From 79c31b5f545b63d67d90f393583241431dbfce8d Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Tue, 8 Oct 2013 10:58:29 -0400
Subject: [PATCH] Improved update process, including initial lock support

Former-commit-id: d6fc00406765f4680d900eb0474fed9ade727a0a
---
 .../data/update/AbstractUpdate.java           |  10 +-
 .../data/update/BatchUpdate.java              |   5 -
 .../data/update/StandardUpdate.java           |  29 ++--
 .../data/update/Updateable.java               |   5 +
 .../data/update/AbstractUpdateTest.java       | 134 +++++++++++++++
 ...dater_1_Test.java => BatchUpdateTest.java} |  42 +++--
 .../data/update/DataStoreMetaInfoTest.java    | 118 +++++++++++++
 .../DatabaseUpdaterIntegrationTest.java       |  13 +-
 .../data/update/DatabaseUpdater_2_Test.java   |  87 ----------
 .../data/update/NvdCveInfoTest.java           | 113 +++++++++++++
 .../update/StandardUpdateIntegrationTest.java |  72 ++++++++
 .../data/update/UpdateableTest.java           | 160 ++++++++++++++++++
 12 files changed, 657 insertions(+), 131 deletions(-)
 create mode 100644 dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/AbstractUpdateTest.java
 rename dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/{DatabaseUpdater_1_Test.java => BatchUpdateTest.java} (70%)
 create mode 100644 dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/DataStoreMetaInfoTest.java
 delete mode 100644 dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/DatabaseUpdater_2_Test.java
 create mode 100644 dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/NvdCveInfoTest.java
 create mode 100644 dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/StandardUpdateIntegrationTest.java
 create mode 100644 dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/UpdateableTest.java

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/AbstractUpdate.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/AbstractUpdate.java
index e7211e512..86a6040e3 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/AbstractUpdate.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/AbstractUpdate.java
@@ -77,6 +77,15 @@ public abstract class AbstractUpdate {
         return updateable.isUpdateNeeded();
     }
 
+    /**
+     * Gets the updateable NVD CVE Entries.
+     *
+     * @return an Updateable object containing the NVD CVE entries
+     */
+    public Updateable getUpdateable() {
+        return updateable;
+    }
+
     /**
      * Determines if the index needs to be updated.
      *
@@ -102,7 +111,6 @@ public abstract class AbstractUpdate {
      * deleted.
      */
     private boolean deleteAndRecreate = false;
-    protected Updateable updatesNeeded = null;
 
     /**
      * Get the value of deleteAndRecreate
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/BatchUpdate.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/BatchUpdate.java
index 4095e072c..fb19afee1 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/BatchUpdate.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/BatchUpdate.java
@@ -20,14 +20,10 @@ package org.owasp.dependencycheck.data.update;
 
 import org.owasp.dependencycheck.data.nvdcve.InvalidDataException;
 import java.io.File;
-import java.io.FileNotFoundException;
 import java.io.IOException;
-import javax.xml.parsers.ParserConfigurationException;
-import org.xml.sax.SAXException;
 import java.net.MalformedURLException;
 import java.net.URISyntaxException;
 import java.net.URL;
-import java.sql.SQLException;
 import java.util.Calendar;
 import java.util.Date;
 import java.util.logging.Level;
@@ -38,7 +34,6 @@ import org.owasp.dependencycheck.utils.DownloadFailedException;
 import org.owasp.dependencycheck.utils.Downloader;
 import org.owasp.dependencycheck.utils.FileUtils;
 import org.owasp.dependencycheck.utils.Settings;
-import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 import org.owasp.dependencycheck.utils.InvalidSettingException;
 import static org.owasp.dependencycheck.data.update.DataStoreMetaInfo.BATCH;
 import static org.owasp.dependencycheck.data.update.DataStoreMetaInfo.MODIFIED;
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdate.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdate.java
index 6cefcaa0f..cfb5f26af 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdate.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdate.java
@@ -55,17 +55,14 @@ public class StandardUpdate extends AbstractUpdate {
      * <p>Downloads the latest NVD CVE XML file from the web and imports it into
      * the current CVE Database.</p>
      *
-     * @param updatesNeeded a collection of NvdCveInfo containing information
-     * about needed updates.
      * @throws UpdateException is thrown if there is an error updating the
      * database
      */
     @Override
     public void update() throws UpdateException {
         try {
-            properties = new DataStoreMetaInfo();
             int maxUpdates = 0;
-            for (NvdCveInfo cve : updatesNeeded) {
+            for (NvdCveInfo cve : getUpdateable()) {
                 if (cve.getNeedsUpdate()) {
                     maxUpdates += 1;
                 }
@@ -79,7 +76,7 @@ public class StandardUpdate extends AbstractUpdate {
             }
 
