mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-14 07:43:40 +01:00
removed CPE from database updates
Former-commit-id: d2054cf9b9b4a28fba11ebb5c9ed565263bc4ef8
This commit is contained in:
Jeremy Long
@@ -24,7 +24,6 @@ import java.util.Map;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.Logger;
|
||||
import org.apache.lucene.index.CorruptIndexException;
|
||||
import org.owasp.dependencycheck.data.cpe.CpeIndexWriter;
|
||||
import org.owasp.dependencycheck.dependency.Reference;
|
||||
import org.owasp.dependencycheck.dependency.Vulnerability;
|
||||
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
|
||||
@@ -260,26 +259,8 @@ public class NvdCve20Handler extends DefaultHandler {
|
||||
vuln.updateVulnerableSoftware(vs);
|
||||
}
|
||||
}
|
||||
for (VulnerableSoftware vs : vuln.getVulnerableSoftware()) {
|
||||
if (cpeIndex != null) {
|
||||
cpeIndex.saveEntry(vs);
|
||||
}
|
||||
}
|
||||
cveDB.updateVulnerability(vuln);
|
||||
}
|
||||
/**
|
||||
* the cpe index.
|
||||
*/
|
||||
private CpeIndexWriter cpeIndex;
|
||||
|
||||
/**
|
||||
* Sets the cpe index writer.
|
||||
*
|
||||
* @param index the CPE Lucene Index
|
||||
*/
|
||||
public void setCpeIndex(CpeIndexWriter index) {
|
||||
cpeIndex = index;
|
||||
}
|
||||
|
||||
// <editor-fold defaultstate="collapsed" desc="The Element Class that maintains state information about the current node">
|
||||
/**
|
||||
|
||||
@@ -30,7 +30,6 @@ import javax.xml.parsers.ParserConfigurationException;
|
||||
import javax.xml.parsers.SAXParser;
|
||||
import javax.xml.parsers.SAXParserFactory;
|
||||
import org.owasp.dependencycheck.data.UpdateException;
|
||||
import org.owasp.dependencycheck.data.cpe.CpeIndexWriter;
|
||||
import org.owasp.dependencycheck.data.nvdcve.CveDB;
|
||||
import org.owasp.dependencycheck.utils.FileUtils;
|
||||
import org.owasp.dependencycheck.utils.Settings;
|
||||
@@ -92,19 +91,6 @@ public abstract class AbstractUpdateTask implements UpdateTask {
|
||||
protected CveDB getCveDB() {
|
||||
return cveDB;
|
||||
}
|
||||
/**
|
||||
* Reference to the Cpe Index.
|
||||
*/
|
||||
private CpeIndexWriter cpeIndex = null;
|
||||
|
||||
/**
|
||||
* Returns the CpeIndex.
|
||||
*
|
||||
* @return the CpeIndex
|
||||
*/
|
||||
protected CpeIndexWriter getCpeIndex() {
|
||||
return cpeIndex;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets whether or not an update is needed.
|
||||
@@ -199,13 +185,6 @@ public abstract class AbstractUpdateTask implements UpdateTask {
|
||||
Logger.getLogger(AbstractUpdateTask.class.getName()).log(Level.FINEST, "Error closing the cveDB", ignore);
|
||||
}
|
||||
}
|
||||
if (cpeIndex != null) {
|
||||
try {
|
||||
cpeIndex.close();
|
||||
} catch (Exception ignore) {
|
||||
Logger.getLogger(AbstractUpdateTask.class.getName()).log(Level.FINEST, "Error closing the cpeIndex", ignore);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -218,8 +197,6 @@ public abstract class AbstractUpdateTask implements UpdateTask {
|
||||
try {
|
||||
cveDB = new CveDB();
|
||||
cveDB.open();
|
||||
cpeIndex = new CpeIndexWriter();
|
||||
cpeIndex.open();
|
||||
} catch (IOException ex) {
|
||||
closeDataStores();
|
||||
Logger.getLogger(AbstractUpdateTask.class.getName()).log(Level.FINE, "IO Error opening databases", ex);
|
||||
@@ -269,8 +246,8 @@ public abstract class AbstractUpdateTask implements UpdateTask {
|
||||
* @throws ClassNotFoundException thrown if the h2 database driver cannot be
|
||||
* loaded
|
||||
*/
|
||||
protected void importXML(File file, File oldVersion)
|
||||
throws ParserConfigurationException, SAXException, IOException, SQLException, DatabaseException, ClassNotFoundException {
|
||||
