From 0d90b676bcd6755dc30523f1fe2da304f1c42968 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Fri, 21 Nov 2014 06:36:28 -0500
Subject: [PATCH 1/5] changed logging message that indicates default state was
 moved to the log file rather then standard console output

Former-commit-id: e67218ff539a0c2b34cc78d0208f42d815248d7e
---
 .../org/owasp/dependencycheck/analyzer/CentralAnalyzer.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java
index b062359c4..5d9f41563 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java
@@ -99,7 +99,7 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
             if (Settings.getBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED)) {
                 if (!Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED)
                         || NexusAnalyzer.DEFAULT_URL.equals(Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL))) {
-                    LOGGER.info("Enabling the Central analyzer");
+                    LOGGER.fine("Enabling the Central analyzer");
                     retval = true;
                 } else {
                     LOGGER.info("Nexus analyzer is enabled, disabling the Central Analyzer");

From ab4b19dbab4a5cae0655e2372658f16b4dfcbb87 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Tue, 25 Nov 2014 05:55:01 -0500
Subject: [PATCH 2/5] added a database check to ensure data exists - this
 replaces an older method and reduces startup time to help resolve issue #168

Former-commit-id: 4a8b2db9adf91cef2d89148f0c9b9c2327240221
---
 .../dependencycheck/data/nvdcve/CveDB.java    | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
index 461f1a030..f629aa879 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
@@ -700,6 +700,31 @@ public class CveDB {
         }
     }
 
+    /**
+     * Checks to see if data exists so that analysis can be performed.
+     *
+     * @return <code>true</code if data exists; otherwise <code>false</code>
+     */
+    public boolean dataExists() {
+        Statement cs = null;
+        ResultSet rs = null;
+        try {
+            cs = conn.createStatement();
+            rs = cs.executeQuery("SELECT COUNT(*) records FROM cpeEntry");
+            if (rs.next()) {
+                if (rs.getInt(1) > 0) {
+                    return true;
+                }
+            }
+        } catch (SQLException ex) {
+            Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex);
+        } finally {
+            DBUtils.closeResultSet(rs);
+            DBUtils.closeStatement(cs);
+        }
+        return false;
+    }
+
     /**
      * It is possible that orphaned rows may be generated during database updates. This should be called after all
      * updates have been completed to ensure orphan entries are removed.

From 96383ef985031f99a6129d104c8f6eeb90383070 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Tue, 25 Nov 2014 05:55:59 -0500
Subject: [PATCH 3/5] added a check to the open function to prevent losing a
 reference to an open database connection

Former-commit-id: 62e8386dce392d8c7fbc58febc4f5d4bc35e84f0
---
 .../java/org/owasp/dependencycheck/data/nvdcve/CveDB.java     | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
index f629aa879..78e8a2924 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
@@ -87,7 +87,9 @@ public class CveDB {
      * @throws DatabaseException thrown if there is an error opening the database connection
      */
     public final void open() throws DatabaseException {
-        conn = ConnectionFactory.getConnection();
+        if (!isOpen()) {
+            conn = ConnectionFactory.getConnection();
+        }
     }
 
     /**

From f154826749b95f62b09cfbf55d0d870b9b33685f Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Tue, 25 Nov 2014 05:57:02 -0500
Subject: [PATCH 4/5] added additionial verbose logging

Former-commit-id: 5d65d0186914d7045b6e5d51c10bc2feb8b2aab4
---
 .../dependencycheck/analyzer/ArchiveAnalyzer.java | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
index c406185db..32a1dff72 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
@@ -338,7 +338,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
             try {
                 fis.close();
             } catch (IOException ex) {
-                LOGGER.log(Level.FINEST, null, ex);
+                LOGGER.log(Level.FINE, null, ex);
             }
         }
     }
@@ -367,8 +367,10 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
                     final File file = new File(destination, entry.getName());
                     final String ext = FileUtils.getFileExtension(file.getName());
                     if (engine.supportsExtension(ext)) {
+                        final String extracting = String.format("Extracting '%s'", file.getPath());
+                        LOGGER.fine(extracting);
                         BufferedOutputStream bos = null;
-                        FileOutputStream fos;
+                        FileOutputStream fos = null;
                         try {
                             final File parent = file.getParentFile();
                             if (!parent.isDirectory()) {
@@ -401,6 +403,13 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
                                     LOGGER.log(Level.FINEST, null, ex);
                                 }
                             }
+                            if (fos != null) {
+                                try {
+                                    fos.close();
+                                } catch (IOException ex) {
+                                    LOGGER.log(Level.FINEST, null, ex);
+                                }
+                            }
                         }
                     }
                 }
@@ -428,6 +437,8 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
      * @throws ArchiveExtractionException thrown if there is an exception decompressing the file
      */
     private void decompressFile(CompressorInputStream inputStream, File outputFile) throws ArchiveExtractionException {
+        final String msg = String.format("Decompressing '%s'", outputFile.getPath());
+        LOGGER.fine(msg);
         FileOutputStream out = null;
         try {
             out = new FileOutputStream(outputFile);

From 46c5501b7a9e4036462706d67c135f6b9278551e Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Tue, 25 Nov 2014 05:58:16 -0500
Subject: [PATCH 5/5] changed ensureDataExists method to resolve startup time
 delays as part of a fix for issue #168

Former-commit-id: 15e85be9e5e01253f4864d18178da4c395b008eb
---
 .../java/org/owasp/dependencycheck/Engine.java | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
index e2a73d8e9..f01d1472c 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
@@ -32,8 +32,6 @@ import org.owasp.dependencycheck.analyzer.Analyzer;
 import org.owasp.dependencycheck.analyzer.AnalyzerService;
 import org.owasp.dependencycheck.analyzer.FileTypeAnalyzer;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
-import org.owasp.dependencycheck.data.cpe.CpeMemoryIndex;
-import org.owasp.dependencycheck.data.cpe.IndexException;
 import org.owasp.dependencycheck.data.nvdcve.ConnectionFactory;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
@@ -513,22 +511,20 @@ public class Engine implements Serializable {
      * @throws DatabaseException thrown if there is an exception opening the database
      */
     private void ensureDataExists() throws NoDataException, DatabaseException {
-        final CpeMemoryIndex cpe = CpeMemoryIndex.getInstance();
+        //final CpeMemoryIndex cpe = CpeMemoryIndex.getInstance();
         final CveDB cve = new CveDB();
-
         try {
             cve.open();
-            cpe.open(cve);
-        } catch (IndexException ex) {
-            throw new NoDataException(ex.getMessage(), ex);
+            if (!cve.dataExists()) {
+                throw new NoDataException("No documents exist");
+            }
+//            cpe.open(cve);
+//        } catch (IndexException ex) {
+//            throw new NoDataException(ex.getMessage(), ex);
         } catch (DatabaseException ex) {
             throw new NoDataException(ex.getMessage(), ex);
         } finally {
             cve.close();
         }
-        if (cpe.numDocs() <= 0) {
-            cpe.close();
-            throw new NoDataException("No documents exist");
-        }
     }
 }