github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-26 11:01:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

ensured engine.cleanup() is now being called

Browse Source 
Former-commit-id: 89e6222d55cec95327a5a963fee739076ae7673f
This commit is contained in:
Jeremy Long
2014-02-22 16:46:59 -05:00
parent c30c455a9f
commit 8f1e0d57bf
8 changed files with 158 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java
View File

@@ -741,7 +741,9 @@ public class DependencyCheckTask extends Task {
validateConfiguration(); validateConfiguration();
populateSettings(); populateSettings();
final Engine engine = new Engine(); Engine engine = null;
try {
engine = new Engine();
for (Resource resource : path) { for (Resource resource : path) {
final FileProvider provider = resource.as(FileProvider.class); final FileProvider provider = resource.as(FileProvider.class);
@@ -783,6 +785,14 @@ public class DependencyCheckTask extends Task {
Logger.getLogger(DependencyCheckTask.class.getName()).log(Level.FINE, "An exception occurred; unable to continue task", ex); Logger.getLogger(DependencyCheckTask.class.getName()).log(Level.FINE, "An exception occurred; unable to continue task", ex);
throw new BuildException("An exception occurred; unable to continue task", ex); throw new BuildException("An exception occurred; unable to continue task", ex);
} }
} catch (DatabaseException ex) {
Logger.getLogger(DependencyCheckTask.class.getName()).log(Level.SEVERE, "Unable to connect to the dependency-check database; analysis has stopped");
Logger.getLogger(DependencyCheckTask.class.getName()).log(Level.FINE, "", ex);
} finally {
if (engine != null) {
engine.cleanup();
}
}
} }
/** /**

12
dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
View File

@@ -98,7 +98,9 @@ public class App {
* @param files the files/directories to scan * @param files the files/directories to scan
*/ */
private void runScan(String reportDirectory, String outputFormat, String applicationName, String[] files, String extraExtensions) { private void runScan(String reportDirectory, String outputFormat, String applicationName, String[] files, String extraExtensions) {
final Engine scanner = new Engine(); Engine scanner = null;
try {
scanner = new Engine();
for (String file : files) { for (String file : files) {
scanner.scan(file); scanner.scan(file);
@@ -129,6 +131,14 @@ public class App {
Logger.getLogger(App.class.getName()).log(Level.SEVERE, "There was an error while attempting to generate the report."); Logger.getLogger(App.class.getName()).log(Level.SEVERE, "There was an error while attempting to generate the report.");
Logger.getLogger(App.class.getName()).log(Level.FINE, null, ex); Logger.getLogger(App.class.getName()).log(Level.FINE, null, ex);
} }
} catch (DatabaseException ex) {
Logger.getLogger(App.class.getName()).log(Level.SEVERE, "Unable to connect to the dependency-check database; analysis has stopped");
Logger.getLogger(App.class.getName()).log(Level.FINE, "", ex);
} finally {
if (scanner != null) {
scanner.cleanup();
}
}
} }
/** /**

13
dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
View File

@@ -32,6 +32,7 @@ import org.owasp.dependencycheck.analyzer.AnalyzerService;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.cpe.CpeMemoryIndex; import org.owasp.dependencycheck.data.cpe.CpeMemoryIndex;
import org.owasp.dependencycheck.data.cpe.IndexException; import org.owasp.dependencycheck.data.cpe.IndexException;
import org.owasp.dependencycheck.data.nvdcve.ConnectionFactory;
import org.owasp.dependencycheck.data.nvdcve.CveDB; import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException; import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.data.update.CachedWebDataSource; import org.owasp.dependencycheck.data.update.CachedWebDataSource;
@@ -67,11 +68,14 @@ public class Engine {
/** /**
* Creates a new Engine. * Creates a new Engine.
*
* @throws DatabaseException thrown if there is an error connecting to the database
*/ */
public Engine() { public Engine() throws DatabaseException {
this.extensions = new HashSet<String>(); this.extensions = new HashSet<String>();
this.dependencies = new ArrayList<Dependency>(); this.dependencies = new ArrayList<Dependency>();
this.analyzers = new EnumMap<AnalysisPhase, List<Analyzer>>(AnalysisPhase.class); this.analyzers = new EnumMap<AnalysisPhase, List<Analyzer>>(AnalysisPhase.class);
ConnectionFactory.initialize();
boolean autoUpdate = true; boolean autoUpdate = true;
try { try {
@@ -85,6 +89,13 @@ public class Engine {
loadAnalyzers(); loadAnalyzers();
} }
/**
* Properly cleans up resources allocated during analysis.
*/
public void cleanup() {
ConnectionFactory.cleanup();
}
/** /**
* Loads the analyzers specified in the configuration file (or system properties). * Loads the analyzers specified in the configuration file (or system properties).
*/ */