protected void importXML(File file, File oldVersion) throws ParserConfigurationException,
|
||||
SAXException, IOException, SQLException, DatabaseException, ClassNotFoundException {
|
||||
|
||||
final SAXParserFactory factory = SAXParserFactory.newInstance();
|
||||
final SAXParser saxParser = factory.newSAXParser();
|
||||
@@ -282,7 +259,6 @@ public abstract class AbstractUpdateTask implements UpdateTask {
|
||||
final NvdCve20Handler cve20Handler = new NvdCve20Handler();
|
||||
cve20Handler.setCveDB(cveDB);
|
||||
cve20Handler.setPrevVersionVulnMap(prevVersionVulnMap);
|
||||
cve20Handler.setCpeIndex(cpeIndex);
|
||||
saxParser.parse(file, cve20Handler);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -24,9 +24,6 @@ import org.owasp.dependencycheck.data.CachedWebDataSource;
|
||||
import java.net.MalformedURLException;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.Logger;
|
||||
import org.owasp.dependencycheck.concurrency.DirectoryLockException;
|
||||
import org.owasp.dependencycheck.concurrency.DirectorySpinLock;
|
||||
import org.owasp.dependencycheck.concurrency.InvalidDirectoryException;
|
||||
import org.owasp.dependencycheck.data.UpdateException;
|
||||
import org.owasp.dependencycheck.utils.DownloadFailedException;
|
||||
import org.owasp.dependencycheck.utils.FileUtils;
|
||||
@@ -48,24 +45,9 @@ public class DatabaseUpdater implements CachedWebDataSource {
|
||||
*/
|
||||
@Override
|
||||
public void update() throws UpdateException {
|
||||
final File dataDir = Settings.getFile(Settings.KEYS.DATA_DIRECTORY);
|
||||
DirectorySpinLock lock = null;
|
||||
try {
|
||||
lock = new DirectorySpinLock(dataDir);
|
||||
} catch (InvalidDirectoryException ex) {
|
||||
throw new UpdateException("Unable to obtain lock on the data directory", ex);
|
||||
} catch (DirectoryLockException ex) {
|
||||
throw new UpdateException("Unable to obtain exclusive lock on the data directory", ex);
|
||||
}
|
||||
|
||||
try {
|
||||
lock.obtainSharedLock();
|
||||
final UpdateTask task = UpdateTaskFactory.getUpdateTask();
|
||||
|
||||
|
||||
if (task.isUpdateNeeded()) {
|
||||
lock.release();
|
||||
lock.obtainExclusiveLock();
|
||||
if (task.shouldDeleteAndRecreate()) {
|
||||
try {
|
||||
deleteExistingData();
|
||||
@@ -76,10 +58,6 @@ public class DatabaseUpdater implements CachedWebDataSource {
|
||||
}
|
||||
task.update();
|
||||
}
|
||||
} catch (DirectoryLockException ex) {
|
||||
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING,
|
||||
"Unable to obtain lock on data directory, unable to update the data to use the most current data.");
|
||||
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, null, ex);
|
||||
} catch (MalformedURLException ex) {
|
||||
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING,
|
||||
"NVD CVE properties files contain an invalid URL, unable to update the data to use the most current data.");
|
||||
@@ -88,10 +66,6 @@ public class DatabaseUpdater implements CachedWebDataSource {
|
||||
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING,
|
||||
"Unable to download the NVD CVE data, unable to update the data to use the most current data.");
|
||||
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, null, ex);
|
||||
} finally {
|
||||
if (lock != null) {
|
||||
lock.release();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -110,7 +110,6 @@ public class StandardUpdateTask extends AbstractUpdateTask {
|
||||
importXML(outputPath, outputPath12);
|
||||
|
||||
getCveDB().commit();
|
||||
getCpeIndex().commit();
|
||||
getProperties().save(cve);
|
||||
|
||||
Logger.getLogger(StandardUpdateTask.class.getName()).log(Level.INFO,
|
||||
|
||||
Reference in New Issue
Block a user