diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java index e2a73d8e9..f01d1472c 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java @@ -32,8 +32,6 @@ import org.owasp.dependencycheck.analyzer.Analyzer; import org.owasp.dependencycheck.analyzer.AnalyzerService; import org.owasp.dependencycheck.analyzer.FileTypeAnalyzer; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; -import org.owasp.dependencycheck.data.cpe.CpeMemoryIndex; -import org.owasp.dependencycheck.data.cpe.IndexException; import org.owasp.dependencycheck.data.nvdcve.ConnectionFactory; import org.owasp.dependencycheck.data.nvdcve.CveDB; import org.owasp.dependencycheck.data.nvdcve.DatabaseException; @@ -513,22 +511,20 @@ public class Engine implements Serializable { * @throws DatabaseException thrown if there is an exception opening the database */ private void ensureDataExists() throws NoDataException, DatabaseException { - final CpeMemoryIndex cpe = CpeMemoryIndex.getInstance(); + //final CpeMemoryIndex cpe = CpeMemoryIndex.getInstance(); final CveDB cve = new CveDB(); - try { cve.open(); - cpe.open(cve); - } catch (IndexException ex) { - throw new NoDataException(ex.getMessage(), ex); + if (!cve.dataExists()) { + throw new NoDataException("No documents exist"); + } +// cpe.open(cve); +// } catch (IndexException ex) { +// throw new NoDataException(ex.getMessage(), ex); } catch (DatabaseException ex) { throw new NoDataException(ex.getMessage(), ex); } finally { cve.close(); } - if (cpe.numDocs() <= 0) { - cpe.close(); - throw new NoDataException("No documents exist"); - } } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java index c406185db..32a1dff72 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java @@ -338,7 +338,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { try { fis.close(); } catch (IOException ex) { - LOGGER.log(Level.FINEST, null, ex); + LOGGER.log(Level.FINE, null, ex); } } } @@ -367,8 +367,10 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { final File file = new File(destination, entry.getName()); final String ext = FileUtils.getFileExtension(file.getName()); if (engine.supportsExtension(ext)) { + final String extracting = String.format("Extracting '%s'", file.getPath()); + LOGGER.fine(extracting); BufferedOutputStream bos = null; - FileOutputStream fos; + FileOutputStream fos = null; try { final File parent = file.getParentFile(); if (!parent.isDirectory()) { @@ -401,6 +403,13 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { LOGGER.log(Level.FINEST, null, ex); } } + if (fos != null) { + try { + fos.close(); + } catch (IOException ex) { + LOGGER.log(Level.FINEST, null, ex); + } + } } } } @@ -428,6 +437,8 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { * @throws ArchiveExtractionException thrown if there is an exception decompressing the file */ private void decompressFile(CompressorInputStream inputStream, File outputFile) throws ArchiveExtractionException { + final String msg = String.format("Decompressing '%s'", outputFile.getPath()); + LOGGER.fine(msg); FileOutputStream out = null; try { out = new FileOutputStream(outputFile); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java index b062359c4..5d9f41563 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java @@ -99,7 +99,7 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer { if (Settings.getBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED)) { if (!Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED) || NexusAnalyzer.DEFAULT_URL.equals(Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL))) { - LOGGER.info("Enabling the Central analyzer"); + LOGGER.fine("Enabling the Central analyzer"); retval = true; } else { LOGGER.info("Nexus analyzer is enabled, disabling the Central Analyzer"); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java index 461f1a030..78e8a2924 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java @@ -87,7 +87,9 @@ public class CveDB { * @throws DatabaseException thrown if there is an error opening the database connection */ public final void open() throws DatabaseException { - conn = ConnectionFactory.getConnection(); + if (!isOpen()) { + conn = ConnectionFactory.getConnection(); + } } /** @@ -700,6 +702,31 @@ public class CveDB { } } + /** + * Checks to see if data exists so that analysis can be performed. + * + * @return truefalse + */ + public boolean dataExists() { + Statement cs = null; + ResultSet rs = null; + try { + cs = conn.createStatement(); + rs = cs.executeQuery("SELECT COUNT(*) records FROM cpeEntry"); + if (rs.next()) { + if (rs.getInt(1) > 0) { + return true; + } + } + } catch (SQLException ex) { + Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex); + } finally { + DBUtils.closeResultSet(rs); + DBUtils.closeStatement(cs); + } + return false; + } + /** * It is possible that orphaned rows may be generated during database updates. This should be called after all * updates have been completed to ensure orphan entries are removed.