github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 08:13:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

general updates

Browse Source 
Former-commit-id: edac8a6df87e1793f94ebdad615ed424acb27d90
This commit is contained in:
Jeremy Long
2012-11-12 13:36:44 -05:00
parent 99c056e7f5
commit 9f21ea6a9d
9 changed files with 186 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/main/java/org/codesecure/dependencycheck/App.java
View File

@@ -22,6 +22,7 @@ import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URLDecoder;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.LogManager;
@@ -69,11 +70,32 @@ public class App {
app.run(args);
}
private static File getLoggingDirectory() throws IOException {
String fileName = "logs";
String filePath = App.class.getProtectionDomain().getCodeSource().getLocation().getPath();
String decodedPath = URLDecoder.decode(filePath, "UTF-8");
File exePath = new File(decodedPath);
if (!exePath.isDirectory()) {
exePath = exePath.getParentFile();
}
File path = new File(exePath.getCanonicalFile() + File.separator + fileName);
path = new File(path.getCanonicalPath());
return path;
}
private static void prepareLogger() {
//while java doc for JUL says to use preferences api - it throws an exception...
//Preferences.systemRoot().put("java.util.logging.config.file", "log.properties");
//System.getProperties().put("java.util.logging.config.file", "configuration/log.properties");
File dir = new File("logs");
File dir;
try {
dir = getLoggingDirectory();
} catch (IOException ex) {
Logger.getLogger(App.class.getName()).log(Level.SEVERE, "Unable to get default logging location, "
+ "using the working directory instead.", ex);
dir = new File("logs");
}
if (!dir.exists()) {
dir.mkdir();
}

59
src/main/java/org/codesecure/dependencycheck/data/cpe/Index.java
View File

@@ -75,17 +75,32 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
* @throws IOException is thrown if an IOException occurs.
*/
public Directory getDirectory() throws IOException {
String fileName = Settings.getString(Settings.KEYS.CPE_INDEX);
String filePath = Index.class.getProtectionDomain().getCodeSource().getLocation().getPath();
String decodedPath = URLDecoder.decode(filePath, "UTF-8");
File path = new File(decodedPath + File.separator + fileName);
path = new File(path.getCanonicalPath());
File path = getDataDirectory();
Directory dir = FSDirectory.open(path);
return dir;
}
/**
* Retrieves the directory that the JAR file exists in so that
* we can ensure we always use a common data directory.
*
* @return the data directory for this index.
* @throws IOException is thrown if an IOException occurs of course...
*/
protected File getDataDirectory() throws IOException {
String fileName = Settings.getString(Settings.KEYS.CPE_INDEX);
String filePath = Index.class.getProtectionDomain().getCodeSource().getLocation().getPath();
String decodedPath = URLDecoder.decode(filePath, "UTF-8");
File exePath = new File(decodedPath);
if (!exePath.isDirectory()) {
exePath = exePath.getParentFile();
}
File path = new File(exePath.getCanonicalFile() + File.separator + fileName);
path = new File(path.getCanonicalPath());
return path;
}
/**
* Creates an Analyzer for the CPE Index.
*
@@ -158,8 +173,14 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
*
* @param timeStamp the timestamp to write.
*/
private void writeLastUpdatedPropertyFile(long timeStamp) {
String dir = Settings.getString(Settings.KEYS.CPE_INDEX);
private void writeLastUpdatedPropertyFile(long timeStamp) throws UpdateException {
String dir;
try {
dir = getDataDirectory().getCanonicalPath();
} catch (IOException ex) {
Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException("Unable to locate the last updated properties file.", ex);
}
File cpeProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE);
Properties prop = new Properties();
prop.put(Index.LAST_UPDATED, String.valueOf(timeStamp));
@@ -198,8 +219,10 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
* is incorrect.
* @throws DownloadFailedException is thrown if there is an error
* downloading the cpe.meta data file.
* @throws UpdateException is thrown if there is an error locating the last updated
* properties file.
*/
public long updateNeeded() throws MalformedURLException, DownloadFailedException {
public long updateNeeded() throws MalformedURLException, DownloadFailedException, UpdateException {
long retVal = 0;
long lastUpdated = 0;
long currentlyPublishedDate = retrieveCurrentCPETimestampFromWeb();
@@ -207,12 +230,24 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
throw new DownloadFailedException("Unable to retrieve valid timestamp from cpe.meta file");
}
String dir = Settings.getString(Settings.KEYS.CPE_INDEX);
File f = new File(dir);
//String dir = Settings.getString(Settings.KEYS.CPE_INDEX);
File f;
try {
f = getDataDirectory(); //new File(dir);
} catch (IOException ex) {
Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException("Unable to locate last updated properties file.", ex);
}
if (!f.exists()) {
retVal = currentlyPublishedDate;
} else {
File cpeProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE);
File cpeProp;
try {
cpeProp = new File(f.getCanonicalPath() + File.separatorChar + UPDATE_PROPERTIES_FILE);
} catch (IOException ex) {
Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException("Unable to find last updated properties file.", ex);
}
if (!cpeProp.exists()) {
retVal = currentlyPublishedDate;
} else {

