github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-21 16:49:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

changed CveDB to a singeton

Browse Source
This commit is contained in:
Jeremy Long
2017-03-07 05:49:12 -05:00
parent 5ed5764ab5
commit 679df936e7
26 changed files with 343 additions and 719 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java
View File

@@ -944,16 +944,13 @@ public class Check extends Update {
DatabaseProperties prop = null; DatabaseProperties prop = null;
CveDB cve = null; CveDB cve = null;
try { try {
cve = new CveDB(); cve = CveDB.getInstance();
cve.open();
prop = cve.getDatabaseProperties(); prop = cve.getDatabaseProperties();
} catch (DatabaseException ex) { } catch (DatabaseException ex) {
//TODO shouldn't this be a fatal exception
log("Unable to retrieve DB Properties", ex, Project.MSG_DEBUG); log("Unable to retrieve DB Properties", ex, Project.MSG_DEBUG);
} finally {
if (cve != null) {
cve.close();
}
} }
final ReportGenerator reporter = new ReportGenerator(getProjectName(), engine.getDependencies(), engine.getAnalyzers(), prop); final ReportGenerator reporter = new ReportGenerator(getProjectName(), engine.getDependencies(), engine.getAnalyzers(), prop);
reporter.generateReports(reportOutputDirectory, reportFormat); reporter.generateReports(reportOutputDirectory, reportFormat);

11
dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
View File

@@ -284,15 +284,8 @@ public class App {
final List<Dependency> dependencies = engine.getDependencies(); final List<Dependency> dependencies = engine.getDependencies();
DatabaseProperties prop = null; DatabaseProperties prop = null;
CveDB cve = null; CveDB cve = null;
try { cve = CveDB.getInstance();
cve = new CveDB(); prop = cve.getDatabaseProperties();
cve.open();
prop = cve.getDatabaseProperties();
} finally {
if (cve != null) {
cve.close();
}
}
final ReportGenerator report = new ReportGenerator(applicationName, dependencies, engine.getAnalyzers(), prop); final ReportGenerator report = new ReportGenerator(applicationName, dependencies, engine.getAnalyzers(), prop);
try { try {
report.generateReports(reportDirectory, outputFormat); report.generateReports(reportDirectory, outputFormat);

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/AnalysisTask.java
View File

@@ -34,7 +34,7 @@ import java.util.concurrent.Callable;
* *
* @author Stefan Neuhaus * @author Stefan Neuhaus
*/ */
class AnalysisTask implements Callable<Void> { public class AnalysisTask implements Callable<Void> {
/** /**
* Instance of the logger. * Instance of the logger.

44
dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
View File

@@ -71,7 +71,7 @@ public class Engine implements FileFilter {
/** /**
* A Map of analyzers grouped by Analysis phase. * A Map of analyzers grouped by Analysis phase.
*/ */
private final Map<AnalysisPhase, List<Analyzer>> analyzers = new EnumMap<AnalysisPhase, List<Analyzer>>(AnalysisPhase.class); private final Map<AnalysisPhase, List<Analyzer>> analyzers = new EnumMap<>(AnalysisPhase.class);
/** /**
* A Map of analyzers grouped by Analysis phase. * A Map of analyzers grouped by Analysis phase.
@@ -126,6 +126,11 @@ public class Engine implements FileFilter {
* Properly cleans up resources allocated during analysis. * Properly cleans up resources allocated during analysis.
*/ */
public void cleanup() { public void cleanup() {
try {
CveDB.getInstance().closeDatabase();
} catch (DatabaseException ex) {
LOGGER.trace("Error closing the database", ex);
}
ConnectionFactory.cleanup(); ConnectionFactory.cleanup();
} }
@@ -140,7 +145,7 @@ public class Engine implements FileFilter {
for (AnalysisPhase phase : AnalysisPhase.values()) { for (AnalysisPhase phase : AnalysisPhase.values()) {
analyzers.put(phase, new ArrayList<Analyzer>()); analyzers.put(phase, new ArrayList<Analyzer>());
} }
final AnalyzerService service = new AnalyzerService(serviceClassLoader); final AnalyzerService service = new AnalyzerService(serviceClassLoader);
final List<Analyzer> iterator = service.getAnalyzers(); final List<Analyzer> iterator = service.getAnalyzers();
for (Analyzer a : iterator) { for (Analyzer a : iterator) {
@@ -213,7 +218,7 @@ public class Engine implements FileFilter {
* @since v1.4.4 * @since v1.4.4
*/ */
public List<Dependency> scan(String[] paths, String projectReference) { public List<Dependency> scan(String[] paths, String projectReference) {
final List<Dependency> deps = new ArrayList<Dependency>(); final List<Dependency> deps = new ArrayList<>();
for (String path : paths) { for (String path : paths) {
final List<Dependency> d = scan(path, projectReference); final List<Dependency> d = scan(path, projectReference);
if (d != null) { if (d != null) {
@@ -384,7 +389,7 @@ public class Engine implements FileFilter {
*/ */
protected List<Dependency> scanDirectory(File dir, String projectReference) { protected List<Dependency> scanDirectory(File dir, String projectReference) {
final File[] files = dir.listFiles(); final File[] files = dir.listFiles();
final List<Dependency> deps = new ArrayList<Dependency>(); final List<Dependency> deps = new ArrayList<>();
if (files != null) { if (files != null) {
for (File f : files) { for (File f : files) {
if (f.isDirectory()) { if (f.isDirectory()) {
@@ -504,7 +509,7 @@ public class Engine implements FileFilter {
} catch (DatabaseException ex) { } catch (DatabaseException ex) {
throwFatalExceptionCollection("Unable to connect to the dependency-check database.", ex, exceptions); throwFatalExceptionCollection("Unable to connect to the dependency-check database.", ex, exceptions);
} }
LOGGER.debug("\n----------------------------------------------------\nBEGIN ANALYSIS\n----------------------------------------------------"); LOGGER.debug("\n----------------------------------------------------\nBEGIN ANALYSIS\n----------------------------------------------------");
LOGGER.info("Analysis Started"); LOGGER.info("Analysis Started");
final long analysisStart = System.currentTimeMillis(); final long analysisStart = System.currentTimeMillis();
@@ -512,7 +517,7 @@ public class Engine implements FileFilter {
// analysis phases // analysis phases
for (AnalysisPhase phase : AnalysisPhase.values()) { for (AnalysisPhase phase : AnalysisPhase.values()) {
final List<Analyzer> analyzerList = analyzers.get(phase); final List<Analyzer> analyzerList = analyzers.get(phase);
for (final Analyzer analyzer : analyzerList) { for (final Analyzer analyzer : analyzerList) {
final long analyzerStart = System.currentTimeMillis(); final long analyzerStart = System.currentTimeMillis();
try { try {
@@ -521,10 +526,10 @@ public class Engine implements FileFilter {
exceptions.add(ex); exceptions.add(ex);
continue; continue;
} }
if (analyzer.isEnabled()) { if (analyzer.isEnabled()) {
executeAnalysisTasks(analyzer, exceptions); executeAnalysisTasks(analyzer, exceptions);
final long analyzerDurationMillis = System.currentTimeMillis() - analyzerStart; final long analyzerDurationMillis = System.currentTimeMillis() - analyzerStart;
final long analyzerDurationSeconds = TimeUnit.MILLISECONDS.toSeconds(analyzerDurationMillis); final long analyzerDurationSeconds = TimeUnit.MILLISECONDS.toSeconds(analyzerDurationMillis);
LOGGER.info("Finished {} ({} seconds)", analyzer.getName(), analyzerDurationSeconds); LOGGER.info("Finished {} ({} seconds)", analyzer.getName(), analyzerDurationSeconds);
@@ -535,12 +540,12 @@ public class Engine implements FileFilter {
} }
for (AnalysisPhase phase : AnalysisPhase.values()) { for (AnalysisPhase phase : AnalysisPhase.values()) {
final List<Analyzer> analyzerList = analyzers.get(phase); final List<Analyzer> analyzerList = analyzers.get(phase);
for (Analyzer a : analyzerList) { for (Analyzer a : analyzerList) {
closeAnalyzer(a); closeAnalyzer(a);
} }
} }
LOGGER.debug("\n----------------------------------------------------\nEND ANALYSIS\n----------------------------------------------------"); LOGGER.debug("\n----------------------------------------------------\nEND ANALYSIS\n----------------------------------------------------");
final long analysisDurationSeconds = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis() - analysisStart); final long analysisDurationSeconds = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis() - analysisStart);
LOGGER.info("Analysis Complete ({} seconds)", analysisDurationSeconds); LOGGER.info("Analysis Complete ({} seconds)", analysisDurationSeconds);
@@ -561,7 +566,7 @@ public class Engine implements FileFilter {
LOGGER.debug("Starting {}", analyzer.getName()); LOGGER.debug("Starting {}", analyzer.getName());
final List<AnalysisTask> analysisTasks = getAnalysisTasks(analyzer, exceptions); final List<AnalysisTask> analysisTasks = getAnalysisTasks(analyzer, exceptions);
final ExecutorService executorService = getExecutorService(analyzer); final ExecutorService executorService = getExecutorService(analyzer);
try { try {
final List<Future<Void>> results = executorService.invokeAll(analysisTasks, 10, TimeUnit.MINUTES); final List<Future<Void>> results = executorService.invokeAll(analysisTasks, 10, TimeUnit.MINUTES);
@@ -610,7 +615,7 @@ public class Engine implements FileFilter {
if (analyzer.supportsParallelProcessing()) { if (analyzer.supportsParallelProcessing()) {
// just a fair trade-off that should be reasonable for all analyzer types // just a fair trade-off that should be reasonable for all analyzer types
final int maximumNumberOfThreads = 4 * Runtime.getRuntime().availableProcessors(); final int maximumNumberOfThreads = 4 * Runtime.getRuntime().availableProcessors();
LOGGER.debug("Parallel processing with up to {} threads: {}.", maximumNumberOfThreads, analyzer.getName()); LOGGER.debug("Parallel processing with up to {} threads: {}.", maximumNumberOfThreads, analyzer.getName());
return Executors.newFixedThreadPool(maximumNumberOfThreads); return Executors.newFixedThreadPool(maximumNumberOfThreads);
} else { } else {
@@ -692,7 +697,7 @@ public class Engine implements FileFilter {
* @return a list of Analyzers * @return a list of Analyzers
*/ */
public List<Analyzer> getAnalyzers() { public List<Analyzer> getAnalyzers() {
final List<Analyzer> ret = new ArrayList<Analyzer>(); final List<Analyzer> ret = new ArrayList<>();
for (AnalysisPhase phase : AnalysisPhase.values()) { for (AnalysisPhase phase : AnalysisPhase.values()) {
final List<Analyzer> analyzerList = analyzers.get(phase); final List<Analyzer> analyzerList = analyzers.get(phase);
ret.addAll(analyzerList); ret.addAll(analyzerList);
@@ -749,16 +754,9 @@ public class Engine implements FileFilter {
* database * database
*/ */
private void ensureDataExists() throws NoDataException, DatabaseException { private void ensureDataExists() throws NoDataException, DatabaseException {
final CveDB cve = new CveDB(); final CveDB cve = CveDB.getInstance();
try { if (!cve.dataExists()) {
cve.open(); throw new NoDataException("No documents exist");
if (!cve.dataExists()) {
throw new NoDataException("No documents exist");
}
} catch (DatabaseException ex) {
throw new NoDataException(ex.getMessage(), ex);
} finally {
cve.close();
} }
} }