4
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java
View File

@@ -173,7 +173,9 @@ public final class ConnectionFactory {
} }
/** /**
* Cleans up resources and unloads any registered database drivers. * Cleans up resources and unloads any registered database drivers. This needs to be called to ensure the driver is
* unregistered prior to the finalize method being called as during shutdown the class loader used to load the
* driver may be unloaded prior to the driver being de-registered.
*/ */
public static synchronized void cleanup() { public static synchronized void cleanup() {
if (driver != null) { if (driver != null) {

1
dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineIntegrationTest.java
View File

@@ -69,5 +69,6 @@ public class EngineIntegrationTest {
ReportGenerator rg = new ReportGenerator("DependencyCheck", ReportGenerator rg = new ReportGenerator("DependencyCheck",
instance.getDependencies(), instance.getAnalyzers(), dbProp); instance.getDependencies(), instance.getAnalyzers(), dbProp);
rg.generateReports("./target/", "ALL"); rg.generateReports("./target/", "ALL");
instance.cleanup();
} }
} }

8
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerTest.java
View File

@@ -160,6 +160,8 @@ public class ArchiveAnalyzerTest extends BaseIndexTestCase {
instance.analyze(dependency, engine); instance.analyze(dependency, engine);
int ending_size = engine.getDependencies().size(); int ending_size = engine.getDependencies().size();
engine.cleanup();
assertTrue(initial_size < ending_size); assertTrue(initial_size < ending_size);
} finally { } finally {
@@ -186,6 +188,7 @@ public class ArchiveAnalyzerTest extends BaseIndexTestCase {
int initial_size = engine.getDependencies().size(); int initial_size = engine.getDependencies().size();
instance.analyze(dependency, engine); instance.analyze(dependency, engine);
int ending_size = engine.getDependencies().size(); int ending_size = engine.getDependencies().size();
engine.cleanup();
assertTrue(initial_size < ending_size); assertTrue(initial_size < ending_size);
@@ -214,7 +217,7 @@ public class ArchiveAnalyzerTest extends BaseIndexTestCase {
engine.scan(file); engine.scan(file);
engine.analyzeDependencies(); engine.analyzeDependencies();
int ending_size = engine.getDependencies().size(); int ending_size = engine.getDependencies().size();
engine.cleanup();
assertTrue(initial_size < ending_size); assertTrue(initial_size < ending_size);
} finally { } finally {
@@ -261,7 +264,7 @@ public class ArchiveAnalyzerTest extends BaseIndexTestCase {
engine.scan(file); engine.scan(file);
engine.analyzeDependencies(); engine.analyzeDependencies();
int ending_size = engine.getDependencies().size(); int ending_size = engine.getDependencies().size();
engine.cleanup();
assertTrue(initial_size < ending_size); assertTrue(initial_size < ending_size);
} finally { } finally {
@@ -292,6 +295,7 @@ public class ArchiveAnalyzerTest extends BaseIndexTestCase {
// } // }
// assertTrue(failed); // assertTrue(failed);
int ending_size = engine.getDependencies().size(); int ending_size = engine.getDependencies().size();
engine.cleanup();
assertEquals(initial_size, ending_size); assertEquals(initial_size, ending_size);
} finally { } finally {
instance.close(); instance.close();

