diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CpeUpdater.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CpeUpdater.java index f1c82a095..4ddc7e418 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CpeUpdater.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CpeUpdater.java @@ -36,6 +36,7 @@ import org.owasp.dependencycheck.data.update.exception.UpdateException; import org.owasp.dependencycheck.utils.DateUtil; import org.owasp.dependencycheck.utils.DownloadFailedException; import org.owasp.dependencycheck.utils.Downloader; +import org.owasp.dependencycheck.utils.ExtractionUtil; import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.utils.XmlUtils; import org.slf4j.Logger; @@ -111,7 +112,7 @@ public class CpeUpdater extends BaseUpdater implements CachedWebDataSource { xml = File.createTempFile("cpe", ".xml", Settings.getTempDirectory()); Downloader.fetchFile(url, xml); if (url.toExternalForm().endsWith(".xml.gz")) { - extractGzip(xml); + ExtractionUtil.extractGzip(xml); } } catch (MalformedURLException ex) { @@ -163,59 +164,4 @@ public class CpeUpdater extends BaseUpdater implements CachedWebDataSource { } return !DateUtil.withinDateRange(timestamp, now, days); } - - /** - * Extracts the file contained in a gzip archive. The extracted file is - * placed in the exact same path as the file specified. - * - * @param file the archive file - * @throws FileNotFoundException thrown if the file does not exist - * @throws IOException thrown if there is an error extracting the file. - */ - private void extractGzip(File file) throws FileNotFoundException, IOException { - //TODO - move this to a util class as it is duplicative of (copy of) code in the DownloadTask - final String originalPath = file.getPath(); - final File gzip = new File(originalPath + ".gz"); - if (gzip.isFile() && !gzip.delete()) { - LOGGER.debug("Failed to delete intial temporary file {}", gzip.toString()); - gzip.deleteOnExit(); - } - if (!file.renameTo(gzip)) { - throw new IOException("Unable to rename '" + file.getPath() + "'"); - } - final File newfile = new File(originalPath); - - final byte[] buffer = new byte[4096]; - - GZIPInputStream cin = null; - FileOutputStream out = null; - try { - cin = new GZIPInputStream(new FileInputStream(gzip)); - out = new FileOutputStream(newfile); - - int len; - while ((len = cin.read(buffer)) > 0) { - out.write(buffer, 0, len); - } - } finally { - if (cin != null) { - try { - cin.close(); - } catch (IOException ex) { - LOGGER.trace("ignore", ex); - } - } - if (out != null) { - try { - out.close(); - } catch (IOException ex) { - LOGGER.trace("ignore", ex); - } - } - if (gzip.isFile() && !FileUtils.deleteQuietly(gzip)) { - LOGGER.debug("Failed to delete temporary file {}", gzip.toString()); - gzip.deleteOnExit(); - } - } - } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/DownloadTask.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/DownloadTask.java index f6d29e811..bf6012d08 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/DownloadTask.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/DownloadTask.java @@ -33,6 +33,7 @@ import org.owasp.dependencycheck.data.nvdcve.CveDB; import org.owasp.dependencycheck.data.update.exception.UpdateException; import org.owasp.dependencycheck.utils.DownloadFailedException; import org.owasp.dependencycheck.utils.Downloader; +import org.owasp.dependencycheck.utils.ExtractionUtil; import org.owasp.dependencycheck.utils.Settings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -179,10 +180,10 @@ public class DownloadTask implements Callable> { return null; } if (url1.toExternalForm().endsWith(".xml.gz") && !isXml(first)) { - extractGzip(first); + ExtractionUtil.extractGzip(first); } if (url2.toExternalForm().endsWith(".xml.gz") && !isXml(second)) { - extractGzip(second); + ExtractionUtil.extractGzip(second); } LOGGER.info("Download Complete for NVD CVE - {} ({} ms)", nvdCveInfo.getId(), @@ -255,58 +256,4 @@ public class DownloadTask implements Callable> { } } } - - /** - * Extracts the file contained in a gzip archive. The extracted file is - * placed in the exact same path as the file specified. - * - * @param file the archive file - * @throws FileNotFoundException thrown if the file does not exist - * @throws IOException thrown if there is an error extracting the file. - */ - private void extractGzip(File file) throws FileNotFoundException, IOException { - final String originalPath = file.getPath(); - final File gzip = new File(originalPath + ".gz"); - if (gzip.isFile() && !gzip.delete()) { - LOGGER.debug("Failed to delete initial temporary file when extracting 'gz' {}", gzip.toString()); - gzip.deleteOnExit(); - } - if (!file.renameTo(gzip)) { - throw new IOException("Unable to rename '" + file.getPath() + "'"); - } - final File newfile = new File(originalPath); - - final byte[] buffer = new byte[4096]; - - GZIPInputStream cin = null; - FileOutputStream out = null; - try { - cin = new GZIPInputStream(new FileInputStream(gzip)); - out = new FileOutputStream(newfile); - - int len; - while ((len = cin.read(buffer)) > 0) { - out.write(buffer, 0, len); - } - } finally { - if (cin != null) { - try { - cin.close(); - } catch (IOException ex) { - LOGGER.trace("ignore", ex); - } - } - if (out != null) { - try { - out.close(); - } catch (IOException ex) { - LOGGER.trace("ignore", ex); - } - } - if (gzip.isFile() && !FileUtils.deleteQuietly(gzip)) { - LOGGER.debug("Failed to delete temporary file when extracting 