53
src/main/java/org/codesecure/dependencycheck/data/nvdcve/Index.java
View File

@@ -67,21 +67,36 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
private static final String LAST_UPDATED_BASE = "lastupdated.";
/**
* Returns the directory that holds the NVD CVE Index.
* Returns the directory that holds the NVD CVE Index. Note, this
* returns the path where the class or jar file exists.
*
* @return the Directory containing the NVD CVE Index.
* @throws IOException is thrown if an IOException occurs.
*/
public Directory getDirectory() throws IOException {
File path = getDataDirectory();
Directory dir = FSDirectory.open(path);
return dir;
}
/**
* Retrieves the directory that the JAR file exists in so that
* we can ensure we always use a common data directory.
*
* @return the data directory for this index.
* @throws IOException is thrown if an IOException occurs of course...
*/
protected File getDataDirectory() throws IOException {
String fileName = Settings.getString(Settings.KEYS.CVE_INDEX);
String filePath = Index.class.getProtectionDomain().getCodeSource().getLocation().getPath();
String decodedPath = URLDecoder.decode(filePath, "UTF-8");
File path = new File(decodedPath + File.separator + fileName);
File exePath = new File(decodedPath);
if (!exePath.isDirectory()) {
exePath = exePath.getParentFile();
}
File path = new File(exePath.getCanonicalFile() + File.separator + fileName);
path = new File(path.getCanonicalPath());
Directory dir = FSDirectory.open(path);
return dir;
return path;
}
/**
@@ -171,8 +186,14 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
*
* @param timeStamp the timestamp to write.
*/
private void writeLastUpdatedPropertyFile(Map<String, NvdCveUrl> updated) {
String dir = Settings.getString(Settings.KEYS.CVE_INDEX);
private void writeLastUpdatedPropertyFile(Map<String, NvdCveUrl> updated) throws UpdateException {
String dir;
try {
dir = getDataDirectory().getCanonicalPath();
} catch (IOException ex) {
Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException("Unable to locate last updated properties file.", ex);
}
File cveProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE);
Properties prop = new Properties();
@@ -187,8 +208,10 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
prop.store(out, dir);
} catch (FileNotFoundException ex) {
Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException("Unable to find last updated properties file.", ex);
} catch (IOException ex) {
Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException("Unable to update last updated properties file.", ex);
} finally {
try {
os.flush();
@@ -212,10 +235,11 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
* @return the NvdCveUrl of the files that need to be updated.
* @throws MalformedURLException is thrown if the URL for the NVD CVE Meta
* data is incorrect.
* @throws DownloadFailedException is thrown if there is an error
* @throws DownloadFailedException is thrown if there is an error.
* downloading the nvd cve download data file.
* @throws UpdateException Is thrown if there is an issue with the last updated properties file.
*/
public Map<String, NvdCveUrl> updateNeeded() throws MalformedURLException, DownloadFailedException {
public Map<String, NvdCveUrl> updateNeeded() throws MalformedURLException, DownloadFailedException, UpdateException {
Map<String, NvdCveUrl> currentlyPublished;
try {
@@ -227,7 +251,14 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
if (currentlyPublished == null) {
throw new DownloadFailedException("Unable to retrieve valid timestamp from nvd cve downloads page");
}
String dir = Settings.getString(Settings.KEYS.CVE_INDEX);
String dir;
try {
dir = getDataDirectory().getCanonicalPath();
} catch (IOException ex) {
Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException("Unable to locate last updated properties file.", ex);
}
File f = new File(dir);
if (f.exists()) {
File cveProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE);