             int count = 0;
-            for (NvdCveInfo cve : updatesNeeded) {
+            for (NvdCveInfo cve : getUpdateable()) {
                 if (cve.getNeedsUpdate()) {
                     count += 1;
                     Logger.getLogger(StandardUpdate.class.getName()).log(Level.INFO,
@@ -148,7 +145,7 @@ public class StandardUpdate extends AbstractUpdate {
                 }
             }
             if (maxUpdates >= 1) { //ensure the modified file date gets written
-                properties.save(updatesNeeded.get(MODIFIED));
+                properties.save(getUpdateable().get(MODIFIED));
                 cveDB.cleanupDatabase();
             }
         } catch (MalformedURLException ex) {
@@ -275,18 +272,16 @@ public class StandardUpdate extends AbstractUpdate {
                 Settings.getString(Settings.KEYS.CVE_MODIFIED_12_URL),
                 false);
 
-        //only add these urls if we are not in batch mode
-        if (!properties.isBatchUpdateMode()) {
-            final int start = Settings.getInt(Settings.KEYS.CVE_START_YEAR);
-            final int end = Calendar.getInstance().get(Calendar.YEAR);
-            final String baseUrl20 = Settings.getString(Settings.KEYS.CVE_SCHEMA_2_0);
-            final String baseUrl12 = Settings.getString(Settings.KEYS.CVE_SCHEMA_1_2);
-            for (int i = start; i <= end; i++) {
-                updates.add(Integer.toString(i), String.format(baseUrl20, i),
-                        String.format(baseUrl12, i),
-                        true);
-            }
+        final int start = Settings.getInt(Settings.KEYS.CVE_START_YEAR);
+        final int end = Calendar.getInstance().get(Calendar.YEAR);
+        final String baseUrl20 = Settings.getString(Settings.KEYS.CVE_SCHEMA_2_0);
+        final String baseUrl12 = Settings.getString(Settings.KEYS.CVE_SCHEMA_1_2);
+        for (int i = start; i <= end; i++) {
+            updates.add(Integer.toString(i), String.format(baseUrl20, i),
+                    String.format(baseUrl12, i),
+                    true);
         }
+
         return updates;
     }
 }
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/Updateable.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/Updateable.java
index 02bb14c74..516094b69 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/Updateable.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/Updateable.java
@@ -149,4 +149,9 @@ public class Updateable implements java.lang.Iterable<NvdCveInfo>, Iterator<NvdC
     NvdCveInfo get(String key) {
         return collection.get(key);
     }
+
+    @Override
+    public String toString() {
+        return "Updateable{" + "size=" + collection.size() + '}';
+    }
 }
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/AbstractUpdateTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/AbstractUpdateTest.java
new file mode 100644
index 000000000..65cf42798
--- /dev/null
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/AbstractUpdateTest.java
@@ -0,0 +1,134 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Dependency-check-core is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation, either version 3 of the License, or (at your option) any
+ * later version.
+ *
+ * Dependency-check-core is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * dependency-check-core. If not, see http://www.gnu.org/licenses/.
+ *
+ * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.data.update;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.text.DateFormat;
+import java.util.Calendar;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import static org.junit.Assert.*;
+import org.owasp.dependencycheck.data.UpdateException;
+import org.owasp.dependencycheck.utils.DownloadFailedException;
+
+/**
+ *
+ * @author Jeremy Long (jeremy.long@owasp.org)
+ */
+public class AbstractUpdateTest {
+
+    public AbstractUpdateTest() {
+    }
+
+    @BeforeClass
+    public static void setUpClass() {
+    }
+
+    @AfterClass
+    public static void tearDownClass() {
+    }
+
+    @Before
+    public void setUp() {
+    }
+
+    @After
+    public void tearDown() {
+    }
+
+    /**
+     * Test of setDeleteAndRecreate method, of class AbstractUpdate.