11
dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java
View File

@@ -844,22 +844,17 @@ public class DependencyCheckScanAgent {
DatabaseProperties prop = null; DatabaseProperties prop = null;
CveDB cve = null; CveDB cve = null;
try { try {
cve = new CveDB(); cve = CveDB.getInstance();
cve.open();
prop = cve.getDatabaseProperties(); prop = cve.getDatabaseProperties();
} catch (DatabaseException ex) { } catch (DatabaseException ex) {
//TODO shouldn't this throw an exception or return?
LOGGER.debug("Unable to retrieve DB Properties", ex); LOGGER.debug("Unable to retrieve DB Properties", ex);
} finally {
if (cve != null) {
cve.close();
}
} }
final ReportGenerator r = new ReportGenerator(this.applicationName, engine.getDependencies(), engine.getAnalyzers(), prop); final ReportGenerator r = new ReportGenerator(this.applicationName, engine.getDependencies(), engine.getAnalyzers(), prop);
try { try {
r.generateReports(outDirectory.getCanonicalPath(), this.reportFormat.name()); r.generateReports(outDirectory.getCanonicalPath(), this.reportFormat.name());
} catch (IOException ex) { } catch (IOException ex) {
LOGGER.error( LOGGER.error("Unexpected exception occurred during analysis; please see the verbose error log for more details.");
"Unexpected exception occurred during analysis; please see the verbose error log for more details.");
LOGGER.debug("", ex); LOGGER.debug("", ex);
} catch (Throwable ex) { } catch (Throwable ex) {
LOGGER.error( LOGGER.error(

7
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
View File

@@ -163,8 +163,7 @@ public class CPEAnalyzer extends AbstractAnalyzer {
*/ */
public void open() throws IOException, DatabaseException { public void open() throws IOException, DatabaseException {
if (!isOpen()) { if (!isOpen()) {
cve = new CveDB(); cve = CveDB.getInstance();
cve.open();
cpe = CpeMemoryIndex.getInstance(); cpe = CpeMemoryIndex.getInstance();
try { try {
final long creationStart = System.currentTimeMillis(); final long creationStart = System.currentTimeMillis();
@@ -187,10 +186,6 @@ public class CPEAnalyzer extends AbstractAnalyzer {
cpe.close(); cpe.close();
cpe = null; cpe = null;
} }
if (cve != null) {
cve.close();
cve = null;
}
} }
public boolean isOpen() { public boolean isOpen() {

17
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java
View File

@@ -60,8 +60,7 @@ public class NvdCveAnalyzer extends AbstractAnalyzer {
* loaded * loaded
*/ */
public void open() throws SQLException, IOException, DatabaseException, ClassNotFoundException { public void open() throws SQLException, IOException, DatabaseException, ClassNotFoundException {
cveDB = new CveDB(); cveDB = CveDB.getInstance();
cveDB.open();
} }
/** /**
@@ -69,7 +68,6 @@ public class NvdCveAnalyzer extends AbstractAnalyzer {
*/ */
@Override @Override
public void closeAnalyzer() { public void closeAnalyzer() {
cveDB.close();
cveDB = null; cveDB = null;
} }
@@ -82,19 +80,6 @@ public class NvdCveAnalyzer extends AbstractAnalyzer {
return cveDB != null; return cveDB != null;
} }
/**
* Ensures that the CVE Database is closed.
*
* @throws Throwable an exception raised by this method
*/
@Override
protected void finalize() throws Throwable {
super.finalize();
if (isOpen()) {
close();
}
}
/** /**
* Analyzes a dependency and attempts to determine if there are any CPE * Analyzes a dependency and attempts to determine if there are any CPE
* identifiers for this dependency. * identifiers for this dependency.

4
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
View File

@@ -145,8 +145,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
@Override @Override
public void initializeFileTypeAnalyzer() throws InitializationException { public void initializeFileTypeAnalyzer() throws InitializationException {
try { try {
cvedb = new CveDB(); cvedb = CveDB.getInstance();
cvedb.open();
} catch (DatabaseException ex) { } catch (DatabaseException ex) {
LOGGER.warn("Exception opening the database"); LOGGER.warn("Exception opening the database");
LOGGER.debug("error", ex); LOGGER.debug("error", ex);
@@ -160,7 +159,6 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
} catch (AnalysisException ae) { } catch (AnalysisException ae) {
setEnabled(false); setEnabled(false);
cvedb.close();
cvedb = null; cvedb = null;
final String msg = String.format("Exception from bundle-audit process: %s. Disabling %s", ae.getCause(), ANALYZER_NAME); final String msg = String.format("Exception from bundle-audit process: %s. Disabling %s", ae.getCause(), ANALYZER_NAME);
throw new InitializationException(msg, ae); throw new InitializationException(msg, ae);

