
                 if (v.getVersionParts() != null && v.getVersionParts().size() >= 3) {
                     updateToVersion = v.toString();

core/src/test/java/org/owasp/dependencycheck/utils/DependencyVersionTest.java

@@ -46,6 +46,7 @@ public void testParseVersion() {
         assertEquals("2", parts.get(1));
         assertEquals("r1", parts.get(2));
 
+        version = "x6.0";
         instance.parseVersion("x6.0");
         parts = instance.getVersionParts();
         assertEquals(2, parts.size());
@@ -54,6 +55,15 @@ public void testParseVersion() {
         // TODO(code review): should this be here/do something?
         //assertEquals("0", parts.get(2));
 
+
+        version = "1.2.3\nThis is a test message";
+        instance = new DependencyVersion();
+        instance.parseVersion(version);
+        parts = instance.getVersionParts();
+        assertEquals(3, parts.size());
+        assertEquals("1", parts.get(0));
+        assertEquals("2", parts.get(1));
+        assertEquals("3", parts.get(2));
     }
 
     /**