+     */
+    @Test
+    public void testSetDeleteAndRecreate() throws Exception {
+        boolean deleteAndRecreate = false;
+        boolean expResult = false;
+        AbstractUpdate instance = new AbstractUpdateImpl();
+        instance.setDeleteAndRecreate(deleteAndRecreate);
+        boolean result = instance.shouldDeleteAndRecreate();
+        assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of deleteExistingData method, of class AbstractUpdate.
+     */
+    @Test
+    public void testDeleteExistingData() throws Exception {
+        AbstractUpdate instance = new AbstractUpdateImpl();
+        Exception result = null;
+        try {
+            instance.deleteExistingData();
+        } catch (IOException ex) {
+            result = ex;
+        }
+        assertNull(result);
+    }
+
+    /**
+     * Test of openDataStores method, of class AbstractUpdate.
+     */
+    @Test
+    public void testOpenDataStores() throws Exception {
+        AbstractUpdate instance = new AbstractUpdateImpl();
+        instance.openDataStores();
+        instance.closeDataStores();
+    }
+
+    /**
+     * Test of withinRange method, of class AbstractUpdate.
+     */
+    @Test
+    public void testWithinRange() throws Exception {
+        Calendar c = Calendar.getInstance();
+
+        long current = c.getTimeInMillis();
+        long lastRun = c.getTimeInMillis() - (3 * (1000 * 60 * 60 * 24));
+        int range = 7; // 7 days
+        AbstractUpdate instance = new AbstractUpdateImpl();
+        boolean expResult = true;
+        boolean result = instance.withinRange(lastRun, current, range);
+        assertEquals(expResult, result);
+
+        lastRun = c.getTimeInMillis() - (8 * (1000 * 60 * 60 * 24));
+        expResult = false;
+        result = instance.withinRange(lastRun, current, range);
+        assertEquals(expResult, result);
+    }
+
+    public class AbstractUpdateImpl extends AbstractUpdate {
+
+        public AbstractUpdateImpl() throws Exception {
+            super();
+        }
+
+        public Updateable updatesNeeded() throws MalformedURLException, DownloadFailedException, UpdateException {
+            return null;
+        }
+
+        public void update() throws UpdateException {
+        }
+    }
+}
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/DatabaseUpdater_1_Test.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/BatchUpdateTest.java
similarity index 70%
rename from dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/DatabaseUpdater_1_Test.java
rename to dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/BatchUpdateTest.java
index 44fe42c5b..90f7d6811 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/DatabaseUpdater_1_Test.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/BatchUpdateTest.java
@@ -14,35 +14,38 @@
  * You should have received a copy of the GNU General Public License along with
  * dependency-check-core. If not, see http://www.gnu.org/licenses/.
  *
- * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
+ * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.data.update;
 
-import org.owasp.dependencycheck.data.update.DatabaseUpdater;
 import java.io.File;
+import java.net.MalformedURLException;
 import org.apache.commons.io.FileUtils;
 import org.junit.After;
 import org.junit.AfterClass;
 import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
+import static org.junit.Assert.*;
+import org.owasp.dependencycheck.data.UpdateException;
+import org.owasp.dependencycheck.utils.DownloadFailedException;
 import org.owasp.dependencycheck.utils.Settings;
 
 /**
  *
  * @author Jeremy Long (jeremy.long@owasp.org)
  */
-public class DatabaseUpdater_1_Test {
+public class BatchUpdateTest {
 
-    public DatabaseUpdater_1_Test() {
+    public BatchUpdateTest() {
     }
 
     @BeforeClass
-    public static void setUpClass() throws Exception {
+    public static void setUpClass() {
     }
 
     @AfterClass
-    public static void tearDownClass() throws Exception {
+    public static void tearDownClass() {
     }
     private String old12;
     private String old20;
@@ -84,14 +87,29 @@ public class DatabaseUpdater_1_Test {
     }
 
