code reorganization, moved files around to better seperate functionality

Former-commit-id: da6b75d818d67b0c1c695860504aacc00991effa

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java

@@ -16,7 +16,7 @@
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
-package org.owasp.dependencycheck.data.nvdcve;
+package org.owasp.dependencycheck.analyzer;
 
 import java.io.IOException;
 import java.sql.SQLException;
@@ -29,6 +29,8 @@ import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.dependency.Vulnerability;
 import org.owasp.dependencycheck.dependency.Identifier;
 import org.owasp.dependencycheck.analyzer.Analyzer;
+import org.owasp.dependencycheck.data.nvdcve.CveDB;
+import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 
 /**
  * NvdCveAnalyzer is a utility class that takes a project dependency and

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/InvalidDataException.java

@@ -16,7 +16,7 @@
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
-package org.owasp.dependencycheck.data.nvdcve.xml;
+package org.owasp.dependencycheck.data.nvdcve;
 
 /**
  * An InvalidDataDataException is a generic exception used when trying to load

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCve12Handler.java

@@ -16,7 +16,7 @@
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
-package org.owasp.dependencycheck.data.nvdcve.xml;
+package org.owasp.dependencycheck.data.nvdcve;
 
 import java.util.ArrayList;
 import java.util.HashMap;

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCve20Handler.java

@@ -16,7 +16,7 @@
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
-package org.owasp.dependencycheck.data.nvdcve.xml;
+package org.owasp.dependencycheck.data.nvdcve;
 
 import java.io.IOException;
 import java.util.List;
@@ -281,7 +281,7 @@ public class NvdCve20Handler extends DefaultHandler {
      *
      * @param index the CPE Lucene Index
      */
-    void setCpeIndex(CpeIndexWriter index) {
+    public void setCpeIndex(CpeIndexWriter index) {
         cpeIndex = index;
     }
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/DataStoreMetaInfo.java

@@ -16,7 +16,7 @@
  *
  * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
  */
-package org.owasp.dependencycheck.data.nvdcve.xml;
+package org.owasp.dependencycheck.data.update;
 
 import java.io.File;
 import java.io.FileInputStream;
@@ -135,7 +135,7 @@ public class DataStoreMetaInfo {
      * @param updatedValue the updated nvdcve entry
      * @throws UpdateException is thrown if there is an update exception
      */
-    public void save(NvdCveUrl updatedValue) throws UpdateException {
+    public void save(NvdCveInfo updatedValue) throws UpdateException {
         if (updatedValue == null) {
             return;
         }

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/DatabaseUpdater.java

@@ -16,8 +16,11 @@
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
-package org.owasp.dependencycheck.data.nvdcve.xml;
+package org.owasp.dependencycheck.data.update;
 
+import org.owasp.dependencycheck.data.nvdcve.NvdCve12Handler;
+import org.owasp.dependencycheck.data.nvdcve.NvdCve20Handler;
+import org.owasp.dependencycheck.data.nvdcve.InvalidDataException;
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
@@ -47,7 +50,7 @@ import org.owasp.dependencycheck.utils.Downloader;
 import org.owasp.dependencycheck.utils.FileUtils;
 import org.owasp.dependencycheck.utils.Settings;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
-import static org.owasp.dependencycheck.data.nvdcve.xml.DataStoreMetaInfo.MODIFIED;
+import static org.owasp.dependencycheck.data.update.DataStoreMetaInfo.MODIFIED;
 import org.owasp.dependencycheck.utils.InvalidSettingException;
 
 /**
@@ -103,9 +106,9 @@ public class DatabaseUpdater implements CachedWebDataSource {
         doBatchUpdate = false;
         properties = new DataStoreMetaInfo();
         try {
-            final Map<String, NvdCveUrl> update = updateNeeded();
+            final Map<String, NvdCveInfo> update = updateNeeded();
             int maxUpdates = 0;
-            for (NvdCveUrl cve : update.values()) {
+            for (NvdCveInfo cve : update.values()) {
                 if (cve.getNeedsUpdate()) {
                     maxUpdates += 1;
                 }
@@ -128,7 +131,7 @@ public class DatabaseUpdater implements CachedWebDataSource {
             }
 
             int count = 0;
-            for (NvdCveUrl cve : update.values()) {
+            for (NvdCveInfo cve : update.values()) {
                 if (cve.getNeedsUpdate()) {
                     count += 1;
                     Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.INFO,
@@ -354,9 +357,9 @@ public class DatabaseUpdater implements CachedWebDataSource {
      * @throws UpdateException Is thrown if there is an issue with the last
      * updated properties file.
      */
-    private Map<String, NvdCveUrl> updateNeeded() throws MalformedURLException, DownloadFailedException, UpdateException {
+    private Map<String, NvdCveInfo> updateNeeded() throws MalformedURLException, DownloadFailedException, UpdateException {
 
