mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-17 00:56:54 +01:00
updated batch update functionality
Former-commit-id: 891c0148c081ac191258f5310d2077ed61039353
This commit is contained in:
Jeremy Long
@@ -176,7 +176,7 @@ public class CveDB {
|
||||
final File f = new File(fileName, "cve." + DB_SCHEMA_VERSION);
|
||||
final File check = new File(f.getAbsolutePath() + ".h2.db");
|
||||
final boolean createTables = !check.exists();
|
||||
final String connStr = "jdbc:h2:file:" + f.getAbsolutePath();
|
||||
final String connStr = String.format("jdbc:h2:file:%s;AUTO_SERVER=TRUE", f.getAbsolutePath());
|
||||
Class.forName("org.h2.Driver");
|
||||
conn = DriverManager.getConnection(connStr, "sa", "");
|
||||
if (createTables) {
|
||||
|
||||
@@ -29,6 +29,7 @@ import java.io.OutputStreamWriter;
|
||||
import javax.xml.parsers.ParserConfigurationException;
|
||||
import org.owasp.dependencycheck.data.CachedWebDataSource;
|
||||
import java.net.MalformedURLException;
|
||||
import java.net.URISyntaxException;
|
||||
import java.net.URL;
|
||||
import java.sql.SQLException;
|
||||
import java.util.Calendar;
|
||||
@@ -114,13 +115,14 @@ public class DatabaseUpdater implements CachedWebDataSource {
|
||||
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.INFO,
|
||||
"NVD CVE requires several updates; this could take a couple of minutes.");
|
||||
}
|
||||
if (maxUpdates > 0) {
|
||||
if (maxUpdates > 0 && !isDoBatchUpdate()) {
|
||||
openDataStores();
|
||||
}
|
||||
|
||||
if (isBatchUpdateMode() && isDoBatchUpdate()) {
|
||||
try {
|
||||
performBatchUpdate();
|
||||
openDataStores();
|
||||
} catch (IOException ex) {
|
||||
throw new UpdateException("Unable to perform batch update", ex);
|
||||
}
|
||||
@@ -498,7 +500,12 @@ public class DatabaseUpdater implements CachedWebDataSource {
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
//properties file does not exist - check about batch update
|
||||
setDoBatchUpdate(isBatchUpdateMode());
|
||||
}
|
||||
} else { //this condition will likely never exist - but just in case we need to handle batch updates
|
||||
setDoBatchUpdate(isBatchUpdateMode());
|
||||
}
|
||||
return currentlyPublished;
|
||||
}
|
||||
@@ -627,7 +634,7 @@ public class DatabaseUpdater implements CachedWebDataSource {
|
||||
*
|
||||
* @throws IOException thrown if the directory cannot be deleted
|
||||
*/
|
||||
private void deleteExistingData() throws IOException {
|
||||
protected void deleteExistingData() throws IOException {
|
||||
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.INFO, "The database version is old. Rebuilding the database.");
|
||||
|
||||
final File cveDir = CveDB.getDataDirectory();
|
||||
@@ -637,15 +644,37 @@ public class DatabaseUpdater implements CachedWebDataSource {
|
||||
FileUtils.delete(cpeDir);
|
||||
}
|
||||
|
||||
private void performBatchUpdate() throws IOException {
|
||||
private void performBatchUpdate() throws UpdateException {
|
||||
if (batchUpdateMode && doBatchUpdate) {
|
||||
deleteExistingData();
|
||||
String batchSrc = Settings.getString(Settings.KEYS.BATCH_UPDATE_URL);
|
||||
File dataDirectory = CveDB.getDataDirectory().getParentFile();
|
||||
URL batchUrl = new URL(batchSrc);
|
||||
File tmp = File.createTempFile("batch_", ".zip");
|
||||
Downloader.fetchFile(batchUrl, tmp);
|
||||
FileUtils.extractFiles(tmp, dataDirectory);
|
||||
final String batchSrc = Settings.getString(Settings.KEYS.BATCH_UPDATE_URL);
|
||||
File tmp = null;
|
||||
try {
|
||||
deleteExistingData();
|
||||
final File dataDirectory = CveDB.getDataDirectory().getParentFile();
|
||||
final URL batchUrl = new URL(batchSrc);
|
||||
if ("file".equals(batchUrl.getProtocol())) {
|
||||
try {
|
||||
tmp = new File(batchUrl.toURI());
|
||||
} catch (URISyntaxException ex) {
|
||||
final String msg = String.format("Invalid batch update URI: %s", batchSrc);
|
||||
throw new UpdateException(msg, ex);
|
||||
}
|
||||
} else if ("http".equals(batchUrl.getProtocol())
|
||||
|| "https".equals(batchUrl.getProtocol())) {
|
||||
tmp = File.createTempFile("batch_", ".zip");
|
||||
Downloader.fetchFile(batchUrl, tmp);
|
||||
}
|
||||
//TODO add FTP?