     /**
-     * Test of update method (when in batch mode), of class DatabaseUpdater.
-     *
-     * @throws Exception
+     * Test of setDoBatchUpdate method, of class BatchUpdate.
      */
     @Test
-    public void testBatchUpdate() throws Exception {
-        DatabaseUpdater instance = new DatabaseUpdater();
+    public void testSetDoBatchUpdate() throws DownloadFailedException, MalformedURLException, UpdateException {
+        boolean expected = false;
+        BatchUpdate instance = new BatchUpdate();
+        instance.setDoBatchUpdate(expected);
+        boolean results = instance.isDoBatchUpdate();
+        assertEquals(results, expected);
+    }
+
+    /**
+     * Test of update method, of class BatchUpdate.
+     */
+    @Test
+    public void testUpdate() throws Exception {
+        BatchUpdate instance = new BatchUpdate();
+
+        //do some setup
+        instance.setDoBatchUpdate(true);
         instance.deleteExistingData();
-        instance.update();
+
+        instance.update(); //no exceptions it worked?
+        //todo add some actual asserts to check things.
     }
 }
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/DataStoreMetaInfoTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/DataStoreMetaInfoTest.java
new file mode 100644
index 000000000..542d719e6
--- /dev/null
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/DataStoreMetaInfoTest.java
@@ -0,0 +1,118 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Dependency-check-core is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation, either version 3 of the License, or (at your option) any
+ * later version.
+ *
+ * Dependency-check-core is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * dependency-check-core. If not, see http://www.gnu.org/licenses/.
+ *
+ * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.data.update;
+
+import java.io.File;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+/**
+ *
+ * @author Jeremy Long (jeremy.long@owasp.org)
+ */
+public class DataStoreMetaInfoTest {
+
+    public DataStoreMetaInfoTest() {
+    }
+
+    @BeforeClass
+    public static void setUpClass() {
+    }
+
+    @AfterClass
+    public static void tearDownClass() {
+    }
+
+    @Before
+    public void setUp() {
+    }
+
+    @After
+    public void tearDown() {
+    }
+
+    /**
+     * Test of isBatchUpdateMode method, of class DataStoreMetaInfo.
+     */
+    @Test
+    public void testIsBatchUpdateMode() {
+        DataStoreMetaInfo instance = new DataStoreMetaInfo();
+        boolean expResult = false;
+        instance.setBatchUpdateMode(expResult);
+        boolean result = instance.isBatchUpdateMode();
+        assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of isEmpty method, of class DataStoreMetaInfo.
+     */
+    @Test
+    public void testIsEmpty() {
+        DataStoreMetaInfo instance = new DataStoreMetaInfo();
+        boolean expResult = false;
+        boolean result = instance.isEmpty();
+        assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of save method, of class DataStoreMetaInfo.
+     */
+    @Test
+    public void testSave() throws Exception {
+        NvdCveInfo updatedValue = new NvdCveInfo();
+        String key = "test";
+        long expected = 1337;
+        updatedValue.setId(key);
+        updatedValue.setTimestamp(expected);
+        DataStoreMetaInfo instance = new DataStoreMetaInfo();
+        instance.save(updatedValue);
+        //reload the properties
+        instance = new DataStoreMetaInfo();
+        long results = Long.parseLong(instance.getProperty("lastupdated." + key));
+        assertEquals(expected, results);
+
+    }
+
+    /**
+     * Test of getProperty method, of class DataStoreMetaInfo.
+     */
+    @Test
+    public void testGetProperty_String_String() {
+        String key = "doesn't exist";
+        String defaultValue = "default";
+        DataStoreMetaInfo instance = new DataStoreMetaInfo();
+        String expResult = "default";
+        String result = instance.getProperty(key, defaultValue);
+        assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of getPropertiesFile method, of class DataStoreMetaInfo.
+     */
+    @Test
+    public void testGetPropertiesFile() {
+        File result = DataStoreMetaInfo.getPropertiesFile();
+        //wow... rigorous!
+        assertNotNull(result);
+    }
+}
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/DatabaseUpdaterIntegrationTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/DatabaseUpdaterIntegrationTest.java
index cd6b8b5a0..6cdf7ddef 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/DatabaseUpdaterIntegrationTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/DatabaseUpdaterIntegrationTest.java
@@ -14,19 +14,16 @@
  * You should have received a copy of the GNU General Public License along with
  * dependency-check-core. If not, see http://www.gnu.org/licenses/.
  *
- * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
+ * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.data.update;
 