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorTest.java
View File

@@ -150,6 +150,8 @@ public class ReportGeneratorTest {
ReportGenerator generator = new ReportGenerator("Test Report", engine.getDependencies(), engine.getAnalyzers(), dbProp); ReportGenerator generator = new ReportGenerator("Test Report", engine.getDependencies(), engine.getAnalyzers(), dbProp);
generator.generateReport(templateName, writeTo); generator.generateReport(templateName, writeTo);
engine.cleanup();
InputStream xsdStream = ReportGenerator.class.getClassLoader().getResourceAsStream("schema/DependencyCheck.xsd"); InputStream xsdStream = ReportGenerator.class.getClassLoader().getResourceAsStream("schema/DependencyCheck.xsd");
StreamSource xsdSource = new StreamSource(xsdStream); StreamSource xsdSource = new StreamSource(xsdStream);
StreamSource xmlSource = new StreamSource(new File(writeTo)); StreamSource xmlSource = new StreamSource(new File(writeTo));

35
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java
View File

@@ -280,13 +280,15 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
* *
* @return the Engine used to scan the dependencies. * @return the Engine used to scan the dependencies.
*/ */
private Engine executeDependencyCheck() { private Engine executeDependencyCheck() throws DatabaseException {
final InputStream in = DependencyCheckMojo.class.getClassLoader().getResourceAsStream(LOG_PROPERTIES_FILE); final InputStream in = DependencyCheckMojo.class.getClassLoader().getResourceAsStream(LOG_PROPERTIES_FILE);
LogUtils.prepareLogger(in, logFile); LogUtils.prepareLogger(in, logFile);
populateSettings(); populateSettings();
final Engine engine = new Engine(); Engine engine = null;
try {
engine = new Engine();
final Set<Artifact> artifacts = project.getArtifacts(); final Set<Artifact> artifacts = project.getArtifacts();
for (Artifact a : artifacts) { for (Artifact a : artifacts) {
if (skipTestScope && Artifact.SCOPE_TEST.equals(a.getScope())) { if (skipTestScope && Artifact.SCOPE_TEST.equals(a.getScope())) {
@@ -304,6 +306,11 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
engine.scan(a.getFile().getAbsolutePath()); engine.scan(a.getFile().getAbsolutePath());
} }
engine.analyzeDependencies(); engine.analyzeDependencies();
} finally {
if (engine != null) {
engine.cleanup();
}
}
return engine; return engine;
} }
@@ -794,7 +801,9 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
* @throws MojoFailureException thrown if a CVSS score is found that is higher then the configured level * @throws MojoFailureException thrown if a CVSS score is found that is higher then the configured level
*/ */
public void execute() throws MojoExecutionException, MojoFailureException { public void execute() throws MojoExecutionException, MojoFailureException {
final Engine engine = executeDependencyCheck(); Engine engine = null;
try {
engine = executeDependencyCheck();
generateExternalReports(engine); generateExternalReports(engine);
if (this.showSummary) { if (this.showSummary) {
showSummary(engine.getDependencies()); showSummary(engine.getDependencies());
@@ -802,6 +811,14 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
if (this.failBuildOnCVSS <= 10) { if (this.failBuildOnCVSS <= 10) {
checkForFailure(engine.getDependencies()); checkForFailure(engine.getDependencies());
} }
} catch (DatabaseException ex) {
Logger.getLogger(DependencyCheckMojo.class.getName()).log(Level.SEVERE, "Unable to connect to the dependency-check database; analysis has stopped");
Logger.getLogger(DependencyCheckMojo.class.getName()).log(Level.FINE, "", ex);
} finally {
if (engine != null) {
engine.cleanup();
}
}
} }
/** /**
@@ -825,8 +842,18 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
* @throws MavenReportException if a maven report exception occurs * @throws MavenReportException if a maven report exception occurs
*/ */
public void generate(Sink sink, SinkFactory sinkFactory, Locale locale) throws MavenReportException { public void generate(Sink sink, SinkFactory sinkFactory, Locale locale) throws MavenReportException {
final Engine engine = executeDependencyCheck(); Engine engine = null;
try {
engine = executeDependencyCheck();
generateMavenSiteReport(engine, sink); generateMavenSiteReport(engine, sink);
} catch (DatabaseException ex) {
Logger.getLogger(DependencyCheckMojo.class.getName()).log(Level.SEVERE, "Unable to connect to the dependency-check database; analysis has stopped");
Logger.getLogger(DependencyCheckMojo.class.getName()).log(Level.FINE, "", ex);
} finally {
if (engine != null) {
engine.cleanup();
}
}
} }
// <editor-fold defaultstate="collapsed" desc="required setter/getter methods"> // <editor-fold defaultstate="collapsed" desc="required setter/getter methods">