'gz' {}", gzip.toString()); - gzip.deleteOnExit(); - } - } - } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java index b55cffca7..9b137b5f6 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java @@ -24,6 +24,7 @@ import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.FilenameFilter; import java.io.IOException; +import java.util.zip.GZIPInputStream; import java.util.zip.ZipEntry; import java.util.zip.ZipInputStream; @@ -60,20 +61,24 @@ public final class ExtractionUtil { * * @param archive an archive file such as a WAR or EAR * @param extractTo a directory to extract the contents to - * @throws ExtractionException thrown if an exception occurs while extracting the files + * @throws ExtractionException thrown if an exception occurs while + * extracting the files */ public static void extractFiles(File archive, File extractTo) throws ExtractionException { extractFiles(archive, extractTo, null); } /** - * Extracts the contents of an archive into the specified directory. The files are only extracted if they are supported by the - * analyzers loaded into the specified engine. If the engine is specified as null then all files are extracted. + * Extracts the contents of an archive into the specified directory. The + * files are only extracted if they are supported by the analyzers loaded + * into the specified engine. If the engine is specified as null then all + * files are extracted. * * @param archive an archive file such as a WAR or EAR * @param extractTo a directory to extract the contents to * @param engine the scanning engine - * @throws ExtractionException thrown if there is an error extracting the files + * @throws ExtractionException thrown if there is an error extracting the + * files */ public static void extractFiles(File archive, File extractTo, Engine engine) throws ExtractionException { if (archive == null || extractTo == null) { @@ -171,7 +176,8 @@ public final class ExtractionUtil { * @param input the archive to extract files from * @param destination the location to write the files too * @param filter determines which files get extracted - * @throws ArchiveExtractionException thrown if there is an exception extracting files from the archive + * @throws ArchiveExtractionException thrown if there is an exception + * extracting files from the archive */ private static void extractArchive(ArchiveInputStream input, File destination, FilenameFilter filter) @@ -201,13 +207,15 @@ public final class ExtractionUtil { } /** - * Extracts a file from an archive (input stream) and correctly builds the directory structure. + * Extracts a file from an archive (input stream) and correctly builds the + * directory structure. * * @param input the archive input stream * @param destination where to write the file * @param filter the file filter to apply to the files being extracted * @param entry the entry from the archive to extract - * @throws ExtractionException thrown if there is an error reading from the archive stream + * @throws ExtractionException thrown if there is an error reading from the + * archive stream */ private static void extractFile(ArchiveInputStream input, File destination, FilenameFilter filter, ArchiveEntry entry) throws ExtractionException { @@ -238,10 +246,12 @@ public final class ExtractionUtil { } /** - * Ensures the parent path is correctly created on disk so that the file can be extracted to the correct location. + * Ensures the parent path is correctly created on disk so that the file can + * be extracted to the correct location. * * @param file the file path - * @throws ExtractionException thrown if the parent paths could not be created + * @throws ExtractionException thrown if the parent paths could not be + * created */ private static void createParentFile(final File file) throws ExtractionException { @@ -253,4 +263,58 @@ public final class ExtractionUtil { throw new ExtractionException(msg); } } + + /** + * Extracts the file contained in a gzip archive. The extracted file is + * placed in the exact same path as the file specified. + * + * @param file the archive file + * @throws FileNotFoundException thrown if the file does not exist + * @throws IOException thrown if there is an error extracting the file. + */ + public static void extractGzip(File file) throws FileNotFoundException, IOException { + final String originalPath = file.getPath(); + final File gzip = new File(originalPath + ".gz"); + if (gzip.isFile() && !gzip.delete()) { + LOGGER.debug("Failed to delete initial temporary file when extracting 'gz' {}", gzip.toString()); + gzip.deleteOnExit(); + } + if (!file.renameTo(gzip)) { + throw new IOException("Unable to rename '" + file.getPath() + "'"); + } + final File newfile = new File(originalPath); + + final byte[] buffer = new byte[4096]; + + GZIPInputStream cin = null; + FileOutputStream out = null; + try { + cin = new GZIPInputStream(new FileInputStream(gzip)); + out = new FileOutputStream(newfile); + + int len; + while ((len = cin.read(buffer)) > 0) { + out.write(buffer, 0, len); + } + } finally { + if (cin != null) { + try { + cin.close(); + } catch (IOException ex) { + LOGGER.trace("ignore", ex); + } + } + if (out != null) { + try { + out.close(); + } catch (IOException ex) { + LOGGER.trace("ignore", ex); + } + } + if (gzip.isFile() && !org.apache.commons.io.FileUtils.deleteQuietly(gzip)) { + LOGGER.debug("Failed to delete temporary file when extracting 'gz' {}", gzip.toString()); + gzip.deleteOnExit(); + } + } + } }