72
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
View File

@@ -51,15 +51,19 @@ import org.slf4j.LoggerFactory;
import static org.owasp.dependencycheck.data.nvdcve.CveDB.PreparedStatementCveDb.*; import static org.owasp.dependencycheck.data.nvdcve.CveDB.PreparedStatementCveDb.*;
/** /**
* The database holding information about the NVD CVE data. * The database holding information about the NVD CVE data. This class is safe
* This class is safe to be accessed from multiple threads in parallel, however * to be accessed from multiple threads in parallel, however internally only one
* internally only one connection will be used. * connection will be used.
* *
* @author Jeremy Long * @author Jeremy Long
*/ */
@ThreadSafe @ThreadSafe
public final class CveDB { public final class CveDB {
/**
* Singleton instance of the CveDB.
*/
private static CveDB INSTANCE = null;
/** /**
* The logger. * The logger.
*/ */
@@ -76,10 +80,10 @@ public final class CveDB {
* Database properties object containing the 'properties' from the database * Database properties object containing the 'properties' from the database
* table. * table.
*/ */
private final DatabaseProperties databaseProperties; private DatabaseProperties databaseProperties;
/** /**
* Does the underlying connection support batch operations? * Does the underlying connection support batch operations? Currently we do
* Currently we do not support batch execution. * not support batch execution.
*/ */
private final boolean batchSupported = false; private final boolean batchSupported = false;
/** /**
@@ -116,6 +120,19 @@ public final class CveDB {
UPDATE_VULNERABILITY UPDATE_VULNERABILITY
} }
/**
* Gets the CveDB singleton object.
*
* @return the CveDB singleton
* @throws DatabaseException thrown if there is a database error
*/
public synchronized static CveDB getInstance() throws DatabaseException {
if (INSTANCE == null) {
INSTANCE = new CveDB();
}
return INSTANCE;
}
/** /**
* Creates a new CveDB object and opens the database connection. Note, the * Creates a new CveDB object and opens the database connection. Note, the
* connection must be closed by the caller by calling the close method. * connection must be closed by the caller by calling the close method.
@@ -123,12 +140,12 @@ public final class CveDB {
* @throws DatabaseException thrown if there is an exception opening the * @throws DatabaseException thrown if there is an exception opening the
* database. * database.
*/ */
public CveDB() throws DatabaseException { private CveDB() throws DatabaseException {
open(); openDatabase();
final String databaseProductName = determineDatabaseProductName(); final String databaseProductName = determineDatabaseProductName();
statementBundle = databaseProductName != null ? statementBundle = databaseProductName != null
ResourceBundle.getBundle("data/dbStatements", new Locale(databaseProductName)) : ? ResourceBundle.getBundle("data/dbStatements", new Locale(databaseProductName))
ResourceBundle.getBundle("data/dbStatements"); : ResourceBundle.getBundle("data/dbStatements");
preparedStatements = prepareStatements(); preparedStatements = prepareStatements();
databaseProperties = new DatabaseProperties(this); databaseProperties = new DatabaseProperties(this);
} }
@@ -165,7 +182,7 @@ public final class CveDB {
* @throws DatabaseException thrown if there is an error opening the * @throws DatabaseException thrown if there is an error opening the
* database connection * database connection
*/ */
public synchronized void open() throws DatabaseException { public synchronized void openDatabase() throws DatabaseException {
if (!isOpen()) { if (!isOpen()) {
connection = ConnectionFactory.getConnection(); connection = ConnectionFactory.getConnection();
} }
@@ -175,7 +192,7 @@ public final class CveDB {
* Closes the DB4O database. Close should be called on this object when it * Closes the DB4O database. Close should be called on this object when it
* is done being used. * is done being used.
*/ */
public synchronized void close() { public synchronized void closeDatabase() {
if (isOpen()) { if (isOpen()) {
closeStatements(); closeStatements();
try { try {
@@ -188,6 +205,7 @@ public final class CveDB {
LOGGER.debug("", ex); LOGGER.debug("", ex);
} }
connection = null; connection = null;
INSTANCE = null;
} }
} }
@@ -204,7 +222,8 @@ public final class CveDB {
* Prepares all statements to be used and returns them. * Prepares all statements to be used and returns them.
* *
* @return the prepared statements * @return the prepared statements
* @throws DatabaseException thrown if there is an error preparing the statements * @throws DatabaseException thrown if there is an error preparing the
* statements
*/ */
private EnumMap<PreparedStatementCveDb, PreparedStatement> prepareStatements() private EnumMap<PreparedStatementCveDb, PreparedStatement> prepareStatements()
throws DatabaseException { throws DatabaseException {
@@ -239,7 +258,8 @@ public final class CveDB {
/** /**
* Returns the specified prepared statement. * Returns the specified prepared statement.
* *
* @param key the prepared statement from {@link PreparedStatementCveDb} to return * @param key the prepared statement from {@link PreparedStatementCveDb} to
* return
* @return the prepared statement * @return the prepared statement
* @throws SQLException thrown if a SQL Exception occurs * @throws SQLException thrown if a SQL Exception occurs
*/ */
@@ -270,7 +290,7 @@ public final class CveDB {
@SuppressWarnings("FinalizeDeclaration") @SuppressWarnings("FinalizeDeclaration")
protected void finalize() throws Throwable { protected void finalize() throws Throwable {
LOGGER.debug("Entering finalize"); LOGGER.debug("Entering finalize");
close(); closeDatabase();
super.finalize(); super.finalize();
} }
@@ -283,6 +303,16 @@ public final class CveDB {
return databaseProperties; return databaseProperties;
} }
/**
* Used within the unit tests to reload the database properties.
*
* @return the database properties
*/
protected DatabaseProperties reloadProperties() {
databaseProperties = new DatabaseProperties(this);
return databaseProperties;
}
/** /**
* Searches the CPE entries in the database and retrieves all entries for a * Searches the CPE entries in the database and retrieves all entries for a
* given vendor and product combination. The returned list will include all * given vendor and product combination. The returned list will include all
@@ -294,7 +324,7 @@ public final class CveDB {
* @return a set of vulnerable software * @return a set of vulnerable software
*/ */
public synchronized Set<VulnerableSoftware> getCPEs(String vendor, String product) { public synchronized Set<VulnerableSoftware> getCPEs(String vendor, String product) {
final Set<VulnerableSoftware> cpe = new HashSet<VulnerableSoftware>(); final Set<VulnerableSoftware> cpe = new HashSet<>();
ResultSet rs = null; ResultSet rs = null;
try { try {
final PreparedStatement ps = getPreparedStatement(SELECT_CPE_ENTRIES); final PreparedStatement ps = getPreparedStatement(SELECT_CPE_ENTRIES);
@@ -324,13 +354,13 @@ public final class CveDB {
* data from the DB * data from the DB
*/ */
public synchronized Set<Pair<String, String>> getVendorProductList() throws DatabaseException { public synchronized Set<Pair<String, String>> getVendorProductList() throws DatabaseException {
final Set<Pair<String, String>> data = new HashSet<Pair<String, String>>(); final Set<Pair<String, String>> data = new HashSet<>();
ResultSet rs = null; ResultSet rs = null;
try { try {
final PreparedStatement ps = getPreparedStatement(SELECT_VENDOR_PRODUCT_LIST); final PreparedStatement ps = getPreparedStatement(SELECT_VENDOR_PRODUCT_LIST);
rs = ps.executeQuery(); rs = ps.executeQuery();
while (rs.next()) { while (rs.next()) {
data.add(new Pair<String, String>(rs.getString(1), rs.getString(2))); data.add(new Pair<>(rs.getString(1), rs.getString(2)));
} }
} catch (SQLException ex) { } catch (SQLException ex) {
final String msg = "An unexpected SQL Exception occurred; please see the verbose log for more details."; final String msg = "An unexpected SQL Exception occurred; please see the verbose log for more details.";
@@ -410,7 +440,7 @@ public final class CveDB {
LOGGER.trace("", ex); LOGGER.trace("", ex);
} }
final DependencyVersion detectedVersion = parseDependencyVersion(cpe); final DependencyVersion detectedVersion = parseDependencyVersion(cpe);
final List<Vulnerability> vulnerabilities = new ArrayList<Vulnerability>(); final List<Vulnerability> vulnerabilities = new ArrayList<>();
ResultSet rs = null; ResultSet rs = null;
try { try {
@@ -420,7 +450,7 @@ public final class CveDB {
rs = ps.executeQuery(); rs = ps.executeQuery();
String currentCVE = ""; String currentCVE = "";
final Map<String, Boolean> vulnSoftware = new HashMap<String, Boolean>(); final Map<String, Boolean> vulnSoftware = new HashMap<>();
while (rs.next()) { while (rs.next()) {
final String cveId = rs.getString(1); final String cveId = rs.getString(1);
if (!currentCVE.equals(cveId)) { //check for match and add if (!currentCVE.equals(cveId)) { //check for match and add

88
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/BaseUpdater.java
View File

@@ -1,88 +0,0 @@
/*
* This file is part of dependency-check-core.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright (c) 2015 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.update;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
import org.owasp.dependencycheck.data.update.exception.UpdateException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
*
* @author Jeremy Long
*/
public abstract class BaseUpdater {
/**
* Static logger.
*/
private static final Logger LOGGER = LoggerFactory.getLogger(BaseUpdater.class);
/**
* Information about the timestamps and URLs for data that needs to be updated.
*/
private DatabaseProperties properties;
/**
* Reference to the Cve Database.
*/
private CveDB cveDB = null;
protected CveDB getCveDB() {
return cveDB;
}
protected DatabaseProperties getProperties() {
return properties;
}
/**
* Closes the CVE and CPE data stores.
*/
protected void closeDataStores() {
if (cveDB != null) {
try {
cveDB.close();
cveDB = null;
properties = null;
} catch (Throwable ignore) {
LOGGER.trace("Error closing the database", ignore);
}
}
}
/**
* Opens the data store.
*
* @throws UpdateException thrown if a data store cannot be opened
*/
protected final void openDataStores() throws UpdateException {
if (cveDB != null) {
return;
}
try {
cveDB = new CveDB();
cveDB.open();
properties = cveDB.getDatabaseProperties();
} catch (DatabaseException ex) {
closeDataStores();
LOGGER.debug("Database Exception opening databases", ex);
throw new UpdateException("Error updating the database, please see the log file for more details.");
}
}
}

212
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CpeUpdater.java
View File

