diff --git a/src/main/java/org/owasp/dependencycheck/data/cpe/Index.java b/src/main/java/org/owasp/dependencycheck/data/cpe/Index.java index 1040cc68b..b3c3d9254 100644 --- a/src/main/java/org/owasp/dependencycheck/data/cpe/Index.java +++ b/src/main/java/org/owasp/dependencycheck/data/cpe/Index.java @@ -20,7 +20,6 @@ package org.owasp.dependencycheck.data.cpe; import java.io.File; import java.io.IOException; -import java.net.URLDecoder; import java.util.HashMap; import java.util.Map; import org.apache.lucene.analysis.Analyzer; @@ -37,6 +36,7 @@ import org.apache.lucene.store.Directory; import org.apache.lucene.store.FSDirectory; import org.apache.lucene.util.Version; import org.owasp.dependencycheck.data.lucene.AbstractIndex; +import org.owasp.dependencycheck.utils.FileUtils; import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.data.lucene.FieldAnalyzer; import org.owasp.dependencycheck.data.lucene.SearchFieldAnalyzer; @@ -70,9 +70,7 @@ public class Index extends AbstractIndex { */ public File getDataDirectory() throws IOException { final String fileName = Settings.getString(Settings.KEYS.CPE_INDEX); - final String filePath = Index.class.getProtectionDomain().getCodeSource().getLocation().getPath(); - final String decodedPath = URLDecoder.decode(filePath, "UTF-8"); - File exePath = new File(decodedPath); + File exePath = FileUtils.getDataDirectory(fileName, Index.class); if (exePath.getName().toLowerCase().endsWith(".jar")) { exePath = exePath.getParentFile(); } else { diff --git a/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java index c7c064da5..d6e91fcb2 100644 --- a/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java +++ b/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java @@ -21,7 +21,6 @@ package org.owasp.dependencycheck.data.nvdcve; import java.io.File; import java.io.IOException; import java.io.UnsupportedEncodingException; -import java.net.URLDecoder; import java.sql.CallableStatement; import java.sql.Connection; import java.sql.DriverManager; @@ -37,6 +36,7 @@ import org.owasp.dependencycheck.data.cwe.CweDB; import org.owasp.dependencycheck.dependency.Reference; import org.owasp.dependencycheck.dependency.Vulnerability; import org.owasp.dependencycheck.dependency.VulnerableSoftware; +import org.owasp.dependencycheck.utils.FileUtils; import org.owasp.dependencycheck.utils.Settings; /** @@ -408,9 +408,7 @@ public class CveDB { */ public static File getDataDirectory() throws IOException { final String fileName = Settings.getString(Settings.KEYS.CVE_INDEX); - final String filePath = CveDB.class.getProtectionDomain().getCodeSource().getLocation().getPath(); - final String decodedPath = URLDecoder.decode(filePath, "UTF-8"); - File exePath = new File(decodedPath); + File exePath = FileUtils.getDataDirectory(fileName, CveDB.class); if (exePath.getName().toLowerCase().endsWith(".jar")) { exePath = exePath.getParentFile(); diff --git a/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java b/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java index 0d48eb8d1..9cc82b4a2 100644 --- a/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java +++ b/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java @@ -21,6 +21,7 @@ package org.owasp.dependencycheck.utils; import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; +import java.net.URLDecoder; /** * A collection of utilities for processing information about files. @@ -67,4 +68,26 @@ public final class FileUtils { throw new FileNotFoundException("Failed to delete file: " + file); } } + + /** + * Returns the data directory. If a path was specified in dependencycheck.properties + * or was specified using the Settings object, and the path exists, that path will be + * returned as a File object. If it does not exist, then a File object will be created + * based on the file location of the JAR containing the specified class. + * + * @param configuredFilePath the configured relative or absolute path + * @param clazz the class whos path will be resolved + * @return a File object + * @throws IOException is thrown if the path could not be decoded + */ + public static File getDataDirectory(String configuredFilePath, Class clazz) throws IOException { + File file = new File(configuredFilePath); + if (file.exists() && file.isDirectory() && file.canWrite()) { + return file; + } else { + String filePath = clazz.getProtectionDomain().getCodeSource().getLocation().getPath(); + return new File(URLDecoder.decode(filePath, "UTF-8")); + } + } + } diff --git a/src/test/java/org/owasp/dependencycheck/data/cpe/BaseIndexTestCase.java b/src/test/java/org/owasp/dependencycheck/data/cpe/BaseIndexTestCase.java index ba61280c6..475d1287b 100644 --- a/src/test/java/org/owasp/dependencycheck/data/cpe/BaseIndexTestCase.java +++ b/src/test/java/org/owasp/dependencycheck/data/cpe/BaseIndexTestCase.java @@ -18,20 +18,19 @@ */ package org.owasp.dependencycheck.data.cpe; -import org.owasp.dependencycheck.data.cpe.Index; import java.io.BufferedInputStream; import java.io.BufferedOutputStream; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; -import java.net.URLDecoder; import java.util.zip.ZipEntry; import java.util.zip.ZipInputStream; import org.junit.After; import org.junit.AfterClass; import org.junit.Before; import org.junit.BeforeClass; +import org.owasp.dependencycheck.utils.FileUtils; import org.owasp.dependencycheck.utils.Settings; /** @@ -59,9 +58,7 @@ public abstract class BaseIndexTestCase { protected static File getDataDirectory() throws IOException { String fileName = Settings.getString(Settings.KEYS.CPE_INDEX); - String filePath = Index.class.getProtectionDomain().getCodeSource().getLocation().getPath(); - String decodedPath = URLDecoder.decode(filePath, "UTF-8"); - File exePath = new File(decodedPath); + File exePath = FileUtils.getDataDirectory(fileName, Index.class); if (exePath.getName().toLowerCase().endsWith(".jar")) { exePath = exePath.getParentFile(); } else { diff --git a/src/test/java/org/owasp/dependencycheck/data/nvdcve/BaseDBTestCase.java b/src/test/java/org/owasp/dependencycheck/data/nvdcve/BaseDBTestCase.java index d0cc33c84..f80681551 100644 --- a/src/test/java/org/owasp/dependencycheck/data/nvdcve/BaseDBTestCase.java +++ b/src/test/java/org/owasp/dependencycheck/data/nvdcve/BaseDBTestCase.java @@ -25,10 +25,10 @@ import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; -import java.net.URLDecoder; import java.util.zip.ZipEntry; import java.util.zip.ZipInputStream; import junit.framework.TestCase; +import org.owasp.dependencycheck.utils.FileUtils; import org.owasp.dependencycheck.utils.Settings; /** @@ -49,9 +49,7 @@ public abstract class BaseDBTestCase extends TestCase { protected static File getDataDirectory() throws IOException { String fileName = Settings.getString(Settings.KEYS.CVE_INDEX); - String filePath = Index.class.getProtectionDomain().getCodeSource().getLocation().getPath(); - String decodedPath = URLDecoder.decode(filePath, "UTF-8"); - File exePath = new File(decodedPath); + File exePath = FileUtils.getDataDirectory(fileName, Index.class); if (exePath.getName().toLowerCase().endsWith(".jar")) { exePath = exePath.getParentFile(); } else {