-        Map<String, NvdCveUrl> currentlyPublished;
+        Map<String, NvdCveInfo> currentlyPublished;
         try {
             currentlyPublished = retrieveCurrentTimestampsFromWeb();
         } catch (InvalidDataException ex) {
@@ -436,7 +439,7 @@ public class DatabaseUpdater implements CachedWebDataSource {
                 } else { //we figure out which of the several XML files need to be downloaded.
                     currentlyPublished.get(MODIFIED).setNeedsUpdate(false);
                     for (int i = start; i <= end; i++) {
-                        final NvdCveUrl cve = currentlyPublished.get(String.valueOf(i));
+                        final NvdCveInfo cve = currentlyPublished.get(String.valueOf(i));
                         long currentTimestamp = 0;
                         try {
                             currentTimestamp = Long.parseLong(properties.getProperty(DataStoreMetaInfo.LAST_UPDATED_BASE + String.valueOf(i), "0"));
@@ -489,13 +492,13 @@ public class DatabaseUpdater implements CachedWebDataSource {
      * timestamps
      * @throws InvalidSettingException thrown if the settings are invalid
      */
-    protected Map<String, NvdCveUrl> retrieveCurrentTimestampsFromWeb()
+    protected Map<String, NvdCveInfo> retrieveCurrentTimestampsFromWeb()
             throws MalformedURLException, DownloadFailedException, InvalidDataException, InvalidSettingException {
 
-        final Map<String, NvdCveUrl> map = new TreeMap<String, NvdCveUrl>();
+        final Map<String, NvdCveInfo> map = new TreeMap<String, NvdCveInfo>();
         String retrieveUrl = Settings.getString(Settings.KEYS.CVE_MODIFIED_20_URL);
 
-        NvdCveUrl item = new NvdCveUrl();
+        NvdCveInfo item = new NvdCveInfo();
         item.setNeedsUpdate(false); //the others default to true, to make life easier later this should default to false.
         item.setId(MODIFIED);
         item.setUrl(retrieveUrl);
@@ -512,7 +515,7 @@ public class DatabaseUpdater implements CachedWebDataSource {
             final String baseUrl12 = Settings.getString(Settings.KEYS.CVE_SCHEMA_1_2);
             for (int i = start; i <= end; i++) {
                 retrieveUrl = String.format(baseUrl20, i);
-                item = new NvdCveUrl();
+                item = new NvdCveInfo();
                 item.setId(Integer.toString(i));
                 item.setUrl(retrieveUrl);
                 item.setOldSchemaVersionUrl(String.format(baseUrl12, i));

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveInfo.java

@@ -16,12 +16,12 @@
  *
  * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
  */
-package org.owasp.dependencycheck.data.nvdcve.xml;
+package org.owasp.dependencycheck.data.update;
 
 /**
  * A pojo that contains the Url and timestamp of the current NvdCve XML files.
  */
-public class NvdCveUrl {
+public class NvdCveInfo {
 
     /**
      * an id.

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/package-info.java

@@ -15,4 +15,4 @@
  * </html>
 */
 
-package org.owasp.dependencycheck.data.nvdcve.xml;
+package org.owasp.dependencycheck.data.update;

dependency-check-core/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer

@@ -5,4 +5,4 @@ org.owasp.dependencycheck.analyzer.HintAnalyzer
 org.owasp.dependencycheck.analyzer.DependencyBundlingAnalyzer
 org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer
 org.owasp.dependencycheck.analyzer.CPEAnalyzer
-org.owasp.dependencycheck.data.nvdcve.NvdCveAnalyzer
+org.owasp.dependencycheck.analyzer.NvdCveAnalyzer

dependency-check-core/src/main/resources/META-INF/services/org.owasp.dependencycheck.data.CachedWebDataSource

@@ -1 +1 @@
-org.owasp.dependencycheck.data.nvdcve.xml.DatabaseUpdater
+org.owasp.dependencycheck.data.update.DatabaseUpdater

dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/NvdCve_1_2_HandlerTest.java

@@ -16,9 +16,9 @@
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
-package org.owasp.dependencycheck.data.nvdcve.xml;
+package org.owasp.dependencycheck.data.nvdcve;
 
-import org.owasp.dependencycheck.data.nvdcve.xml.NvdCve12Handler;
+import org.owasp.dependencycheck.data.nvdcve.NvdCve12Handler;
 import java.io.File;
 import java.util.List;
 import java.util.Map;

dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/NvdCve_2_0_HandlerTest.java

@@ -16,9 +16,9 @@
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
-package org.owasp.dependencycheck.data.nvdcve.xml;
+package org.owasp.dependencycheck.data.nvdcve;
 
-import org.owasp.dependencycheck.data.nvdcve.xml.NvdCve20Handler;
+import org.owasp.dependencycheck.data.nvdcve.NvdCve20Handler;
 import java.io.File;
 import javax.xml.parsers.SAXParser;
 import javax.xml.parsers.SAXParserFactory;

dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/xml/DatabaseUpdaterIntegrationTest.java