@@ -53,110 +53,110 @@ import org.xml.sax.SAXException;
* @author Jeremy Long * @author Jeremy Long
*/ */
@Deprecated @Deprecated
public class CpeUpdater extends BaseUpdater implements CachedWebDataSource { public class CpeUpdater { //extends BaseUpdater implements CachedWebDataSource {
//
/** // /**
* Static logger. // * Static logger.
*/ // */
private static final Logger LOGGER = LoggerFactory.getLogger(CpeUpdater.class); // private static final Logger LOGGER = LoggerFactory.getLogger(CpeUpdater.class);
//
@Override // @Override
public void update() throws UpdateException { // public void update() throws UpdateException {
/* // /*
//the following could be used if this were ever used. // //the following could be used if this were ever used.
try { // try {
if (!Settings.getBoolean(Settings.KEYS.UPDATE_NVDCVE_ENABLED, true)) { // if (!Settings.getBoolean(Settings.KEYS.UPDATE_NVDCVE_ENABLED, true)) {
return; // return;
} // }
} catch (InvalidSettingException ex) { // } catch (InvalidSettingException ex) {
LOGGER.trace("inavlid setting UPDATE_NVDCVE_ENABLED", ex); // LOGGER.trace("inavlid setting UPDATE_NVDCVE_ENABLED", ex);
} // }
*/ // */
//
try { // try {
openDataStores(); // openDataStores();
if (updateNeeded()) { // if (updateNeeded()) {
LOGGER.info("Updating the Common Platform Enumeration (CPE)"); // LOGGER.info("Updating the Common Platform Enumeration (CPE)");
final File xml = downloadCpe(); // final File xml = downloadCpe();
final List<Cpe> cpes = processXML(xml); // final List<Cpe> cpes = processXML(xml);
getCveDB().deleteUnusedCpe(); // getCveDB().deleteUnusedCpe();
for (Cpe cpe : cpes) { // for (Cpe cpe : cpes) {
getCveDB().addCpe(cpe.getValue(), cpe.getVendor(), cpe.getProduct()); // getCveDB().addCpe(cpe.getValue(), cpe.getVendor(), cpe.getProduct());
} // }
final long now = System.currentTimeMillis(); // final long now = System.currentTimeMillis();
getProperties().save(LAST_CPE_UPDATE, Long.toString(now)); // getProperties().save(LAST_CPE_UPDATE, Long.toString(now));
LOGGER.info("CPE update complete"); // LOGGER.info("CPE update complete");
} // }
} finally { // } finally {
closeDataStores(); // closeDataStores();
} // }
} // }
//
/** // /**
* Downloads the CPE XML file. // * Downloads the CPE XML file.
* // *
* @return the file reference to the CPE.xml file // * @return the file reference to the CPE.xml file
* @throws UpdateException thrown if there is an issue downloading the XML // * @throws UpdateException thrown if there is an issue downloading the XML
* file // * file
*/ // */
private File downloadCpe() throws UpdateException { // private File downloadCpe() throws UpdateException {
File xml; // File xml;
final URL url; // final URL url;
try { // try {
url = new URL(Settings.getString(Settings.KEYS.CPE_URL)); // url = new URL(Settings.getString(Settings.KEYS.CPE_URL));
xml = File.createTempFile("cpe", ".xml", Settings.getTempDirectory()); // xml = File.createTempFile("cpe", ".xml", Settings.getTempDirectory());
Downloader.fetchFile(url, xml); // Downloader.fetchFile(url, xml);
if (url.toExternalForm().endsWith(".xml.gz")) { // if (url.toExternalForm().endsWith(".xml.gz")) {
ExtractionUtil.extractGzip(xml); // ExtractionUtil.extractGzip(xml);
} // }
//
} catch (MalformedURLException ex) { // } catch (MalformedURLException ex) {
throw new UpdateException("Invalid CPE URL", ex); // throw new UpdateException("Invalid CPE URL", ex);
} catch (DownloadFailedException ex) { // } catch (DownloadFailedException ex) {
throw new UpdateException("Unable to download CPE XML file", ex); // throw new UpdateException("Unable to download CPE XML file", ex);
} catch (IOException ex) { // } catch (IOException ex) {
throw new UpdateException("Unable to create temporary file to download CPE", ex); // throw new UpdateException("Unable to create temporary file to download CPE", ex);
} // }
return xml; // return xml;
} // }
//
/** // /**
* Parses the CPE XML file to return a list of CPE entries. // * Parses the CPE XML file to return a list of CPE entries.
* // *
* @param xml the CPE data file // * @param xml the CPE data file
* @return the list of CPE entries // * @return the list of CPE entries
* @throws UpdateException thrown if there is an issue with parsing the XML // * @throws UpdateException thrown if there is an issue with parsing the XML
* file // * file
*/ // */
private List<Cpe> processXML(final File xml) throws UpdateException { // private List<Cpe> processXML(final File xml) throws UpdateException {
try { // try {
final SAXParser saxParser = XmlUtils.buildSecureSaxParser(); // final SAXParser saxParser = XmlUtils.buildSecureSaxParser();
final CPEHandler handler = new CPEHandler(); // final CPEHandler handler = new CPEHandler();
saxParser.parse(xml, handler); // saxParser.parse(xml, handler);
return handler.getData(); // return handler.getData();
} catch (ParserConfigurationException ex) { // } catch (ParserConfigurationException ex) {
throw new UpdateException("Unable to parse CPE XML file due to SAX Parser Issue", ex); // throw new UpdateException("Unable to parse CPE XML file due to SAX Parser Issue", ex);
} catch (SAXException ex) { // } catch (SAXException ex) {
throw new UpdateException("Unable to parse CPE XML file due to SAX Parser Exception", ex); // throw new UpdateException("Unable to parse CPE XML file due to SAX Parser Exception", ex);
} catch (IOException ex) { // } catch (IOException ex) {
throw new UpdateException("Unable to parse CPE XML file due to IO Failure", ex); // throw new UpdateException("Unable to parse CPE XML file due to IO Failure", ex);
} // }
} // }
//
/** // /**
* Checks to find the last time the CPE data was refreshed and if it needs // * Checks to find the last time the CPE data was refreshed and if it needs
* to be updated. // * to be updated.
* // *
* @return true if the CPE data should be refreshed // * @return true if the CPE data should be refreshed
*/ // */
private boolean updateNeeded() { // private boolean updateNeeded() {
final long now = System.currentTimeMillis(); // final long now = System.currentTimeMillis();
final int days = Settings.getInt(Settings.KEYS.CPE_MODIFIED_VALID_FOR_DAYS, 30); // final int days = Settings.getInt(Settings.KEYS.CPE_MODIFIED_VALID_FOR_DAYS, 30);
long timestamp = 0; // long timestamp = 0;
final String ts = getProperties().getProperty(LAST_CPE_UPDATE); // final String ts = getProperties().getProperty(LAST_CPE_UPDATE);
if (ts != null && ts.matches("^[0-9]+$")) { // if (ts != null && ts.matches("^[0-9]+$")) {
timestamp = Long.parseLong(ts); // timestamp = Long.parseLong(ts);
} // }
return !DateUtil.withinDateRange(timestamp, now, days); // return !DateUtil.withinDateRange(timestamp, now, days);
} // }
} }

37
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java
View File

@@ -57,11 +57,6 @@ public class EngineVersionCheck implements CachedWebDataSource {
* The property key indicating when the last version check occurred. * The property key indicating when the last version check occurred.
*/ */
public static final String CURRENT_ENGINE_RELEASE = "CurrentEngineRelease"; public static final String CURRENT_ENGINE_RELEASE = "CurrentEngineRelease";
/**
* Reference to the Cve Database.
*/
private CveDB cveDB = null;
/** /**
* The version retrieved from the database properties or web to check * The version retrieved from the database properties or web to check
* against. * against.
@@ -109,9 +104,8 @@ public class EngineVersionCheck implements CachedWebDataSource {
* user has not configured them to point to an internal source). * user has not configured them to point to an internal source).
*/ */
if (enabled && autoupdate && original != null && original.equals(current)) { if (enabled && autoupdate && original != null && original.equals(current)) {
openDatabase();
LOGGER.debug("Begin Engine Version Check"); LOGGER.debug("Begin Engine Version Check");
final DatabaseProperties properties = cveDB.getDatabaseProperties(); final DatabaseProperties properties = CveDB.getInstance().getDatabaseProperties();
final long lastChecked = Long.parseLong(properties.getProperty(ENGINE_VERSION_CHECKED_ON, "0")); final long lastChecked = Long.parseLong(properties.getProperty(ENGINE_VERSION_CHECKED_ON, "0"));
final long now = System.currentTimeMillis(); final long now = System.currentTimeMillis();
updateToVersion = properties.getProperty(CURRENT_ENGINE_RELEASE, ""); updateToVersion = properties.getProperty(CURRENT_ENGINE_RELEASE, "");
@@ -130,8 +124,6 @@ public class EngineVersionCheck implements CachedWebDataSource {
throw new UpdateException("Error occurred updating database properties."); throw new UpdateException("Error occurred updating database properties.");
} catch (InvalidSettingException ex) { } catch (InvalidSettingException ex) {
LOGGER.debug("Unable to determine if autoupdate is enabled", ex); LOGGER.debug("Unable to determine if autoupdate is enabled", ex);
} finally {
closeDatabase();
} }
} }
@@ -181,33 +173,6 @@ public class EngineVersionCheck implements CachedWebDataSource {
return false; return false;
} }
/**
* Opens the CVE and CPE data stores.
*
* @throws DatabaseException thrown if a data store cannot be opened
*/
protected final void openDatabase() throws DatabaseException {
if (cveDB != null) {
return;
}
cveDB = new CveDB();
cveDB.open();
}
/**
* Closes the CVE and CPE data stores.
*/
protected void closeDatabase() {
if (cveDB != null) {
try {
cveDB.close();
cveDB = null;
} catch (Throwable ignore) {
LOGGER.trace("Error closing the cveDB", ignore);
}
}
}
/** /**
* Retrieves the current released version number from the github * Retrieves the current released version number from the github
* documentation site. * documentation site.

