Adding more control over data directory path

Former-commit-id: af198db00ee4d1330ff0d4105f319c739c80bb8b
2026-01-14 07:43:40 +01:00 · 2013-05-24 23:53:24 -07:00
parent 09aef67808
commit 172a341b40
5 changed files with 31 additions and 17 deletions
--- a/src/main/java/org/owasp/dependencycheck/data/cpe/Index.java
+++ b/src/main/java/org/owasp/dependencycheck/data/cpe/Index.java
@@ -20,7 +20,6 @@ package org.owasp.dependencycheck.data.cpe;

 import java.io.File;
 import java.io.IOException;
-import java.net.URLDecoder;
 import java.util.HashMap;
 import java.util.Map;
 import org.apache.lucene.analysis.Analyzer;
@@ -37,6 +36,7 @@ import org.apache.lucene.store.Directory;
 import org.apache.lucene.store.FSDirectory;
 import org.apache.lucene.util.Version;
 import org.owasp.dependencycheck.data.lucene.AbstractIndex;
+import org.owasp.dependencycheck.utils.FileUtils;
 import org.owasp.dependencycheck.utils.Settings;
 import org.owasp.dependencycheck.data.lucene.FieldAnalyzer;
 import org.owasp.dependencycheck.data.lucene.SearchFieldAnalyzer;
@@ -70,9 +70,7 @@ public class Index extends AbstractIndex {
     */
    public File getDataDirectory() throws IOException {
        final String fileName = Settings.getString(Settings.KEYS.CPE_INDEX);
-        final String filePath = Index.class.getProtectionDomain().getCodeSource().getLocation().getPath();
-        final String decodedPath = URLDecoder.decode(filePath, "UTF-8");
-        File exePath = new File(decodedPath);
+        File exePath = FileUtils.getDataDirectory(fileName, Index.class);
        if (exePath.getName().toLowerCase().endsWith(".jar")) {
            exePath = exePath.getParentFile();
        } else {
--- a/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
+++ b/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
@@ -21,7 +21,6 @@ package org.owasp.dependencycheck.data.nvdcve;
 import java.io.File;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
-import java.net.URLDecoder;
 import java.sql.CallableStatement;
 import java.sql.Connection;
 import java.sql.DriverManager;
@@ -37,6 +36,7 @@ import org.owasp.dependencycheck.data.cwe.CweDB;
 import org.owasp.dependencycheck.dependency.Reference;
 import org.owasp.dependencycheck.dependency.Vulnerability;
 import org.owasp.dependencycheck.dependency.VulnerableSoftware;
+import org.owasp.dependencycheck.utils.FileUtils;
 import org.owasp.dependencycheck.utils.Settings;

 /**
@@ -408,9 +408,7 @@ public class CveDB {
     */
    public static File getDataDirectory() throws IOException {
        final String fileName = Settings.getString(Settings.KEYS.CVE_INDEX);
-        final String filePath = CveDB.class.getProtectionDomain().getCodeSource().getLocation().getPath();
-        final String decodedPath = URLDecoder.decode(filePath, "UTF-8");
-        File exePath = new File(decodedPath);
+        File exePath = FileUtils.getDataDirectory(fileName, CveDB.class);

        if (exePath.getName().toLowerCase().endsWith(".jar")) {
            exePath = exePath.getParentFile();
--- a/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java
+++ b/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java
@@ -21,6 +21,7 @@ package org.owasp.dependencycheck.utils;
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
+import java.net.URLDecoder;

 /**
 * A collection of utilities for processing information about files.
@@ -67,4 +68,26 @@ public final class FileUtils {
            throw new FileNotFoundException("Failed to delete file: " + file);
        }
    }
+
+    /**
+     * Returns the data directory. If a path was specified in dependencycheck.properties
+     * or was specified using the Settings object, and the path exists, that path will be
+     * returned as a File object. If it does not exist, then a File object will be created
+     * based on the file location of the JAR containing the specified class.
+     *
+     * @param configuredFilePath the configured relative or absolute path
+     * @param clazz the class whos path will be resolved
+     * @return a File object
+     * @throws IOException is thrown if the path could not be decoded
+     */
+    public static File getDataDirectory(String configuredFilePath, Class clazz) throws IOException {
+        File file = new File(configuredFilePath);
+        if (file.exists() && file.isDirectory() && file.canWrite()) {
+            return file;
+        } else {
+            String filePath = clazz.getProtectionDomain().getCodeSource().getLocation().getPath();
+            return new File(URLDecoder.decode(filePath, "UTF-8"));
+        }
+    }
+
 }
--- a/src/test/java/org/owasp/dependencycheck/data/cpe/BaseIndexTestCase.java
+++ b/src/test/java/org/owasp/dependencycheck/data/cpe/BaseIndexTestCase.java
@@ -18,20 +18,19 @@
 */
 package org.owasp.dependencycheck.data.cpe;

-import org.owasp.dependencycheck.data.cpe.Index;
 import java.io.BufferedInputStream;
 import java.io.BufferedOutputStream;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.IOException;
-import java.net.URLDecoder;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipInputStream;
 import org.junit.After;
 import org.junit.AfterClass;
 import org.junit.Before;
 import org.junit.BeforeClass;
+import org.owasp.dependencycheck.utils.FileUtils;
 import org.owasp.dependencycheck.utils.Settings;

 /**
@@ -59,9 +58,7 @@ public abstract class BaseIndexTestCase {

    protected static File getDataDirectory() throws IOException {
        String fileName = Settings.getString(Settings.KEYS.CPE_INDEX);
-        String filePath = Index.class.getProtectionDomain().getCodeSource().getLocation().getPath();
-        String decodedPath = URLDecoder.decode(filePath, "UTF-8");
-        File exePath = new File(decodedPath);
+        File exePath = FileUtils.getDataDirectory(fileName, Index.class);
        if (exePath.getName().toLowerCase().endsWith(".jar")) {
            exePath = exePath.getParentFile();
        } else {
--- a/src/test/java/org/owasp/dependencycheck/data/nvdcve/BaseDBTestCase.java
+++ b/src/test/java/org/owasp/dependencycheck/data/nvdcve/BaseDBTestCase.java
@@ -25,10 +25,10 @@ import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.IOException;
-import java.net.URLDecoder;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipInputStream;
 import junit.framework.TestCase;
+import org.owasp.dependencycheck.utils.FileUtils;
 import org.owasp.dependencycheck.utils.Settings;

 /**
@@ -49,9 +49,7 @@ public abstract class BaseDBTestCase extends TestCase {

    protected static File getDataDirectory() throws IOException {
        String fileName = Settings.getString(Settings.KEYS.CVE_INDEX);
-        String filePath = Index.class.getProtectionDomain().getCodeSource().getLocation().getPath();
-        String decodedPath = URLDecoder.decode(filePath, "UTF-8");
-        File exePath = new File(decodedPath);
+        File exePath = FileUtils.getDataDirectory(fileName, Index.class);
        if (exePath.getName().toLowerCase().endsWith(".jar")) {
            exePath = exePath.getParentFile();
        } else {