@@ -1,80 +0,0 @@
-/*
- * This file is part of dependency-check-core.
- *
- * Dependency-check-core is free software: you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation, either version 3 of the License, or (at your option) any
- * later version.
- *
- * Dependency-check-core is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
- * details.
- *
- * You should have received a copy of the GNU General Public License along with
- * dependency-check-core. If not, see http://www.gnu.org/licenses/.
- *
- * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
- */
-package org.owasp.dependencycheck.data.nvdcve.xml;
-
-import java.io.File;
-import java.net.URL;
-import org.owasp.dependencycheck.data.nvdcve.xml.DatabaseUpdater;
-import org.junit.After;
-import org.junit.AfterClass;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-import org.owasp.dependencycheck.utils.Settings;
-
-/**
- *
- * @author Jeremy Long (jeremy.long@owasp.org)
- */
-public class DatabaseUpdaterIntegrationTest {
-
-    public DatabaseUpdaterIntegrationTest() {
-    }
-
-    @BeforeClass
-    public static void setUpClass() throws Exception {
-    }
-
-    @AfterClass
-    public static void tearDownClass() throws Exception {
-    }
-
-    @Before
-    public void setUp() {
-    }
-
-    @After
-    public void tearDown() {
-    }
-
-    /**
-     * Test of update method, of class DatabaseUpdater.
-     *
-     * @throws Exception
-     */
-    @Test
-    public void testUpdate() throws Exception {
-        DatabaseUpdater instance = new DatabaseUpdater();
-        instance.update();
-    }
-
-    /**
-     * Test of update method (when in batch mode), of class DatabaseUpdater.
-     *
-     * @throws Exception
-     */
-    @Test
-    public void testBatchUpdate() throws Exception {
-        File file = new File("target/test-classes/nvdcve-2.0-2012.xml");
-        String path = "file:///" + file.getCanonicalPath();
-        Settings.setString(Settings.KEYS.BATCH_UPDATE_URL, path);
-        DatabaseUpdater instance = new DatabaseUpdater();
-        instance.update();
-    }
-}

dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/xml/DatabaseUpdaterTest.java

@@ -1,85 +0,0 @@
-/*
- * This file is part of dependency-check-core.
- *
- * Dependency-check-core is free software: you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation, either version 3 of the License, or (at your option) any
- * later version.
- *
- * Dependency-check-core is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
- * details.
- *
- * You should have received a copy of the GNU General Public License along with
- * dependency-check-core. If not, see http://www.gnu.org/licenses/.
- *
- * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
- */
-package org.owasp.dependencycheck.data.nvdcve.xml;
-
-import org.owasp.dependencycheck.data.nvdcve.xml.DatabaseUpdater;
-import java.io.File;
-import org.junit.After;
-import org.junit.AfterClass;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-import org.owasp.dependencycheck.utils.Settings;
-
-/**
- *
- * @author Jeremy Long (jeremy.long@owasp.org)
- */
-public class DatabaseUpdaterTest {
-
-    public DatabaseUpdaterTest() {
-    }
-
-    @BeforeClass
-    public static void setUpClass() throws Exception {
-    }
-
-    @AfterClass
-    public static void tearDownClass() throws Exception {
-    }
-    private String old12;
-    private String old20;
-
-    @Before
-    public void setUp() throws Exception {
-        old12 = Settings.getString(Settings.KEYS.CVE_MODIFIED_12_URL);
-        old20 = Settings.getString(Settings.KEYS.CVE_MODIFIED_20_URL);
-
-        File file = new File("target/test-classes/nvdcve-2012.xml");
-        String path = "file:///" + file.getCanonicalPath();
-        Settings.setString(Settings.KEYS.CVE_MODIFIED_12_URL, path);
-
-        file = new File("target/test-classes/nvdcve-2.0-2012.xml");
-        path = "file:///" + file.getCanonicalPath();
-        Settings.setString(Settings.KEYS.CVE_MODIFIED_20_URL, path);
-
-        file = new File("target/test-classes/data.zip");
-        path = "file:///" + file.getCanonicalPath();
-        Settings.setString(Settings.KEYS.BATCH_UPDATE_URL, path);
-    }
-
-    @After
-    public void tearDown() {
-        Settings.setString(Settings.KEYS.CVE_MODIFIED_12_URL, old12);
-        Settings.setString(Settings.KEYS.CVE_MODIFIED_20_URL, old20);
-        Settings.setString(Settings.KEYS.BATCH_UPDATE_URL, "");
-    }
-
-    /**
-     * Test of update method (when in batch mode), of class DatabaseUpdater.
-     *
-     * @throws Exception
-     */
-    @Test
-    public void testBatchUpdate() throws Exception {
-        DatabaseUpdater instance = new DatabaseUpdater();
-        instance.deleteExistingData();
-        instance.update();
-    }
-}