57
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java
View File

@@ -24,6 +24,7 @@ import java.util.HashSet;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import java.net.URL; import java.net.URL;
import java.util.Properties;
import java.util.concurrent.Callable; import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException; import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService; import java.util.concurrent.ExecutorService;
@@ -53,7 +54,7 @@ import org.slf4j.LoggerFactory;
* *
* @author Jeremy Long * @author Jeremy Long
*/ */
public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource { public class NvdCveUpdater implements CachedWebDataSource {
/** /**
* The logger. * The logger.
@@ -72,10 +73,14 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
*/ */
private ExecutorService processingExecutorService = null; private ExecutorService processingExecutorService = null;
/** /**
* ExecutorService for tasks that involve blocking activities and are not very CPU-intense, e.g. downloading files. * ExecutorService for tasks that involve blocking activities and are not
* very CPU-intense, e.g. downloading files.
*/ */
private ExecutorService downloadExecutorService = null; private ExecutorService downloadExecutorService = null;
private CveDB cveDb = null;
private DatabaseProperties dbProperties = null;
/** /**
* Downloads the latest NVD CVE XML file from the web and imports it into * Downloads the latest NVD CVE XML file from the web and imports it into
* the current CVE Database. * the current CVE Database.
@@ -95,7 +100,8 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
try { try {
initializeExecutorServices(); initializeExecutorServices();
openDataStores(); cveDb = CveDB.getInstance();
dbProperties = cveDb.getDatabaseProperties();
boolean autoUpdate = true; boolean autoUpdate = true;
try { try {
autoUpdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE); autoUpdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE);
@@ -107,7 +113,7 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
if (updateable.isUpdateNeeded()) { if (updateable.isUpdateNeeded()) {
performUpdate(updateable); performUpdate(updateable);
} }
getProperties().save(DatabaseProperties.LAST_CHECKED, Long.toString(System.currentTimeMillis())); dbProperties.save(DatabaseProperties.LAST_CHECKED, Long.toString(System.currentTimeMillis()));
} }
} catch (MalformedURLException ex) { } catch (MalformedURLException ex) {
throw new UpdateException("NVD CVE properties files contain an invalid URL, unable to update the data to use the most current data.", ex); throw new UpdateException("NVD CVE properties files contain an invalid URL, unable to update the data to use the most current data.", ex);
@@ -119,9 +125,10 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
"If you are behind a proxy you may need to configure dependency-check to use the proxy."); "If you are behind a proxy you may need to configure dependency-check to use the proxy.");
} }
throw new UpdateException("Unable to download the NVD CVE data.", ex); throw new UpdateException("Unable to download the NVD CVE data.", ex);
} catch (DatabaseException ex) {
throw new UpdateException("Database Exception, unable to update the data to use the most current data.", ex);
} finally { } finally {
shutdownExecutorServices(); shutdownExecutorServices();
closeDataStores();
} }
} }
@@ -159,7 +166,7 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
if (dataExists() && 0 < validForHours) { if (dataExists() && 0 < validForHours) {
// ms Valid = valid (hours) x 60 min/hour x 60 sec/min x 1000 ms/sec // ms Valid = valid (hours) x 60 min/hour x 60 sec/min x 1000 ms/sec
final long msValid = validForHours * 60L * 60L * 1000L; final long msValid = validForHours * 60L * 60L * 1000L;
final long lastChecked = Long.parseLong(getProperties().getProperty(DatabaseProperties.LAST_CHECKED, "0")); final long lastChecked = Long.parseLong(dbProperties.getProperty(DatabaseProperties.LAST_CHECKED, "0"));
final long now = System.currentTimeMillis(); final long now = System.currentTimeMillis();
proceed = (now - lastChecked) > msValid; proceed = (now - lastChecked) > msValid;
if (!proceed) { if (!proceed) {
@@ -177,17 +184,11 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
* @return true if the database contains data * @return true if the database contains data
*/ */
private boolean dataExists() { private boolean dataExists() {
CveDB cve = null;
try { try {
cve = new CveDB(); final CveDB cve = CveDB.getInstance();
cve.open();
return cve.dataExists(); return cve.dataExists();
} catch (DatabaseException ex) { } catch (DatabaseException ex) {
return false; return false;
} finally {
if (cve != null) {
cve.close();
}
} }
} }
@@ -214,16 +215,16 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
LOGGER.info("NVD CVE requires several updates; this could take a couple of minutes."); LOGGER.info("NVD CVE requires several updates; this could take a couple of minutes.");
} }
final Set<Future<Future<ProcessTask>>> downloadFutures = new HashSet<Future<Future<ProcessTask>>>(maxUpdates); final Set<Future<Future<ProcessTask>>> downloadFutures = new HashSet<>(maxUpdates);
for (NvdCveInfo cve : updateable) { for (NvdCveInfo cve : updateable) {
if (cve.getNeedsUpdate()) { if (cve.getNeedsUpdate()) {
final DownloadTask call = new DownloadTask(cve, processingExecutorService, getCveDB(), Settings.getInstance()); final DownloadTask call = new DownloadTask(cve, processingExecutorService, cveDb, Settings.getInstance());
downloadFutures.add(downloadExecutorService.submit(call)); downloadFutures.add(downloadExecutorService.submit(call));
} }
} }
//next, move the future future processTasks to just future processTasks //next, move the future future processTasks to just future processTasks
final Set<Future<ProcessTask>> processFutures = new HashSet<Future<ProcessTask>>(maxUpdates); final Set<Future<ProcessTask>> processFutures = new HashSet<>(maxUpdates);
for (Future<Future<ProcessTask>> future : downloadFutures) { for (Future<Future<ProcessTask>> future : downloadFutures) {
Future<ProcessTask> task; Future<ProcessTask> task;
try { try {
@@ -259,9 +260,9 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
} }
if (maxUpdates >= 1) { //ensure the modified file date gets written (we may not have actually updated it) if (maxUpdates >= 1) { //ensure the modified file date gets written (we may not have actually updated it)
getProperties().save(updateable.get(MODIFIED)); dbProperties.save(updateable.get(MODIFIED));
LOGGER.info("Begin database maintenance."); LOGGER.info("Begin database maintenance.");
getCveDB().cleanupDatabase(); cveDb.cleanupDatabase();
LOGGER.info("End database maintenance."); LOGGER.info("End database maintenance.");
} }
} }
@@ -297,19 +298,19 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
if (updates == null) { if (updates == null) {
throw new DownloadFailedException("Unable to retrieve the timestamps of the currently published NVD CVE data"); throw new DownloadFailedException("Unable to retrieve the timestamps of the currently published NVD CVE data");
} }
if (!getProperties().isEmpty()) { if (dbProperties != null && !dbProperties.isEmpty()) {
try { try {
final int startYear = Settings.getInt(Settings.KEYS.CVE_START_YEAR, 2002); final int startYear = Settings.getInt(Settings.KEYS.CVE_START_YEAR, 2002);
final int endYear = Calendar.getInstance().get(Calendar.YEAR); final int endYear = Calendar.getInstance().get(Calendar.YEAR);
boolean needsFullUpdate = false; boolean needsFullUpdate = false;
for (int y = startYear; y <= endYear; y++) { for (int y = startYear; y <= endYear; y++) {
final long val = Long.parseLong(getProperties().getProperty(DatabaseProperties.LAST_UPDATED_BASE + y, "0")); final long val = Long.parseLong(dbProperties.getProperty(DatabaseProperties.LAST_UPDATED_BASE + y, "0"));
if (val == 0) { if (val == 0) {
needsFullUpdate = true; needsFullUpdate = true;
} }
} }
final long lastUpdated = Long.parseLong(getProperties().getProperty(DatabaseProperties.LAST_UPDATED, "0")); final long lastUpdated = Long.parseLong(dbProperties.getProperty(DatabaseProperties.LAST_UPDATED, "0"));
final long now = System.currentTimeMillis(); final long now = System.currentTimeMillis();
final int days = Settings.getInt(Settings.KEYS.CVE_MODIFIED_VALID_FOR_DAYS, 7); final int days = Settings.getInt(Settings.KEYS.CVE_MODIFIED_VALID_FOR_DAYS, 7);
if (!needsFullUpdate && lastUpdated == updates.getTimeStamp(MODIFIED)) { if (!needsFullUpdate && lastUpdated == updates.getTimeStamp(MODIFIED)) {
@@ -329,7 +330,7 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
} else { } else {
long currentTimestamp = 0; long currentTimestamp = 0;
try { try {
currentTimestamp = Long.parseLong(getProperties().getProperty(DatabaseProperties.LAST_UPDATED_BASE currentTimestamp = Long.parseLong(dbProperties.getProperty(DatabaseProperties.LAST_UPDATED_BASE
+ entry.getId(), "0")); + entry.getId(), "0"));
} catch (NumberFormatException ex) { } catch (NumberFormatException ex) {
LOGGER.debug("Error parsing '{}' '{}' from nvdcve.lastupdated", LOGGER.debug("Error parsing '{}' '{}' from nvdcve.lastupdated",
@@ -364,7 +365,6 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
private UpdateableNvdCve retrieveCurrentTimestampsFromWeb() private UpdateableNvdCve retrieveCurrentTimestampsFromWeb()
throws MalformedURLException, DownloadFailedException, InvalidDataException, InvalidSettingException { throws MalformedURLException, DownloadFailedException, InvalidDataException, InvalidSettingException {
final int start = Settings.getInt(Settings.KEYS.CVE_START_YEAR); final int start = Settings.getInt(Settings.KEYS.CVE_START_YEAR);
final int end = Calendar.getInstance().get(Calendar.YEAR); final int end = Calendar.getInstance().get(Calendar.YEAR);
@@ -392,16 +392,17 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
* *
* @param startYear the first year whose item to check for the timestamp * @param startYear the first year whose item to check for the timestamp
* @param endYear the last year whose item to check for the timestamp * @param endYear the last year whose item to check for the timestamp
* @return the timestamps from the currently published nvdcve downloads page * @return the timestamps from the currently published NVD CVE downloads
* page
* @throws MalformedURLException thrown if the URL for the NVD CCE Meta data * @throws MalformedURLException thrown if the URL for the NVD CCE Meta data
* is incorrect. * is incorrect.
* @throws DownloadFailedException thrown if there is an error downloading * @throws DownloadFailedException thrown if there is an error downloading
* the nvd cve meta data file * the NVD CVE meta data file
*/ */
private Map<String, Long> retrieveLastModifiedDates(int startYear, int endYear) private Map<String, Long> retrieveLastModifiedDates(int startYear, int endYear)
throws MalformedURLException, DownloadFailedException { throws MalformedURLException, DownloadFailedException {
final Set<String> urls = new HashSet<String>(); final Set<String> urls = new HashSet<>();
final String baseUrl20 = Settings.getString(Settings.KEYS.CVE_SCHEMA_2_0); final String baseUrl20 = Settings.getString(Settings.KEYS.CVE_SCHEMA_2_0);
for (int i = startYear; i <= endYear; i++) { for (int i = startYear; i <= endYear; i++) {
final String url = String.format(baseUrl20, i); final String url = String.format(baseUrl20, i);
@@ -409,14 +410,14 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
} }
urls.add(Settings.getString(Settings.KEYS.CVE_MODIFIED_20_URL)); urls.add(Settings.getString(Settings.KEYS.CVE_MODIFIED_20_URL));
final Map<String, Future<Long>> timestampFutures = new HashMap<String, Future<Long>>(); final Map<String, Future<Long>> timestampFutures = new HashMap<>();
for (String url : urls) { for (String url : urls) {
final TimestampRetriever timestampRetriever = new TimestampRetriever(url); final TimestampRetriever timestampRetriever = new TimestampRetriever(url);
final Future<Long> future = downloadExecutorService.submit(timestampRetriever); final Future<Long> future = downloadExecutorService.submit(timestampRetriever);
timestampFutures.put(url, future); timestampFutures.put(url, future);
} }
final Map<String, Long> lastModifiedDates = new HashMap<String, Long>(); final Map<String, Long> lastModifiedDates = new HashMap<>();
for (String url : urls) { for (String url : urls) {
final Future<Long> timestampFuture = timestampFutures.get(url); final Future<Long> timestampFuture = timestampFutures.get(url);
final long timestamp; final long timestamp;

