github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 15:53:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

externalized db lock

Browse Source
This commit is contained in:
Jeremy Long
2017-08-13 07:41:35 -04:00
parent 9fd8f1c898
commit 1e269f2a2c
3 changed files with 220 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java
View File

@@ -47,9 +47,11 @@ import org.owasp.dependencycheck.data.update.nvd.DownloadTask;
import org.owasp.dependencycheck.data.update.nvd.NvdCveInfo;
import org.owasp.dependencycheck.data.update.nvd.ProcessTask;
import org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve;
import org.owasp.dependencycheck.exception.H2DBLockException;
import org.owasp.dependencycheck.utils.DateUtil;
import org.owasp.dependencycheck.utils.Downloader;
import org.owasp.dependencycheck.utils.DownloadFailedException;
import org.owasp.dependencycheck.utils.H2DBLock;
import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
@@ -107,46 +109,9 @@ public class NvdCveUpdater implements CachedWebDataSource {
if (isUpdateConfiguredFalse()) {
return;
}
FileLock lock = null;
RandomAccessFile ulFile = null;
File lockFile = null;
H2DBLock dbupdate = new H2DBLock();
try {
if (ConnectionFactory.isH2Connection()) {
final File dir = Settings.getDataDirectory();
lockFile = new File(dir, "odc.update.lock");
if (lockFile.isFile() && getFileAge(lockFile) > 5 && !lockFile.delete()) {
LOGGER.warn("An old db update lock file was found but the system was unable to delete "
+ "the file. Consider manually deleting {}", lockFile.getAbsolutePath());
}
int ctr = 0;
do {
try {
if (!lockFile.exists() && lockFile.createNewFile()) {
ulFile = new RandomAccessFile(lockFile, "rw");
lock = ulFile.getChannel().lock();
}
} catch (IOException ex) {
LOGGER.trace("Expected error as another thread has likely locked the file", ex);
} finally {
if (lock == null && ulFile != null) {
ulFile.close();
}
}
if (lock == null || !lock.isValid()) {
try {
LOGGER.debug("Sleeping thread {} for 5 seconds because we could not obtain the update lock.",
Thread.currentThread().getName());
Thread.sleep(5000);
} catch (InterruptedException ex) {
LOGGER.trace("ignorable error, sleep was interrupted.", ex);
Thread.currentThread().interrupt();
}
}
} while (++ctr < 60 && (lock == null || !lock.isValid()));
if (lock == null || !lock.isValid()) {
throw new UpdateException("Unable to obtain the update lock, skipping the database update. Skippinig the database update.");
}
}
dbupdate.lock();
initializeExecutorServices();
cveDb = CveDB.getInstance();
dbProperties = cveDb.getDatabaseProperties();
@@ -168,30 +133,14 @@ public class NvdCveUpdater implements CachedWebDataSource {
throw new UpdateException("Unable to download the NVD CVE data.", ex);
} catch (DatabaseException ex) {
throw new UpdateException("Database Exception, unable to update the data to use the most current data.", ex);
} catch (IOException ex) {
throw new UpdateException("Database Exception", ex);
} catch (H2DBLockException ex) {
throw new UpdateException("Unable to obtain an exclusive lock on the H2 database to perform updates", ex);
} finally {
shutdownExecutorServices();
if (cveDb != null) {
cveDb.close();
}
if (lock != null) {
try {
lock.release();
} catch (IOException ex) {
LOGGER.trace("Ignorable exception", ex);
}
}
if (ulFile != null) {
try {
ulFile.close();
} catch (IOException ex) {
LOGGER.trace("Ignorable exception", ex);
}
}
if (lockFile != null && lockFile.isFile() && !lockFile.delete()) {
LOGGER.error("Lock file '{}' was unable to be deleted. Please manually delete this file.", lockFile.toString());
}
dbupdate.release();
shutdownExecutorServices();
}
}
@@ -218,18 +167,6 @@ public class NvdCveUpdater implements CachedWebDataSource {
return !autoUpdate;
}
/**
* Returns the age of the file in minutes.
*
* @param file the file to calculate the age
* @return the age of the file
*/
private long getFileAge(File file) {
final Date d = new Date();
final long modified = file.lastModified();
return (d.getTime() - modified) / 1000 / 60;
}
/**
* Initialize the executor services for download and processing of the NVD
* CVE XML data.