-import java.io.File;
-import java.net.URL;
-import org.owasp.dependencycheck.data.update.DatabaseUpdater;
 import org.junit.After;
 import org.junit.AfterClass;
 import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
-import org.owasp.dependencycheck.utils.Settings;
+import static org.junit.Assert.*;
 
 /**
  *
@@ -38,11 +35,11 @@ public class DatabaseUpdaterIntegrationTest {
     }
 
     @BeforeClass
-    public static void setUpClass() throws Exception {
+    public static void setUpClass() {
     }
 
     @AfterClass
-    public static void tearDownClass() throws Exception {
+    public static void tearDownClass() {
     }
 
     @Before
@@ -55,8 +52,6 @@ public class DatabaseUpdaterIntegrationTest {
 
     /**
      * Test of update method, of class DatabaseUpdater.
-     *
-     * @throws Exception
      */
     @Test
     public void testUpdate() throws Exception {
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/DatabaseUpdater_2_Test.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/DatabaseUpdater_2_Test.java
deleted file mode 100644
index 65c1f7046..000000000
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/DatabaseUpdater_2_Test.java
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * This file is part of dependency-check-core.
- *
- * Dependency-check-core is free software: you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation, either version 3 of the License, or (at your option) any
- * later version.
- *
- * Dependency-check-core is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
- * details.
- *
- * You should have received a copy of the GNU General Public License along with
- * dependency-check-core. If not, see http://www.gnu.org/licenses/.
- *
- * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
- */
-package org.owasp.dependencycheck.data.update;
-
-import org.owasp.dependencycheck.data.update.DatabaseUpdater;
-import java.io.File;
-import org.apache.commons.io.FileUtils;
-import org.junit.After;
-import org.junit.AfterClass;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-import org.owasp.dependencycheck.utils.Settings;
-
-/**
- *
- * @author Jeremy Long (jeremy.long@owasp.org)
- */
-public class DatabaseUpdater_2_Test {
-
-    public DatabaseUpdater_2_Test() {
-    }
-
-    @BeforeClass
-    public static void setUpClass() throws Exception {
-    }
-
-    @AfterClass
-    public static void tearDownClass() throws Exception {
-    }
-    private String old12;
-    private String old20;
-
-    @Before
-    public void setUp() throws Exception {
-        old12 = Settings.getString(Settings.KEYS.CVE_MODIFIED_12_URL);
-        old20 = Settings.getString(Settings.KEYS.CVE_MODIFIED_20_URL);
-        Settings.removeProperty(Settings.KEYS.CVE_MODIFIED_12_URL);
-        Settings.removeProperty(Settings.KEYS.CVE_MODIFIED_20_URL);
-
-        File tmp = Settings.getTempDirectory();
-        if (!tmp.exists()) {
-            tmp.mkdirs();
-        }
-
-        File dest = new File(tmp, "data.zip");
-        File file = new File(this.getClass().getClassLoader().getResource("data.zip").toURI());
-        FileUtils.copyFile(file, dest);
-        String path = "file:///" + dest.getCanonicalPath();
-        Settings.setString(Settings.KEYS.BATCH_UPDATE_URL, path);
-    }
-
-    @After
-    public void tearDown() {
-        Settings.setString(Settings.KEYS.CVE_MODIFIED_12_URL, old12);
-        Settings.setString(Settings.KEYS.CVE_MODIFIED_20_URL, old20);
-        Settings.removeProperty(Settings.KEYS.BATCH_UPDATE_URL);
-    }
-
-    /**
-     * Test of update method (when in batch mode), of class DatabaseUpdater.
-     *
-     * @throws Exception
-     */
-    @Test
-    public void testBatchUpdateWithoutModified() throws Exception {
-        DatabaseUpdater instance = new DatabaseUpdater();
-        instance.deleteExistingData();
-        instance.update();
-    }
-}
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/NvdCveInfoTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/NvdCveInfoTest.java
new file mode 100644
index 000000000..318f25d5b
--- /dev/null
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/NvdCveInfoTest.java
@@ -0,0 +1,113 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Dependency-check-core is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation, either version 3 of the License, or (at your option) any
+ * later version.
+ *
+ * Dependency-check-core is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * dependency-check-core. If not, see http://www.gnu.org/licenses/.
+ *
+ * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.data.update;
+