16
dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseDBTestCase.java
View File

@@ -24,7 +24,10 @@ import java.io.FileInputStream;
import java.io.FileOutputStream; import java.io.FileOutputStream;
import java.util.zip.ZipEntry; import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream; import java.util.zip.ZipInputStream;
import org.junit.AfterClass;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@@ -41,9 +44,18 @@ public abstract class BaseDBTestCase extends BaseTest {
private final static Logger LOGGER = LoggerFactory.getLogger(BaseDBTestCase.class); private final static Logger LOGGER = LoggerFactory.getLogger(BaseDBTestCase.class);
// @BeforeClass
// public static void setUpClass() throws Exception {
// BaseTest.setUpClass();
// }
@Before @Before
public void setUp() throws Exception { public void setUpDb() throws Exception {
ensureDBExists(); ensureDBExists();
}
@AfterClass
public static void tearDownClass() throws Exception {
CveDB.getInstance().closeDatabase();
} }
public static void ensureDBExists() throws Exception { public static void ensureDBExists() throws Exception {

4
dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineIntegrationTest.java
View File

@@ -71,10 +71,8 @@ public class EngineIntegrationTest extends BaseDBTestCase {
throw ex; throw ex;
} }
} }
CveDB cveDB = new CveDB(); CveDB cveDB = CveDB.getInstance();
cveDB.open();
DatabaseProperties dbProp = cveDB.getDatabaseProperties(); DatabaseProperties dbProp = cveDB.getDatabaseProperties();
cveDB.close();
ReportGenerator rg = new ReportGenerator("DependencyCheck", instance.getDependencies(), instance.getAnalyzers(), dbProp); ReportGenerator rg = new ReportGenerator("DependencyCheck", instance.getDependencies(), instance.getAnalyzers(), dbProp);
rg.generateReports("./target/", "ALL"); rg.generateReports("./target/", "ALL");
instance.cleanup(); instance.cleanup();

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java
View File

@@ -60,10 +60,8 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
* *
* @throws Exception if there is a problem * @throws Exception if there is a problem
*/ */
@Override
@Before @Before
public void setUp() throws Exception { public void setUp() throws Exception {
super.setUp();
analyzer = new CMakeAnalyzer(); analyzer = new CMakeAnalyzer();
analyzer.setFilesMatched(true); analyzer.setFilesMatched(true);
analyzer.initialize(); analyzer.initialize();

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzerTest.java
View File

@@ -54,10 +54,8 @@ public class ComposerLockAnalyzerTest extends BaseDBTestCase {
* *
* @throws Exception thrown if there is a problem * @throws Exception thrown if there is a problem
*/ */
@Override
@Before @Before
public void setUp() throws Exception { public void setUp() throws Exception {
super.setUp();
analyzer = new ComposerLockAnalyzer(); analyzer = new ComposerLockAnalyzer();
analyzer.setFilesMatched(true); analyzer.setFilesMatched(true);
analyzer.initialize(); analyzer.initialize();

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java
View File

@@ -65,10 +65,8 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
* *
* @throws Exception thrown if there is a problem * @throws Exception thrown if there is a problem
*/ */
@Override
@Before @Before
public void setUp() throws Exception { public void setUp() throws Exception {
super.setUp();
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false); Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false); Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);

178
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/CveDBIntegrationTest.java
View File