|
||||
FileUtils.extractFiles(tmp, dataDirectory);
|
||||
|
||||
} catch (IOException ex) {
|
||||
final String msg = String.format("IO Exception Occured performing batch update using: %s", batchSrc);
|
||||
throw new UpdateException(msg, ex);
|
||||
} finally {
|
||||
if (tmp != null && !tmp.delete()) {
|
||||
tmp.deleteOnExit();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -131,23 +131,23 @@ public final class Downloader {
|
||||
long timestamp = 0;
|
||||
//TODO add the FPR protocol?
|
||||
if ("file".equalsIgnoreCase(url.getProtocol())) {
|
||||
File f;
|
||||
File lastModifiedFile;
|
||||
try {
|
||||
if (System.getProperty("os.name").toLowerCase().startsWith("windows")) {
|
||||
String filePath = url.toString();
|
||||
if (filePath.matches("file://[a-zA-Z]:.*")) {
|
||||
f = new File(filePath.substring(7));
|
||||
} else {
|
||||
f = new File(url.toURI());
|
||||
}
|
||||
} else {
|
||||
f = new File(url.toURI());
|
||||
}
|
||||
// if (System.getProperty("os.name").toLowerCase().startsWith("windows")) {
|
||||
// String filePath = url.toString();
|
||||
// if (filePath.matches("file://[a-zA-Z]:.*")) {
|
||||
// f = new File(filePath.substring(7));
|
||||
// } else {
|
||||
// f = new File(url.toURI());
|
||||
// }
|
||||
// } else {
|
||||
lastModifiedFile = new File(url.toURI());
|
||||
// }
|
||||
} catch (URISyntaxException ex) {
|
||||
final String msg = String.format("Unable to locate '%s'; is the cve.url-2.0.modified property set correctly?", url.toString());
|
||||
throw new DownloadFailedException(msg);
|
||||
}
|
||||
timestamp = f.lastModified();
|
||||
timestamp = lastModifiedFile.lastModified();
|
||||
} else {
|
||||
HttpURLConnection conn = null;
|
||||
try {
|
||||
@@ -192,11 +192,8 @@ public final class Downloader {
|
||||
} else {
|
||||
conn = (HttpURLConnection) url.openConnection();
|
||||
}
|
||||
//added a default timeout of 20000
|
||||
//if (Settings.getString(Settings.KEYS.CONNECTION_TIMEOUT) != null) {
|
||||
final int timeout = Settings.getInt(Settings.KEYS.CONNECTION_TIMEOUT, 60000);
|
||||
conn.setConnectTimeout(timeout);
|
||||
//}
|
||||
} catch (IOException ex) {
|
||||
if (conn != null) {
|
||||
try {
|
||||
|
||||
@@ -200,7 +200,7 @@ public final class FileUtils {
|
||||
while ((entry = zis.getNextEntry()) != null) {
|
||||
if (entry.isDirectory()) {
|
||||
final File d = new File(extractTo, entry.getName());
|
||||
if (!d.mkdirs()) {
|
||||
if (!d.exists() && !d.mkdirs()) {
|
||||
final String msg = String.format("Unable to create '%s'.", d.getAbsolutePath());
|
||||
throw new ExtractionException(msg);
|
||||
}
|
||||
|
||||
@@ -24,7 +24,7 @@ cve.url.modified.validfordays=7
|
||||
# into the specified "data" directory. Additionally, after pulling the data the
|
||||
# system will attempt to update the modified. Thus, if one were maintaining an
|
||||
# internal copy of the data one would not need to update it nightly.
|
||||
batch.update.url=file://C:/Users/jeremy/Desktop/demo/cli/data/data.zip
|
||||
#batch.update.url=file:///C:/path/to/data.zip
|
||||
|
||||
# the path to the modified nvd cve xml file.
|
||||
cve.url-1.2.modified=http://nvd.nist.gov/download/nvdcve-modified.xml
|
||||
|
||||
Reference in New Issue
Block a user