github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 07:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated to utilize the ConnectionFactory

Browse Source 
Former-commit-id: 0fc86441610efd54905864a6e64b57d35e86b86b
This commit is contained in:
Jeremy Long
2014-01-11 12:36:58 -05:00
parent 97f1ff02a0
commit 712a076be8
1 changed files with 15 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

120
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
View File

@@ -18,14 +18,8 @@
*/
package org.owasp.dependencycheck.data.nvdcve;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
@@ -45,7 +39,6 @@ import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
import org.owasp.dependencycheck.utils.DependencyVersion;
import org.owasp.dependencycheck.utils.DependencyVersionUtil;
import org.owasp.dependencycheck.utils.Settings;
/**
* The database holding information about the NVD CVE data.
@@ -54,14 +47,6 @@ import org.owasp.dependencycheck.utils.Settings;
*/
public class CveDB {
/**
* Resource location for SQL file used to create the database schema.
*/
public static final String DB_STRUCTURE_RESOURCE = "data/initialize.sql";
/**
* The version of the current DB Schema.
*/
public static final String DB_SCHEMA_VERSION = "2.8";
/**
* Database connection
*/
@@ -79,18 +64,8 @@ public class CveDB {
try {
open();
databaseProperties = new DatabaseProperties(this);
} catch (IOException ex) {
Logger.getLogger(CveDB.class.getName()).log(Level.FINE, null, ex);
throw new DatabaseException(ex);
} catch (SQLException ex) {
Logger.getLogger(CveDB.class.getName()).log(Level.FINE, null, ex);
throw new DatabaseException(ex);
} catch (DatabaseException ex) {
Logger.getLogger(CveDB.class.getName()).log(Level.FINE, null, ex);
throw new DatabaseException(ex);
} catch (ClassNotFoundException ex) {
Logger.getLogger(CveDB.class.getName()).log(Level.FINE, null, ex);
throw new DatabaseException(ex);
throw ex;
}
}
@@ -107,27 +82,11 @@ public class CveDB {
* Opens the database connection. If the database does not exist, it will
* create a new one.
*
* @throws IOException thrown if there is an IO Exception
* @throws SQLException thrown if there is a SQL Exception
* @throws DatabaseException thrown if there is an error initializing a new
* database
* @throws ClassNotFoundException thrown if the h2 database driver cannot be
* loaded
* @throws DatabaseException thrown if there is an error opening the
* database connection
*/
@edu.umd.cs.findbugs.annotations.SuppressWarnings(
value = "DMI_EMPTY_DB_PASSWORD",
justification = "Yes, I know... Blank password.")
public final void open() throws IOException, SQLException, DatabaseException, ClassNotFoundException {
final String fileName = CveDB.getDataDirectory().getCanonicalPath();
final File f = new File(fileName, "cve." + DB_SCHEMA_VERSION);
final File check = new File(f.getAbsolutePath() + ".h2.db");
final boolean createTables = !check.exists();
final String connStr = String.format("jdbc:h2:file:%s;AUTO_SERVER=TRUE", f.getAbsolutePath());
Class.forName("org.h2.Driver");
conn = DriverManager.getConnection(connStr, "sa", "");
if (createTables) {
createTables();
}
public final void open() throws DatabaseException {
conn = ConnectionFactory.getConnection();
}
/**
@@ -147,6 +106,15 @@ public class CveDB {
}
}
/**
* Returns whether the database connection is open or closed.
*
* @return whether the database connection is open or closed
*/
public boolean isOpen() {
return conn != null;
}
/**
* Commits all completed transactions.
*
@@ -166,65 +134,7 @@ public class CveDB {
@Override
protected void finalize() throws Throwable {
close();
super.finalize(); //not necessary if extending Object.
}
/**
* Creates the database structure (tables and indexes) to store the CVE
* data.
*
* @throws SQLException thrown if there is a SQL Exception
* @throws DatabaseException thrown if there is a Database Exception
*/
public void createTables() throws SQLException, DatabaseException {
InputStream is;
InputStreamReader reader;
BufferedReader in = null;
try {
is = this.getClass().getClassLoader().getResourceAsStream(DB_STRUCTURE_RESOURCE);
reader = new InputStreamReader(is, "UTF-8");
in = new BufferedReader(reader);
final StringBuilder sb = new StringBuilder(2110);
String tmp;
while ((tmp = in.readLine()) != null) {
sb.append(tmp);
}
Statement statement = null;
try {
statement = conn.createStatement();
statement.execute(sb.toString());
} finally {
DBUtils.closeStatement(statement);
}
} catch (IOException ex) {
throw new DatabaseException("Unable to create database schema", ex);
} finally {
if (in != null) {
try {
in.close();
} catch (IOException ex) {
Logger.getLogger(CveDB.class
.getName()).log(Level.FINEST, null, ex);
}
}
}
}
/**
* Retrieves the directory that the JAR file exists in so that we can ensure
* we always use a common data directory.
*
* @return the data directory for this index.
* @throws IOException is thrown if an IOException occurs of course...
*/
public static File getDataDirectory() throws IOException {
final File path = Settings.getDataFile(Settings.KEYS.DATA_DIRECTORY);
if (!path.exists()) {
if (!path.mkdirs()) {
throw new IOException("Unable to create NVD CVE Data directory");
}
}
return path;
super.finalize();
}
/**
* Database properties object containing the 'properties' from the database