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+/**
+ * Rigorous test of setters/getters.
+ *
+ * @author Jeremy Long (jeremy.long@owasp.org)
+ */
+public class NvdCveInfoTest {
+
+    public NvdCveInfoTest() {
+    }
+
+    @BeforeClass
+    public static void setUpClass() {
+    }
+
+    @AfterClass
+    public static void tearDownClass() {
+    }
+
+    @Before
+    public void setUp() {
+    }
+
+    @After
+    public void tearDown() {
+    }
+
+    /**
+     * Test of setId and getId method, of class NvdCveInfo.
+     */
+    @Test
+    public void testSetGetId() {
+        NvdCveInfo instance = new NvdCveInfo();
+        String expResult = "id";
+        instance.setId(expResult);
+        String result = instance.getId();
+        assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of getUrl method, of class NvdCveInfo.
+     */
+    @Test
+    public void testSetGetUrl() {
+        NvdCveInfo instance = new NvdCveInfo();
+        String expResult = "http://www.someurl.com/something";
+        instance.setUrl(expResult);
+        String result = instance.getUrl();
+        assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of getOldSchemaVersionUrl method, of class NvdCveInfo.
+     */
+    @Test
+    public void testSetGetOldSchemaVersionUrl() {
+        NvdCveInfo instance = new NvdCveInfo();
+        String expResult = "http://www.someurl.com/something";
+        instance.setOldSchemaVersionUrl(expResult);
+        String result = instance.getOldSchemaVersionUrl();
+        assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of getTimestamp method, of class NvdCveInfo.
+     */
+    @Test
+    public void testSetGetTimestamp() {
+        NvdCveInfo instance = new NvdCveInfo();
+        long expResult = 1337L;
+        instance.setTimestamp(expResult);
+        long result = instance.getTimestamp();
+        assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of getNeedsUpdate method, of class NvdCveInfo.
+     */
+    @Test
+    public void testSetGetNeedsUpdate() {
+        NvdCveInfo instance = new NvdCveInfo();
+        boolean expResult = true;
+        instance.setNeedsUpdate(expResult);
+        boolean result = instance.getNeedsUpdate();
+        assertEquals(expResult, result);
+    }
+}
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/StandardUpdateIntegrationTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/StandardUpdateIntegrationTest.java
new file mode 100644
index 000000000..2a7f66492
--- /dev/null
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/StandardUpdateIntegrationTest.java
@@ -0,0 +1,72 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Dependency-check-core is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation, either version 3 of the License, or (at your option) any
+ * later version.
+ *
+ * Dependency-check-core is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * dependency-check-core. If not, see http://www.gnu.org/licenses/.
+ *
+ * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.data.update;
+
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+/**
+ *
+ * @author Jeremy Long (jeremy.long@owasp.org)
+ */
+public class StandardUpdateIntegrationTest {
+
+    public StandardUpdateIntegrationTest() {
+    }
+
+    @BeforeClass
+    public static void setUpClass() {
+    }
+
+    @AfterClass
+    public static void tearDownClass() {
+    }
+
+    @Before
+    public void setUp() {
+    }
+
+    @After
+    public void tearDown() {
+    }
+
+    /**
+     * Test of update method, of class StandardUpdate.
+     */
+    @Test
+    public void testUpdate() throws Exception {
+        StandardUpdate instance = new StandardUpdate();
+        instance.update();
+        //TODO make this an actual test
+    }
+
+    /**
+     * Test of updatesNeeded method, of class StandardUpdate.
+     */
+    @Test
+    public void testUpdatesNeeded() throws Exception {
+        StandardUpdate instance = new StandardUpdate();
+        Updateable result = instance.updatesNeeded();
+        assertNotNull(result);
+    }
+}
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/UpdateableTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/UpdateableTest.java
new file mode 100644
index 000000000..09d3ce337
--- /dev/null
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/UpdateableTest.java
@@ -0,0 +1,160 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Dependency-check-core is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation, either version 3 of the License, or (at your option) any
+ * later version.
+ *
