diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java index c79e21b2f..829fdad27 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java @@ -117,7 +117,7 @@ public final class ConnectionFactory { } } catch (DriverLoadException ex) { LOGGER.debug("Unable to load database driver", ex); - throw new DatabaseException("Unable to load database driver"); + throw new DatabaseException("Unable to load database driver", ex); } } userName = Settings.getString(Settings.KEYS.DB_USER, "dcuser"); @@ -130,7 +130,7 @@ public final class ConnectionFactory { } catch (IOException ex) { LOGGER.debug( "Unable to retrieve the database connection string", ex); - throw new DatabaseException("Unable to retrieve the database connection string"); + throw new DatabaseException("Unable to retrieve the database connection string", ex); } boolean shouldCreateSchema = false; try { @@ -140,7 +140,7 @@ public final class ConnectionFactory { } } catch (IOException ioex) { LOGGER.debug("Unable to verify database exists", ioex); - throw new DatabaseException("Unable to verify database exists"); + throw new DatabaseException("Unable to verify database exists", ioex); } LOGGER.debug("Loading database connection"); LOGGER.debug("Connection String: {}", connectionString); @@ -157,11 +157,11 @@ public final class ConnectionFactory { LOGGER.debug("Unable to start the database in server mode; reverting to single user mode"); } catch (SQLException sqlex) { LOGGER.debug("Unable to connect to the database", ex); - throw new DatabaseException("Unable to connect to the database"); + throw new DatabaseException("Unable to connect to the database", ex); } } else { LOGGER.debug("Unable to connect to the database", ex); - throw new DatabaseException("Unable to connect to the database"); + throw new DatabaseException("Unable to connect to the database", ex); } } @@ -170,7 +170,7 @@ public final class ConnectionFactory { createTables(conn); } catch (DatabaseException dex) { LOGGER.debug("", dex); - throw new DatabaseException("Unable to create the database structure"); + throw new DatabaseException("Unable to create the database structure", dex); } } try { @@ -228,7 +228,7 @@ public final class ConnectionFactory { conn = DriverManager.getConnection(connectionString, userName, password); } catch (SQLException ex) { LOGGER.debug("", ex); - throw new DatabaseException("Unable to connect to the database"); + throw new DatabaseException("Unable to connect to the database", ex); } return conn; } @@ -317,7 +317,7 @@ public final class ConnectionFactory { try { databaseProductName = conn.getMetaData().getDatabaseProductName(); } catch (SQLException ex) { - throw new DatabaseException("Unable to get the database product name"); + throw new DatabaseException("Unable to get the database product name", ex); } if ("h2".equalsIgnoreCase(databaseProductName)) { LOGGER.debug("Updating database structure"); @@ -412,7 +412,7 @@ public final class ConnectionFactory { } } catch (SQLException ex) { LOGGER.debug("", ex); - throw new DatabaseException("Unable to check the database schema version"); + throw new DatabaseException("Unable to check the database schema version", ex); } finally { DBUtils.closeResultSet(rs); DBUtils.closeStatement(ps); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java index 8d1c63415..d743c522f 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java @@ -231,7 +231,7 @@ public final class CveDB implements AutoCloseable { */ private static String determineDatabaseProductName(Connection conn) { try { - final String databaseProductName = conn.getMetaData().getDatabaseProductName(); + final String databaseProductName = conn.getMetaData().getDatabaseProductName().toLowerCase(); LOGGER.debug("Database product: {}", databaseProductName); return databaseProductName; } catch (SQLException se) { @@ -258,14 +258,19 @@ public final class CveDB implements AutoCloseable { * database connection */ private synchronized void open() throws DatabaseException { - if (!instance.isOpen()) { - instance.connection = ConnectionFactory.getConnection(); - final String databaseProductName = determineDatabaseProductName(instance.connection); - instance.statementBundle = databaseProductName != null - ? ResourceBundle.getBundle("data/dbStatements", new Locale(databaseProductName)) - : ResourceBundle.getBundle("data/dbStatements"); - instance.prepareStatements(); - instance.databaseProperties = new DatabaseProperties(instance); + try { + if (!instance.isOpen()) { + instance.connection = ConnectionFactory.getConnection(); + final String databaseProductName = determineDatabaseProductName(instance.connection); + instance.statementBundle = databaseProductName != null + ? ResourceBundle.getBundle("data/dbStatements", new Locale(databaseProductName)) + : ResourceBundle.getBundle("data/dbStatements"); + instance.prepareStatements(); + instance.databaseProperties = new DatabaseProperties(instance); + } + } catch(DatabaseException e) { + releaseResources(); + throw e; } } @@ -290,14 +295,18 @@ public final class CveDB implements AutoCloseable { LOGGER.error("There was an exception attempting to close the CveDB, see the log for more details."); LOGGER.debug("", ex); } - instance.statementBundle = null; - instance.preparedStatements.clear(); - instance.databaseProperties = null; - instance.connection = null; + releaseResources(); } } } + private synchronized void releaseResources() { + instance.statementBundle = null; + instance.preparedStatements.clear(); + instance.databaseProperties = null; + instance.connection = null; + } + /** * Returns whether the database connection is open or closed. * @@ -315,15 +324,15 @@ public final class CveDB implements AutoCloseable { */ private void prepareStatements() throws DatabaseException { for (PreparedStatementCveDb key : values()) { - final String statementString = statementBundle.getString(key.name()); final PreparedStatement preparedStatement; try { + final String statementString = statementBundle.getString(key.name()); if (key == INSERT_VULNERABILITY || key == INSERT_CPE) { preparedStatement = connection.prepareStatement(statementString, new String[]{"id"}); } else { preparedStatement = connection.prepareStatement(statementString); } - } catch (SQLException exception) { + } catch (SQLException | MissingResourceException exception) { throw new DatabaseException(exception); } preparedStatements.put(key, preparedStatement); @@ -492,7 +501,7 @@ public final class CveDB implements AutoCloseable { mergeProperty.setString(1, key); mergeProperty.setString(2, value); mergeProperty.executeUpdate(); - } catch (MissingResourceException mre) { + } catch (SQLException e) { // No Merge statement, so doing an Update/Insert... final PreparedStatement updateProperty = getPreparedStatement(UPDATE_PROPERTY); updateProperty.setString(1, value); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java index ee26e8dbd..3ab3c5c56 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java @@ -172,7 +172,9 @@ public class NvdCveUpdater implements CachedWebDataSource { throw new UpdateException("Database Exception", ex); } finally { shutdownExecutorServices(); - cveDb.close(); + if(cveDb != null) { + cveDb.close(); + } if (lock != null) { try { lock.release(); diff --git a/dependency-check-core/src/main/resources/data/dbStatements_postgreSQL.properties b/dependency-check-core/src/main/resources/data/dbStatements_postgresql.properties similarity index 100% rename from dependency-check-core/src/main/resources/data/dbStatements_postgreSQL.properties rename to dependency-check-core/src/main/resources/data/dbStatements_postgresql.properties