66
dependency-check-core/src/main/java/org/owasp/dependencycheck/exception/H2DBLockException.java Normal file
View File

@@ -0,0 +1,66 @@
/*
* This file is part of dependency-check-core.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright (c) 2017 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.exception;
/**
* An exception used when trying to obtain a lock on the H2 database.
*
* @author Jeremy Long
*/
public class H2DBLockException extends Exception {
/**
* The serial version uid.
*/
private static final long serialVersionUID = 1L;
/**
* Creates a new H2DBLockException.
*/
public H2DBLockException() {
super();
}
/**
* Creates a new H2DBLockException.
*
* @param msg a message for the exception.
*/
public H2DBLockException(String msg) {
super(msg);
}
/**
* Creates a new H2DBLockException.
*
* @param ex the cause of the exception.
*/
public H2DBLockException(Throwable ex) {
super(ex);
}
/**
* Creates a new H2DBLockException.
*
* @param msg a message for the exception.
* @param ex the cause of the exception.
*/
public H2DBLockException(String msg, Throwable ex) {
super(msg, ex);
}
}

146
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBLock.java Normal file
View File

@@ -0,0 +1,146 @@
/*
* This file is part of dependency-check-core.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright (c) 2017 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.utils;
import java.io.File;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.nio.channels.FileLock;
import java.util.Date;
import org.owasp.dependencycheck.data.nvdcve.ConnectionFactory;
import org.owasp.dependencycheck.data.update.NvdCveUpdater;
import org.owasp.dependencycheck.data.update.exception.UpdateException;
import org.owasp.dependencycheck.exception.H2DBLockException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
*
* @author Jeremy Long
*/
public class H2DBLock {
/**
* The logger.
*/
private static final Logger LOGGER = LoggerFactory.getLogger(H2DBLock.class);
/**
* The file lock.
*/
private FileLock lock = null;
/**
* Reference to the file that we are locking.
*/
private RandomAccessFile file = null;
/**
* The lock file.
*/
private File lockFile = null;
/**
* Determine if the lock is currently held.
*
* @return true if the lock is currently held
*/
public boolean isLocked() {
return lock != null && lock.isValid();
}
public void lock() throws H2DBLockException {
if (ConnectionFactory.isH2Connection()) {
try {
final File dir = Settings.getDataDirectory();
lockFile = new File(dir, "odc.update.lock");
if (lockFile.isFile() && getFileAge(lockFile) > 5 && !lockFile.delete()) {
LOGGER.warn("An old db update lock file was found but the system was unable to delete "
+ "the file. Consider manually deleting {}", lockFile.getAbsolutePath());
}
int ctr = 0;
do {
try {
if (!lockFile.exists() && lockFile.createNewFile()) {
file = new RandomAccessFile(lockFile, "rw");
lock = file.getChannel().lock();
}
} catch (IOException ex) {
LOGGER.trace("Expected error as another thread has likely locked the file", ex);
} finally {
if (lock == null && file != null) {
try {
file.close();
} catch (IOException ex) {
LOGGER.trace("Unable to close the ulFile", ex);
}
}
}
if (lock == null || !lock.isValid()) {
try {
LOGGER.debug("Sleeping thread {} for 5 seconds because we could not obtain the update lock.",
Thread.currentThread().getName());
Thread.sleep(5000);
} catch (InterruptedException ex) {
LOGGER.trace("ignorable error, sleep was interrupted.", ex);
Thread.currentThread().interrupt();
}
}
} while (++ctr < 60 && (lock == null || !lock.isValid()));
if (lock == null || !lock.isValid()) {
throw new H2DBLockException("Unable to obtain the update lock, skipping the database update. Skippinig the database update.");
}
} catch (IOException ex) {
throw new H2DBLockException(ex.getMessage(), ex);
}
}
}
public void release() {
if (lock != null) {
try {
lock.release();
lock = null;
} catch (IOException ex) {
LOGGER.trace("Ignorable exception", ex);
}
}
if (file != null) {
try {
file.close();
file = null;
} catch (IOException ex) {
LOGGER.trace("Ignorable exception", ex);
}
}
if (lockFile != null && lockFile.isFile() && !lockFile.delete()) {
LOGGER.error("Lock file '{}' was unable to be deleted. Please manually delete this file.", lockFile.toString());
lockFile.deleteOnExit();
}
lockFile = null;
}
/**
* Returns the age of the file in minutes.
*
* @param file the file to calculate the age
* @return the age of the file
*/
private long getFileAge(File file) {
final Date d = new Date();
final long modified = file.lastModified();
return (d.getTime() - modified) / 1000 / 60;
}
}