@@ -47,15 +47,10 @@ public class CveDBIntegrationTest extends BaseDBTestCase {
public void testOpen() { public void testOpen() {
CveDB instance = null; CveDB instance = null;
try { try {
instance = new CveDB(); instance = CveDB.getInstance();
instance.open();
instance.commit(); instance.commit();
} catch (DatabaseException | SQLException ex) { } catch (DatabaseException | SQLException ex) {
fail(ex.getMessage()); fail(ex.getMessage());
} finally {
if (instance != null) {
instance.close();
}
} }
} }
@@ -64,19 +59,11 @@ public class CveDBIntegrationTest extends BaseDBTestCase {
*/ */
@Test @Test
public void testGetCPEs() throws Exception { public void testGetCPEs() throws Exception {
CveDB instance = null; CveDB instance = CveDB.getInstance();
try { String vendor = "apache";
instance = new CveDB(); String product = "struts";
String vendor = "apache"; Set<VulnerableSoftware> result = instance.getCPEs(vendor, product);
String product = "struts"; assertTrue(result.size() > 5);
instance.open();
Set<VulnerableSoftware> result = instance.getCPEs(vendor, product);
assertTrue(result.size() > 5);
} finally {
if (instance != null) {
instance.close();
}
}
} }
/** /**
@@ -84,18 +71,9 @@ public class CveDBIntegrationTest extends BaseDBTestCase {
*/ */
@Test @Test
public void testgetVulnerability() throws Exception { public void testgetVulnerability() throws Exception {
CveDB instance = null; CveDB instance = CveDB.getInstance();
try { Vulnerability result = instance.getVulnerability("CVE-2014-0094");
instance = new CveDB(); assertEquals("The ParametersInterceptor in Apache Struts before 2.3.16.1 allows remote attackers to \"manipulate\" the ClassLoader via the class parameter, which is passed to the getClass method.", result.getDescription());
instance.open();
Vulnerability result = instance.getVulnerability("CVE-2014-0094");
assertEquals("The ParametersInterceptor in Apache Struts before 2.3.16.1 allows remote attackers to \"manipulate\" the ClassLoader via the class parameter, which is passed to the getClass method.", result.getDescription());
} finally {
if (instance != null) {
instance.close();
}
}
} }
/** /**
@@ -104,42 +82,34 @@ public class CveDBIntegrationTest extends BaseDBTestCase {
@Test @Test
public void testGetVulnerabilities() throws Exception { public void testGetVulnerabilities() throws Exception {
String cpeStr = "cpe:/a:apache:struts:2.1.2"; String cpeStr = "cpe:/a:apache:struts:2.1.2";
CveDB instance = null; CveDB instance = CveDB.getInstance();
List<Vulnerability> results; List<Vulnerability> results;
try {
instance = new CveDB();
instance.open();
results = instance.getVulnerabilities(cpeStr);
assertTrue(results.size() > 5);
cpeStr = "cpe:/a:jruby:jruby:1.6.3";
results = instance.getVulnerabilities(cpeStr);
assertTrue(results.size() > 1);
boolean found = false; results = instance.getVulnerabilities(cpeStr);
String expected = "CVE-2011-4838"; assertTrue(results.size() > 5);
for (Vulnerability v : results) { cpeStr = "cpe:/a:jruby:jruby:1.6.3";
if (expected.equals(v.getName())) { results = instance.getVulnerabilities(cpeStr);
found = true; assertTrue(results.size() > 1);
break;
}
}
assertTrue("Expected " + expected + ", but was not identified", found);
found = false; boolean found = false;
expected = "CVE-2012-5370"; String expected = "CVE-2011-4838";
for (Vulnerability v : results) { for (Vulnerability v : results) {
if (expected.equals(v.getName())) { if (expected.equals(v.getName())) {
found = true; found = true;
break; break;
}
}
assertTrue("Expected " + expected + ", but was not identified", found);
} finally {
if (instance != null) {
instance.close();
} }
} }
assertTrue("Expected " + expected + ", but was not identified", found);
found = false;
expected = "CVE-2012-5370";
for (Vulnerability v : results) {
if (expected.equals(v.getName())) {
found = true;
break;
}
}
assertTrue("Expected " + expected + ", but was not identified", found);
} }
/** /**
@@ -147,61 +117,53 @@ public class CveDBIntegrationTest extends BaseDBTestCase {
*/ */
@Test @Test
public void testGetMatchingSoftware() throws Exception { public void testGetMatchingSoftware() throws Exception {
CveDB instance = null; CveDB instance = CveDB.getInstance();
Map<String, Boolean> versions = new HashMap<String, Boolean>(); Map<String, Boolean> versions = new HashMap<>();
DependencyVersion identifiedVersion = new DependencyVersion("1.0.1o"); DependencyVersion identifiedVersion = new DependencyVersion("1.0.1o");
versions.put("cpe:/a:openssl:openssl:1.0.1e", Boolean.FALSE); versions.put("cpe:/a:openssl:openssl:1.0.1e", Boolean.FALSE);
try { Entry<String, Boolean> results = instance.getMatchingSoftware(versions, "openssl", "openssl", identifiedVersion);
instance = new CveDB(); assertNull(results);
Entry<String, Boolean> results = instance.getMatchingSoftware(versions, "openssl", "openssl", identifiedVersion); versions.put("cpe:/a:openssl:openssl:1.0.1p", Boolean.FALSE);
assertNull(results); results = instance.getMatchingSoftware(versions, "openssl", "openssl", identifiedVersion);
versions.put("cpe:/a:openssl:openssl:1.0.1p", Boolean.FALSE); assertNull(results);
results = instance.getMatchingSoftware(versions, "openssl", "openssl", identifiedVersion);
assertNull(results);
versions.put("cpe:/a:openssl:openssl:1.0.1q", Boolean.TRUE); versions.put("cpe:/a:openssl:openssl:1.0.1q", Boolean.TRUE);
results = instance.getMatchingSoftware(versions, "openssl", "openssl", identifiedVersion); results = instance.getMatchingSoftware(versions, "openssl", "openssl", identifiedVersion);
assertNotNull(results); assertNotNull(results);
assertEquals("cpe:/a:openssl:openssl:1.0.1q", results.getKey()); assertEquals("cpe:/a:openssl:openssl:1.0.1q", results.getKey());
versions.clear(); versions.clear();
versions.put("cpe:/a:springsource:spring_framework:3.2.5", Boolean.FALSE); versions.put("cpe:/a:springsource:spring_framework:3.2.5", Boolean.FALSE);
versions.put("cpe:/a:springsource:spring_framework:3.2.6", Boolean.FALSE); versions.put("cpe:/a:springsource:spring_framework:3.2.6", Boolean.FALSE);
versions.put("cpe:/a:springsource:spring_framework:3.2.7", Boolean.TRUE); versions.put("cpe:/a:springsource:spring_framework:3.2.7", Boolean.TRUE);
versions.put("cpe:/a:springsource:spring_framework:4.0.1", Boolean.TRUE); versions.put("cpe:/a:springsource:spring_framework:4.0.1", Boolean.TRUE);
versions.put("cpe:/a:springsource:spring_framework:4.0.0:m1", Boolean.FALSE); versions.put("cpe:/a:springsource:spring_framework:4.0.0:m1", Boolean.FALSE);
versions.put("cpe:/a:springsource:spring_framework:4.0.0:m2", Boolean.FALSE); versions.put("cpe:/a:springsource:spring_framework:4.0.0:m2", Boolean.FALSE);
versions.put("cpe:/a:springsource:spring_framework:4.0.0:rc1", Boolean.FALSE); versions.put("cpe:/a:springsource:spring_framework:4.0.0:rc1", Boolean.FALSE);
identifiedVersion = new DependencyVersion("3.2.2"); identifiedVersion = new DependencyVersion("3.2.2");
results = instance.getMatchingSoftware(versions, "springsource", "spring_framework", identifiedVersion); results = instance.getMatchingSoftware(versions, "springsource", "spring_framework", identifiedVersion);
assertEquals("cpe:/a:springsource:spring_framework:3.2.7", results.getKey()); assertEquals("cpe:/a:springsource:spring_framework:3.2.7", results.getKey());
assertTrue(results.getValue()); assertTrue(results.getValue());
identifiedVersion = new DependencyVersion("3.2.12"); identifiedVersion = new DependencyVersion("3.2.12");
results = instance.getMatchingSoftware(versions, "springsource", "spring_framework", identifiedVersion); results = instance.getMatchingSoftware(versions, "springsource", "spring_framework", identifiedVersion);
assertNull(results); assertNull(results);
identifiedVersion = new DependencyVersion("4.0.0"); identifiedVersion = new DependencyVersion("4.0.0");
results = instance.getMatchingSoftware(versions, "springsource", "spring_framework", identifiedVersion); results = instance.getMatchingSoftware(versions, "springsource", "spring_framework", identifiedVersion);
assertEquals("cpe:/a:springsource:spring_framework:4.0.1", results.getKey()); assertEquals("cpe:/a:springsource:spring_framework:4.0.1", results.getKey());
assertTrue(results.getValue()); assertTrue(results.getValue());
identifiedVersion = new DependencyVersion("4.1.0"); identifiedVersion = new DependencyVersion("4.1.0");
results = instance.getMatchingSoftware(versions, "springsource", "spring_framework", identifiedVersion); results = instance.getMatchingSoftware(versions, "springsource", "spring_framework", identifiedVersion);
assertNull(results); assertNull(results);
versions.clear(); versions.clear();
versions.put("cpe:/a:jruby:jruby:-", Boolean.FALSE); versions.put("cpe:/a:jruby:jruby:-", Boolean.FALSE);
identifiedVersion = new DependencyVersion("1.6.3"); identifiedVersion = new DependencyVersion("1.6.3");
results = instance.getMatchingSoftware(versions, "springsource", "spring_framework", identifiedVersion); results = instance.getMatchingSoftware(versions, "springsource", "spring_framework", identifiedVersion);
assertNotNull(results); assertNotNull(results);
} finally {
if (instance != null) {
instance.close();
}
}
} }
} }

18
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/CveDBMySQLTest.java
View File

@@ -40,9 +40,7 @@ public class CveDBMySQLTest extends BaseTest {
@Test @Test
public void testOpen() { public void testOpen() {
try { try {
CveDB instance = new CveDB(); CveDB instance = CveDB.getInstance();
instance.open();
instance.close();
} catch (DatabaseException ex) { } catch (DatabaseException ex) {
System.out.println("Unable to connect to the My SQL database; verify that the db server is running and that the schema has been generated"); System.out.println("Unable to connect to the My SQL database; verify that the db server is running and that the schema has been generated");
fail(ex.getMessage()); fail(ex.getMessage());
@@ -54,18 +52,15 @@ public class CveDBMySQLTest extends BaseTest {
*/ */
@Test @Test
public void testGetCPEs() throws Exception { public void testGetCPEs() throws Exception {
CveDB instance = new CveDB(); CveDB instance = CveDB.getInstance();
try { try {
String vendor = "apache"; String vendor = "apache";
String product = "struts"; String product = "struts";
instance.open();
Set<VulnerableSoftware> result = instance.getCPEs(vendor, product); Set<VulnerableSoftware> result = instance.getCPEs(vendor, product);
assertTrue("Has data been loaded into the MySQL DB? if not consider using the CLI to populate it", result.size() > 5); assertTrue("Has data been loaded into the MySQL DB? if not consider using the CLI to populate it", result.size() > 5);
} catch (Exception ex) { } catch (Exception ex) {
System.out.println("Unable to access the My SQL database; verify that the db server is running and that the schema has been generated"); System.out.println("Unable to access the My SQL database; verify that the db server is running and that the schema has been generated");
throw ex; throw ex;
} finally {
instance.close();
} }
} }
@@ -75,16 +70,13 @@ public class CveDBMySQLTest extends BaseTest {
@Test @Test
public void testGetVulnerabilities() throws Exception { public void testGetVulnerabilities() throws Exception {
String cpeStr = "cpe:/a:apache:struts:2.1.2"; String cpeStr = "cpe:/a:apache:struts:2.1.2";
CveDB instance = new CveDB(); CveDB instance = CveDB.getInstance();
try { try {
instance.open();
List<Vulnerability> result = instance.getVulnerabilities(cpeStr); List<Vulnerability> result = instance.getVulnerabilities(cpeStr);
assertTrue(result.size() > 5); assertTrue(result.size() > 5);
} catch (Exception ex) { } catch (Exception ex) {
System.out.println("Unable to access the My SQL database; verify that the db server is running and that the schema has been generated"); System.out.println("Unable to access the My SQL database; verify that the db server is running and that the schema has been generated");
throw ex; throw ex;
} finally { }
instance.close();
}
} }
} }

96
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DatabasePropertiesIntegrationTest.java
View File

