mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-16 00:33:46 +01:00
Merge remote-tracking branch 'origin/master'
Former-commit-id: 43610b7be6f438085abee3054254daedd7c09177
This commit is contained in:
Steve Springett
@@ -32,8 +32,6 @@ import org.owasp.dependencycheck.analyzer.Analyzer;
|
||||
import org.owasp.dependencycheck.analyzer.AnalyzerService;
|
||||
import org.owasp.dependencycheck.analyzer.FileTypeAnalyzer;
|
||||
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
|
||||
import org.owasp.dependencycheck.data.cpe.CpeMemoryIndex;
|
||||
import org.owasp.dependencycheck.data.cpe.IndexException;
|
||||
import org.owasp.dependencycheck.data.nvdcve.ConnectionFactory;
|
||||
import org.owasp.dependencycheck.data.nvdcve.CveDB;
|
||||
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
|
||||
@@ -513,22 +511,20 @@ public class Engine implements Serializable {
|
||||
* @throws DatabaseException thrown if there is an exception opening the database
|
||||
*/
|
||||
private void ensureDataExists() throws NoDataException, DatabaseException {
|
||||
final CpeMemoryIndex cpe = CpeMemoryIndex.getInstance();
|
||||
//final CpeMemoryIndex cpe = CpeMemoryIndex.getInstance();
|
||||
final CveDB cve = new CveDB();
|
||||
|
||||
try {
|
||||
cve.open();
|
||||
cpe.open(cve);
|
||||
} catch (IndexException ex) {
|
||||
throw new NoDataException(ex.getMessage(), ex);
|
||||
if (!cve.dataExists()) {
|
||||
throw new NoDataException("No documents exist");
|
||||
}
|
||||
// cpe.open(cve);
|
||||
// } catch (IndexException ex) {
|
||||
// throw new NoDataException(ex.getMessage(), ex);
|
||||
} catch (DatabaseException ex) {
|
||||
throw new NoDataException(ex.getMessage(), ex);
|
||||
} finally {
|
||||
cve.close();
|
||||
}
|
||||
if (cpe.numDocs() <= 0) {
|
||||
cpe.close();
|
||||
throw new NoDataException("No documents exist");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -338,7 +338,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
try {
|
||||
fis.close();
|
||||
} catch (IOException ex) {
|
||||
LOGGER.log(Level.FINEST, null, ex);
|
||||
LOGGER.log(Level.FINE, null, ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -367,8 +367,10 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
final File file = new File(destination, entry.getName());
|
||||
final String ext = FileUtils.getFileExtension(file.getName());
|
||||
if (engine.supportsExtension(ext)) {
|
||||
final String extracting = String.format("Extracting '%s'", file.getPath());
|
||||
LOGGER.fine(extracting);
|
||||
BufferedOutputStream bos = null;
|
||||
FileOutputStream fos;
|
||||
FileOutputStream fos = null;
|
||||
try {
|
||||
final File parent = file.getParentFile();
|
||||
if (!parent.isDirectory()) {
|
||||
@@ -401,6 +403,13 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
LOGGER.log(Level.FINEST, null, ex);
|
||||
}
|
||||
}
|
||||
if (fos != null) {
|
||||
try {
|
||||
fos.close();
|
||||
} catch (IOException ex) {
|
||||
LOGGER.log(Level.FINEST, null, ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -428,6 +437,8 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
* @throws ArchiveExtractionException thrown if there is an exception decompressing the file
|
||||
*/
|
||||
private void decompressFile(CompressorInputStream inputStream, File outputFile) throws ArchiveExtractionException {
|
||||
final String msg = String.format("Decompressing '%s'", outputFile.getPath());
|
||||
LOGGER.fine(msg);
|
||||
FileOutputStream out = null;
|
||||
try {
|
||||
out = new FileOutputStream(outputFile);
|
||||
|
||||
@@ -99,7 +99,7 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
|
||||
if (Settings.getBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED)) {
|
||||
if (!Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED)
|
||||
|| NexusAnalyzer.DEFAULT_URL.equals(Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL))) {
|
||||
LOGGER.info("Enabling the Central analyzer");
|
||||
LOGGER.fine("Enabling the Central analyzer");
|
||||
retval = true;
|
||||
} else {
|
||||
LOGGER.info("Nexus analyzer is enabled, disabling the Central Analyzer");
|
||||
|
||||
@@ -87,7 +87,9 @@ public class CveDB {
|
||||
* @throws DatabaseException thrown if there is an error opening the database connection
|
||||
*/
|
||||
public final void open() throws DatabaseException {
|
||||
conn = ConnectionFactory.getConnection();
|
||||
if (!isOpen()) {
|
||||
conn = ConnectionFactory.getConnection();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -700,6 +702,31 @@ public class CveDB {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks to see if data exists so that analysis can be performed.
|
||||
*
|
||||
* @return <code>true</code if data exists; otherwise <code>false</code>
|
||||
*/
|
||||
public boolean dataExists() {
|
||||
Statement cs = null;
|
||||
ResultSet rs = null;
|
||||
try {
|
||||
cs = conn.createStatement();
|
||||
rs = cs.executeQuery("SELECT COUNT(*) records FROM cpeEntry");
|
||||
if (rs.next()) {
|
||||
if (rs.getInt(1) > 0) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
} catch (SQLException ex) {
|
||||
Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex);
|
||||
} finally {
|
||||
DBUtils.closeResultSet(rs);
|
||||
DBUtils.closeStatement(cs);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* It is possible that orphaned rows may be generated during database updates. This should be called after all
|
||||
* updates have been completed to ensure orphan entries are removed.
|
||||
|
||||
Reference in New Issue
Block a user