32
src/main/java/org/codesecure/dependencycheck/utils/CliParser.java
View File

@@ -93,17 +93,20 @@ public final class CliParser {
validatePathExists(getScanFiles());
if (!line.hasOption(ArgumentName.OUT)) {
//TODO - need a new exception type here, this isn't really a parseexception.
throw new ParseException("Scan cannot be run without specifying a directory to write the reports to via the 'out' argument.");
throw new ParseException("Scan cannot be run without specifying a directory "
+ "to write the reports to via the 'out' argument.");
} else {
String p = line.getOptionValue(ArgumentName.OUT, "");
File f = new File(p);
if ("".equals(p) || !(f.exists() && f.isDirectory())) {
//TODO - need a new exception type here, this isn't really a parseexception.
throw new ParseException("A valid directory name must be specified for the 'out' argument.");
throw new ParseException("A valid directory name must be specified for "
+ "the 'out' argument.");
}
}
if (!line.hasOption(ArgumentName.APPNAME)) {
throw new ParseException("Scan cannot be run without specifying an application name via the 'app' argument.");
throw new ParseException("Scan cannot be run without specifying an application "
+ "name via the 'app' argument.");
}
}
}
@@ -160,15 +163,25 @@ public final class CliParser {
Option noupdate = new Option(ArgumentName.DISABLE_AUTO_UPDATE_SHORT, ArgumentName.DISABLE_AUTO_UPDATE,
false, "disables the automatic updating of the CPE data.");
Option appname = OptionBuilder.withArgName("name").hasArg().withLongOpt(ArgumentName.APPNAME).withDescription("the name of the application being scanned.").create(ArgumentName.APPNAME_SHORT);
Option appname = OptionBuilder.withArgName("name").hasArg().withLongOpt(ArgumentName.APPNAME)
.withDescription("the name of the application being scanned.")
.create(ArgumentName.APPNAME_SHORT);
Option path = OptionBuilder.withArgName("path").hasArg().withLongOpt(ArgumentName.SCAN).withDescription("the path to scan - this option can be specified multiple times.").create(ArgumentName.SCAN_SHORT);
Option path = OptionBuilder.withArgName("path").hasArg().withLongOpt(ArgumentName.SCAN)
.withDescription("the path to scan - this option can be specified multiple times.")
.create(ArgumentName.SCAN_SHORT);
Option load = OptionBuilder.withArgName("file").hasArg().withLongOpt(ArgumentName.CPE).withDescription("load the CPE xml file.").create(ArgumentName.CPE_SHORT);
Option load = OptionBuilder.withArgName("file").hasArg().withLongOpt(ArgumentName.CPE)
.withDescription("load the CPE xml file.")
.create(ArgumentName.CPE_SHORT);
Option props = OptionBuilder.withArgName("file").hasArg().withLongOpt(ArgumentName.PROP).withDescription("a property file to load.").create(ArgumentName.PROP_SHORT);
Option props = OptionBuilder.withArgName("file").hasArg().withLongOpt(ArgumentName.PROP)
.withDescription("a property file to load.")
.create(ArgumentName.PROP_SHORT);
Option out = OptionBuilder.withArgName("folder").hasArg().withLongOpt(ArgumentName.OUT).withDescription("the folder to write reports to.").create(ArgumentName.OUT_SHORT);
Option out = OptionBuilder.withArgName("folder").hasArg().withLongOpt(ArgumentName.OUT)
.withDescription("the folder to write reports to.")
.create(ArgumentName.OUT_SHORT);
//TODO add the ability to load a properties file to override the defaults...
@@ -237,7 +250,8 @@ public final class CliParser {
+ "using the -p <file> argument or by passing them in as system properties." + nl
+ nl + " " + Settings.KEYS.PROXY_URL + "\t\t the proxy URL to use when downloading resources."
+ nl + " " + Settings.KEYS.PROXY_PORT + "\t\t the proxy port to use when downloading resources."
+ nl + " " + Settings.KEYS.CONNECTION_TIMEOUT + "\t the cconnection timeout (in milliseconds) to use" + nl + "\t\t\t when downloading resources.";
+ nl + " " + Settings.KEYS.CONNECTION_TIMEOUT + "\t the cconnection timeout (in milliseconds) to use"
+ nl + "\t\t\t when downloading resources.";
}
formatter.printHelp(Settings.getString("application.name", "DependencyCheck"),