@@ -36,19 +36,11 @@ public class DatabasePropertiesIntegrationTest extends BaseDBTestCase {
*/ */
@Test @Test
public void testIsEmpty() throws Exception { public void testIsEmpty() throws Exception {
CveDB cveDB = null; CveDB cveDB = CveDB.getInstance();
try { DatabaseProperties instance = cveDB.getDatabaseProperties();
cveDB = new CveDB(); assertNotNull(instance);
cveDB.open(); //no exception means the call worked... whether or not it is empty depends on if the db is new
DatabaseProperties instance = cveDB.getDatabaseProperties(); //assertEquals(expResult, result);
assertNotNull(instance);
//no exception means the call worked... whether or not it is empty depends on if the db is new
//assertEquals(expResult, result);
} finally {
if (cveDB != null) {
cveDB.close();
}
}
} }
/** /**
@@ -61,24 +53,12 @@ public class DatabasePropertiesIntegrationTest extends BaseDBTestCase {
long expected = 1337; long expected = 1337;
updatedValue.setId(key); updatedValue.setId(key);
updatedValue.setTimestamp(expected); updatedValue.setTimestamp(expected);
CveDB cveDB = null; CveDB cveDB = CveDB.getInstance();
try { DatabaseProperties instance = cveDB.getDatabaseProperties();
cveDB = new CveDB(); instance.save(updatedValue);
cveDB.open(); instance = cveDB.reloadProperties();
DatabaseProperties instance = cveDB.getDatabaseProperties(); long results = Long.parseLong(instance.getProperty("NVD CVE " + key));
instance.save(updatedValue); assertEquals(expected, results);
//reload the properties
cveDB.close();
cveDB = new CveDB();
cveDB.open();
instance = cveDB.getDatabaseProperties();
long results = Long.parseLong(instance.getProperty("NVD CVE " + key));
assertEquals(expected, results);
} finally {
if (cveDB != null) {
cveDB.close();
}
}
} }
/** /**
@@ -88,19 +68,11 @@ public class DatabasePropertiesIntegrationTest extends BaseDBTestCase {
public void testGetProperty_String_String() throws Exception { public void testGetProperty_String_String() throws Exception {
String key = "doesn't exist"; String key = "doesn't exist";
String defaultValue = "default"; String defaultValue = "default";
CveDB cveDB = null; CveDB cveDB = CveDB.getInstance();
try { DatabaseProperties instance = cveDB.getDatabaseProperties();
cveDB = new CveDB(); String expResult = "default";
cveDB.open(); String result = instance.getProperty(key, defaultValue);
DatabaseProperties instance = cveDB.getDatabaseProperties(); assertEquals(expResult, result);
String expResult = "default";
String result = instance.getProperty(key, defaultValue);
assertEquals(expResult, result);
} finally {
if (cveDB != null) {
cveDB.close();
}
}
} }
/** /**
@@ -109,20 +81,12 @@ public class DatabasePropertiesIntegrationTest extends BaseDBTestCase {
@Test @Test
public void testGetProperty_String() throws DatabaseException { public void testGetProperty_String() throws DatabaseException {
String key = "version"; String key = "version";
CveDB cveDB = null; CveDB cveDB = CveDB.getInstance();
try { DatabaseProperties instance = cveDB.getDatabaseProperties();
cveDB = new CveDB(); String result = instance.getProperty(key);
cveDB.open(); double version = Double.parseDouble(result);
DatabaseProperties instance = cveDB.getDatabaseProperties(); assertTrue(version >= 2.8);
String result = instance.getProperty(key); assertTrue(version <= 10);
double version = Double.parseDouble(result);
assertTrue(version >= 2.8);
assertTrue(version <= 10);
} finally {
if (cveDB != null) {
cveDB.close();
}
}
} }
/** /**
@@ -130,17 +94,9 @@ public class DatabasePropertiesIntegrationTest extends BaseDBTestCase {
*/ */
@Test @Test
public void testGetProperties() throws DatabaseException { public void testGetProperties() throws DatabaseException {
CveDB cveDB = null; CveDB cveDB = CveDB.getInstance();
try { DatabaseProperties instance = cveDB.getDatabaseProperties();
cveDB = new CveDB(); Properties result = instance.getProperties();
cveDB.open(); assertTrue(result.size() > 0);
DatabaseProperties instance = cveDB.getDatabaseProperties();
Properties result = instance.getProperties();
assertTrue(result.size() > 0);
} finally {
if (cveDB != null) {
cveDB.close();
}
}
} }
} }

108
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/BaseUpdaterTest.java
View File

@@ -1,108 +0,0 @@
/*
* This file is part of dependency-check-core.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright (c) 2015 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.update;
import org.junit.Test;
import org.owasp.dependencycheck.BaseDBTestCase;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
import org.owasp.dependencycheck.data.update.exception.UpdateException;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
/**
*
* @author Jeremy Long
*/
public class BaseUpdaterTest extends BaseDBTestCase {
/**
* Test of getCveDB method, of class BaseUpdater.
*/
@Test
public void testGetCveDB() {
BaseUpdater instance = new BaseUpdaterImpl();
CveDB expResult = null;
CveDB result = instance.getCveDB();
assertEquals(expResult, result);
}
/**
* Test of getProperties method, of class BaseUpdater.
*
* @throws org.owasp.dependencycheck.data.update.exception.UpdateException
* thrown if there is an error getting the properties
*/
@Test
public void testGetProperties() throws UpdateException {
BaseUpdater instance = null;
try {
instance = new BaseUpdaterImpl();
instance.openDataStores();
DatabaseProperties result = instance.getProperties();
assertTrue(result.getProperties().keySet().size() > 1);
} finally {
if (instance != null) {
instance.closeDataStores();
}
}
}
/**
* Test of closeDataStores method, of class BaseUpdater.
*/
@Test
public void testCloseDataStores() {
BaseUpdater instance = null;
try {
instance = new BaseUpdaterImpl();
instance.openDataStores();
} catch (UpdateException ex) {
fail(ex.getMessage());
} finally {
if (instance != null) {
instance.closeDataStores();
}
}
}
/**
* Test of openDataStores method, of class BaseUpdater.
*/
@Test
public void testOpenDataStores() {
BaseUpdater instance = null;
try {
instance = new BaseUpdaterImpl();
instance.openDataStores();
} catch (UpdateException ex) {
fail(ex.getMessage());
} finally {
if (instance != null) {
instance.closeDataStores();
}
}
}
public class BaseUpdaterImpl extends BaseUpdater {
}
}

40
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/CpeUpdaterIntegrationTest.java
View File

@@ -1,40 +0,0 @@
/*
* This file is part of dependency-check-core.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright (c) 2015 The OWASP Foundatio. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.update;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
/**
*
* @author jeremy
*/
public class CpeUpdaterIntegrationTest extends BaseTest {
/**
* Test of update method, of class CpeUpdater.
*/
@Test
public void testUpdate() throws Exception {
//commented out as the current code base does not utilize the CpeU[pdater.
// CpeUpdater instance = new CpeUpdater();
// instance.update();
}
}

12
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/NvdCveUpdaterIntegrationTest.java
View File

@@ -21,6 +21,7 @@ import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail; import static org.junit.Assert.fail;
import org.junit.Test; import org.junit.Test;
import org.owasp.dependencycheck.BaseTest; import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.update.exception.UpdateException; import org.owasp.dependencycheck.data.update.exception.UpdateException;
import org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve; import org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve;
@@ -28,7 +29,7 @@ import org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve;
* *
* @author Jeremy Long * @author Jeremy Long
*/ */
public class NvdCveUpdaterIntegrationTest extends BaseTest { public class NvdCveUpdaterIntegrationTest extends BaseTest {
public NvdCveUpdater getUpdater() { public NvdCveUpdater getUpdater() {
NvdCveUpdater instance = new NvdCveUpdater(); NvdCveUpdater instance = new NvdCveUpdater();
@@ -55,12 +56,7 @@ import org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve;
@Test @Test
public void testUpdatesNeeded() throws Exception { public void testUpdatesNeeded() throws Exception {
NvdCveUpdater instance = getUpdater(); NvdCveUpdater instance = getUpdater();
try { UpdateableNvdCve result = instance.getUpdatesNeeded();
instance.openDataStores(); assertNotNull(result);
UpdateableNvdCve result = instance.getUpdatesNeeded();
assertNotNull(result);
} finally {
instance.closeDataStores();
}
} }
} }

4
dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorIntegrationTest.java
View File

@@ -144,10 +144,8 @@ public class ReportGeneratorIntegrationTest extends BaseDBTestCase {
engine.scan(jetty); engine.scan(jetty);
engine.analyzeDependencies(); engine.analyzeDependencies();
CveDB cveDB = new CveDB(); CveDB cveDB = CveDB.getInstance();
cveDB.open();
DatabaseProperties dbProp = cveDB.getDatabaseProperties(); DatabaseProperties dbProp = cveDB.getDatabaseProperties();
cveDB.close();
ReportGenerator generator = new ReportGenerator("Test Report", engine.getDependencies(), engine.getAnalyzers(), dbProp); ReportGenerator generator = new ReportGenerator("Test Report", engine.getDependencies(), engine.getAnalyzers(), dbProp);
generator.generateReport(templateName, writeTo); generator.generateReport(templateName, writeTo);

9
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
View File

@@ -1029,19 +1029,14 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
*/ */
protected void writeReports(Engine engine, MavenProject p, File outputDir) throws ReportException { protected void writeReports(Engine engine, MavenProject p, File outputDir) throws ReportException {
DatabaseProperties prop = null; DatabaseProperties prop = null;
CveDB cve = null;
try { try {
cve = new CveDB(); final CveDB cve = CveDB.getInstance();
cve.open();
prop = cve.getDatabaseProperties(); prop = cve.getDatabaseProperties();
} catch (DatabaseException ex) { } catch (DatabaseException ex) {
//TODO shouldn't this throw an exception?
if (getLog().isDebugEnabled()) { if (getLog().isDebugEnabled()) {
getLog().debug("Unable to retrieve DB Properties", ex); getLog().debug("Unable to retrieve DB Properties", ex);
} }
} finally {
if (cve != null) {
cve.close();
}
} }
final ReportGenerator r = new ReportGenerator(p.getName(), engine.getDependencies(), engine.getAnalyzers(), prop); final ReportGenerator r = new ReportGenerator(p.getName(), engine.getDependencies(), engine.getAnalyzers(), prop);
try { try {