reduced code duplciation

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CpeUpdater.java

@@ -36,6 +36,7 @@ import org.owasp.dependencycheck.data.update.exception.UpdateException;
 import org.owasp.dependencycheck.utils.DateUtil;
 import org.owasp.dependencycheck.utils.DownloadFailedException;
 import org.owasp.dependencycheck.utils.Downloader;
+import org.owasp.dependencycheck.utils.ExtractionUtil;
 import org.owasp.dependencycheck.utils.Settings;
 import org.owasp.dependencycheck.utils.XmlUtils;
 import org.slf4j.Logger;
@@ -111,7 +112,7 @@ public class CpeUpdater extends BaseUpdater implements CachedWebDataSource {
             xml = File.createTempFile("cpe", ".xml", Settings.getTempDirectory());
             Downloader.fetchFile(url, xml);
             if (url.toExternalForm().endsWith(".xml.gz")) {
-                extractGzip(xml);
+                ExtractionUtil.extractGzip(xml);
             }
 
         } catch (MalformedURLException ex) {
@@ -163,59 +164,4 @@ public class CpeUpdater extends BaseUpdater implements CachedWebDataSource {
         }
         return !DateUtil.withinDateRange(timestamp, now, days);
     }
-
-    /**
-     * Extracts the file contained in a gzip archive. The extracted file is
-     * placed in the exact same path as the file specified.
-     *
-     * @param file the archive file
-     * @throws FileNotFoundException thrown if the file does not exist
-     * @throws IOException thrown if there is an error extracting the file.
-     */
-    private void extractGzip(File file) throws FileNotFoundException, IOException {
-        //TODO - move this to a util class as it is duplicative of (copy of) code in the DownloadTask
-        final String originalPath = file.getPath();
-        final File gzip = new File(originalPath + ".gz");
-        if (gzip.isFile() && !gzip.delete()) {
-            LOGGER.debug("Failed to delete intial temporary file {}", gzip.toString());
-            gzip.deleteOnExit();
-        }
-        if (!file.renameTo(gzip)) {
-            throw new IOException("Unable to rename '" + file.getPath() + "'");
-        }
-        final File newfile = new File(originalPath);
-
-        final byte[] buffer = new byte[4096];
-
-        GZIPInputStream cin = null;
-        FileOutputStream out = null;
-        try {
-            cin = new GZIPInputStream(new FileInputStream(gzip));
-            out = new FileOutputStream(newfile);
-
-            int len;
-            while ((len = cin.read(buffer)) > 0) {
-                out.write(buffer, 0, len);
-            }
-        } finally {
-            if (cin != null) {
-                try {
-                    cin.close();
-                } catch (IOException ex) {
-                    LOGGER.trace("ignore", ex);
-                }
-            }
-            if (out != null) {
-                try {
-                    out.close();
-                } catch (IOException ex) {
-                    LOGGER.trace("ignore", ex);
-                }
-            }
-            if (gzip.isFile() && !FileUtils.deleteQuietly(gzip)) {
-                LOGGER.debug("Failed to delete temporary file {}", gzip.toString());
-                gzip.deleteOnExit();
-            }
-        }
-    }
 }

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/DownloadTask.java

@@ -33,6 +33,7 @@ import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.update.exception.UpdateException;
 import org.owasp.dependencycheck.utils.DownloadFailedException;
 import org.owasp.dependencycheck.utils.Downloader;
+import org.owasp.dependencycheck.utils.ExtractionUtil;
 import org.owasp.dependencycheck.utils.Settings;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -179,10 +180,10 @@ public class DownloadTask implements Callable<Future<ProcessTask>> {
                 return null;
             }
             if (url1.toExternalForm().endsWith(".xml.gz") && !isXml(first)) {
-                extractGzip(first);
+                ExtractionUtil.extractGzip(first);
             }
             if (url2.toExternalForm().endsWith(".xml.gz") && !isXml(second)) {
-                extractGzip(second);
+                ExtractionUtil.extractGzip(second);
             }
 
             LOGGER.info("Download Complete for NVD CVE - {}  ({} ms)", nvdCveInfo.getId(),
@@ -255,58 +256,4 @@ public class DownloadTask implements Callable<Future<ProcessTask>> {
             }
         }
     }
-
-    /**
-     * Extracts the file contained in a gzip archive. The extracted file is
-     * placed in the exact same path as the file specified.
-     *
-     * @param file the archive file
-     * @throws FileNotFoundException thrown if the file does not exist
-     * @throws IOException thrown if there is an error extracting the file.
-     */
-    private void extractGzip(File file) throws FileNotFoundException, IOException {
-        final String originalPath = file.getPath();
-        final File gzip = new File(originalPath + ".gz");
-        if (gzip.isFile() && !gzip.delete()) {
-            LOGGER.debug("Failed to delete initial temporary file when extracting 'gz' {}", gzip.toString());
-            gzip.deleteOnExit();
-        }
-        if (!file.renameTo(gzip)) {
-            throw new IOException("Unable to rename '" + file.getPath() + "'");
-        }
-        final File newfile = new File(originalPath);
-
-        final byte[] buffer = new byte[4096];
-
-        GZIPInputStream cin = null;
-        FileOutputStream out = null;
-        try {
-            cin = new GZIPInputStream(new FileInputStream(gzip));
-            out = new FileOutputStream(newfile);
-
-            int len;
-            while ((len = cin.read(buffer)) > 0) {
-                out.write(buffer, 0, len);
-            }
-        } finally {
-            if (cin != null) {
-                try {
-                    cin.close();
-                } catch (IOException ex) {
-                    LOGGER.trace("ignore", ex);
-                }
-            }
-            if (out != null) {
-                try {
-                    out.close();
-                } catch (IOException ex) {
-                    LOGGER.trace("ignore", ex);
-                }
-            }
-            if (gzip.isFile() && !FileUtils.deleteQuietly(gzip)) {
-                LOGGER.debug("Failed to delete temporary file when extracting 'gz' {}", gzip.toString());
-                gzip.deleteOnExit();
-            }
-        }
-    }
 }

dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java

@@ -24,6 +24,7 @@ import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
 import java.io.FilenameFilter;
 import java.io.IOException;
+import java.util.zip.GZIPInputStream;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipInputStream;
 