+ * Dependency-check-core is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * dependency-check-core. If not, see http://www.gnu.org/licenses/.
+ *
+ * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.data.update;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.MalformedURLException;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import static org.junit.Assert.*;
+import org.owasp.dependencycheck.utils.DownloadFailedException;
+
+/**
+ *
+ * @author Jeremy Long (jeremy.long@owasp.org)
+ */
+public class UpdateableTest {
+
+    public UpdateableTest() {
+    }
+
+    @BeforeClass
+    public static void setUpClass() {
+    }
+
+    @AfterClass
+    public static void tearDownClass() {
+    }
+
+    @Before
+    public void setUp() {
+    }
+
+    @After
+    public void tearDown() {
+    }
+
+    /**
+     * Test of isUpdateNeeded method, of class Updateable.
+     */
+    @Test
+    public void testIsUpdateNeeded() throws MalformedURLException, DownloadFailedException, IOException {
+        String id = "key";
+        //use a local file as this test will load the result and check the timestamp
+        File f = new File("target/test-classes/nvdcve-2.0-2012.xml");
+        String url = "file:///" + f.getCanonicalPath();
+        Updateable instance = new Updateable();
+        instance.add(id, url, url, false);
+
+        boolean expResult = false;
+        boolean result = instance.isUpdateNeeded();
+        assertEquals(expResult, result);
+
+        instance.add("nextId", url, url, true);
+
+        expResult = true;
+        result = instance.isUpdateNeeded();
+        assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of add method, of class Updateable.
+     */
+    @Test
+    public void testAdd_3args() throws Exception {
+        String id = "key";
+        File f = new File("target/test-classes/nvdcve-2.0-2012.xml");
+        //use a local file as this test will load the result and check the timestamp
+        String url = "file:///" + f.getCanonicalPath();
+        Updateable instance = new Updateable();
+        instance.add(id, url, url);
+        NvdCveInfo results = instance.get(id);
+        assertEquals(id, results.getId());
+        assertEquals(url, results.getUrl());
+        assertEquals(url, results.getOldSchemaVersionUrl());
+    }
+
+    /**
+     * Test of add method, of class Updateable.
+     */
+    @Test
+    public void testAdd_4args() throws Exception {
+        String id = "key";
+        //use a local file as this test will load the result and check the timestamp
+        File f = new File("target/test-classes/nvdcve-2.0-2012.xml");
+        String url = "file:///" + f.getCanonicalPath();
+        Updateable instance = new Updateable();
+        instance.add(id, url, url, false);
+
+        boolean expResult = false;
+        boolean result = instance.isUpdateNeeded();
+        assertEquals(expResult, result);
+
+        instance.add("nextId", url, url, false);
+        NvdCveInfo results = instance.get(id);
+
+        assertEquals(id, results.getId());
+        assertEquals(url, results.getUrl());
+        assertEquals(url, results.getOldSchemaVersionUrl());
+
+    }
+
+    /**
+     * Test of clear method, of class Updateable.
+     */
+    @Test
+    public void testClear() throws MalformedURLException, DownloadFailedException, IOException {
+        String id = "key";
+        //use a local file as this test will load the result and check the timestamp
+        File f = new File("target/test-classes/nvdcve-2.0-2012.xml");
+        String url = "file:///" + f.getCanonicalPath();
+        Updateable instance = new Updateable();
+        instance.add(id, url, url, false);
+        assertFalse(instance.collection.isEmpty());
+        instance.clear();
+        assertTrue(instance.collection.isEmpty());
+    }
+
+    /**
+     * Test of iterator method, of class Updateable.
+     */
+    @Test
+    public void testIterator() throws IOException {
+        //use a local file as this test will load the result and check the timestamp
+        File f = new File("target/test-classes/nvdcve-2.0-2012.xml");
+        String url = "file:///" + f.getCanonicalPath();
+        Updateable instance = new Updateable();
+        instance.add("one", url, url, false);
+        instance.add("two", url, url, false);
+        instance.add("three", url, url, false);
+        int itemsProcessed = 0;
+        for (NvdCveInfo item : instance) {
+            if ("one".equals(item.getId())) {
+                instance.remove();
+            }
+            itemsProcessed += 1;
+        }
+        assertEquals(3, itemsProcessed);
+        assertEquals(2, instance.collection.size());
+    }
+}