@@ -60,20 +61,24 @@ public final class ExtractionUtil {
      *
      * @param archive an archive file such as a WAR or EAR
      * @param extractTo a directory to extract the contents to
-     * @throws ExtractionException thrown if an exception occurs while extracting the files
+     * @throws ExtractionException thrown if an exception occurs while
+     * extracting the files
      */
     public static void extractFiles(File archive, File extractTo) throws ExtractionException {
         extractFiles(archive, extractTo, null);
     }
 
     /**
-     * Extracts the contents of an archive into the specified directory. The files are only extracted if they are supported by the
+     * Extracts the contents of an archive into the specified directory. The
-     * analyzers loaded into the specified engine. If the engine is specified as null then all files are extracted.
+     * files are only extracted if they are supported by the analyzers loaded
+     * into the specified engine. If the engine is specified as null then all
+     * files are extracted.
      *
      * @param archive an archive file such as a WAR or EAR
      * @param extractTo a directory to extract the contents to
      * @param engine the scanning engine
-     * @throws ExtractionException thrown if there is an error extracting the files
+     * @throws ExtractionException thrown if there is an error extracting the
+     * files
      */
     public static void extractFiles(File archive, File extractTo, Engine engine) throws ExtractionException {
         if (archive == null || extractTo == null) {
@@ -171,7 +176,8 @@ public final class ExtractionUtil {
      * @param input the archive to extract files from
      * @param destination the location to write the files too
      * @param filter determines which files get extracted
-     * @throws ArchiveExtractionException thrown if there is an exception extracting files from the archive
+     * @throws ArchiveExtractionException thrown if there is an exception
+     * extracting files from the archive
      */
     private static void extractArchive(ArchiveInputStream input,
             File destination, FilenameFilter filter)
@@ -201,13 +207,15 @@ public final class ExtractionUtil {
     }
 
     /**
-     * Extracts a file from an archive (input stream) and correctly builds the directory structure.
+     * Extracts a file from an archive (input stream) and correctly builds the
+     * directory structure.
      *
      * @param input the archive input stream
      * @param destination where to write the file
      * @param filter the file filter to apply to the files being extracted
      * @param entry the entry from the archive to extract
-     * @throws ExtractionException thrown if there is an error reading from the archive stream
+     * @throws ExtractionException thrown if there is an error reading from the
+     * archive stream
      */
     private static void extractFile(ArchiveInputStream input, File destination,
             FilenameFilter filter, ArchiveEntry entry) throws ExtractionException {
@@ -238,10 +246,12 @@ public final class ExtractionUtil {
     }
 
     /**
-     * Ensures the parent path is correctly created on disk so that the file can be extracted to the correct location.
+     * Ensures the parent path is correctly created on disk so that the file can
+     * be extracted to the correct location.
      *
      * @param file the file path
-     * @throws ExtractionException thrown if the parent paths could not be created
+     * @throws ExtractionException thrown if the parent paths could not be
+     * created
      */
     private static void createParentFile(final File file)
             throws ExtractionException {
@@ -253,4 +263,58 @@ public final class ExtractionUtil {
             throw new ExtractionException(msg);
         }
     }
+
+    /**
+     * Extracts the file contained in a gzip archive. The extracted file is
+     * placed in the exact same path as the file specified.
+     *
+     * @param file the archive file
+     * @throws FileNotFoundException thrown if the file does not exist
+     * @throws IOException thrown if there is an error extracting the file.
+     */
+    public static void extractGzip(File file) throws FileNotFoundException, IOException {
+        final String originalPath = file.getPath();
+        final File gzip = new File(originalPath + ".gz");
+        if (gzip.isFile() && !gzip.delete()) {
+            LOGGER.debug("Failed to delete initial temporary file when extracting 'gz' {}", gzip.toString());
+            gzip.deleteOnExit();
+        }
+        if (!file.renameTo(gzip)) {
+            throw new IOException("Unable to rename '" + file.getPath() + "'");
+        }
+        final File newfile = new File(originalPath);
+
+        final byte[] buffer = new byte[4096];
+
+        GZIPInputStream cin = null;
+        FileOutputStream out = null;
+        try {
+            cin = new GZIPInputStream(new FileInputStream(gzip));
+            out = new FileOutputStream(newfile);
+
+            int len;
+            while ((len = cin.read(buffer)) > 0) {
+                out.write(buffer, 0, len);
+            }
+        } finally {
+            if (cin != null) {
+                try {
+                    cin.close();
+                } catch (IOException ex) {
+                    LOGGER.trace("ignore", ex);
+                }
+            }
+            if (out != null) {
+                try {
+                    out.close();
+                } catch (IOException ex) {
+                    LOGGER.trace("ignore", ex);
+                }
+            }
+            if (gzip.isFile() && !org.apache.commons.io.FileUtils.deleteQuietly(gzip)) {
+                LOGGER.debug("Failed to delete temporary file when extracting 'gz' {}", gzip.toString());
+                gzip.deleteOnExit();
+            }
+        }
+    }
 }