From 9fd8f1c89821de8788dc87d41cdc4d5e5e1c7cdf Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Mon, 7 Aug 2017 18:37:03 -0400
Subject: [PATCH] initial upgrade of h2

---
 .../java/org/owasp/dependencycheck/taskdefs/Purge.java   | 2 +-
 .../src/main/java/org/owasp/dependencycheck/App.java     | 2 +-
 .../src/main/resources/dependencycheck.properties        | 4 ++--
 .../java/org/owasp/dependencycheck/BaseDBTestCase.java   | 9 +++++----
 .../test/java/org/owasp/dependencycheck/BaseTest.java    | 2 +-
 .../java/org/owasp/dependencycheck/EngineModeIT.java     | 5 +++++
 .../src/test/resources/dependencycheck.properties        | 4 ++--
 .../java/org/owasp/dependencycheck/maven/PurgeMojo.java  | 2 +-
 .../java/org/owasp/dependencycheck/utils/Settings.java   | 2 +-
 .../src/test/resources/dependencycheck.properties        | 4 ++--
 pom.xml                                                  | 2 +-
 11 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java
index 23f520f35..559bdc27b 100644
--- a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java
+++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java
@@ -106,7 +106,7 @@ public class Purge extends Task {
         populateSettings();
         File db;
         try {
-            db = new File(Settings.getDataDirectory(), "dc.h2.db");
+            db = new File(Settings.getDataDirectory(), "odc.h2.db");
             if (db.exists()) {
                 if (db.delete()) {
                     log("Database file purged; local copy of the NVD has been removed", Project.MSG_INFO);
diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
index c0132d258..2478cbe88 100644
--- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
+++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
@@ -112,7 +112,7 @@ public class App {
                 }
                 File db;
                 try {
-                    db = new File(Settings.getDataDirectory(), "dc.h2.db");
+                    db = new File(Settings.getDataDirectory(), Settings.getString(Settings.KEYS.DB_FILE_NAME, "odc.h2.db"));
                     if (db.exists()) {
                         if (db.delete()) {
                             LOGGER.info("Database file purged; local copy of the NVD has been removed");
diff --git a/dependency-check-core/src/main/resources/dependencycheck.properties b/dependency-check-core/src/main/resources/dependencycheck.properties
index 845074965..36542813d 100644
--- a/dependency-check-core/src/main/resources/dependencycheck.properties
+++ b/dependency-check-core/src/main/resources/dependencycheck.properties
@@ -16,14 +16,14 @@ engine.version.url=https://jeremylong.github.io/DependencyCheck/current.txt
 # below contains a %s then the data.directory will replace the %s.
 data.directory=[JAR]/data
 #if the filename has a %s it will be replaced with the current expected version
-data.file_name=dc.h2.db
+data.file_name=odc.h2.db
 
 ### if you increment the DB version then you must increment the database file path
 ### in the mojo.properties, task.properties (maven and ant respectively), and
 ### the gradle PurgeDataExtension.
 data.version=3.0
 
-data.connection_string=jdbc:h2:file:%s;FILE_LOCK=SERIALIZED;AUTOCOMMIT=ON;
+data.connection_string=jdbc:h2:file:%s;MV_STORE=FALSE;AUTOCOMMIT=ON;
 #data.connection_string=jdbc:mysql://localhost:3306/dependencycheck
 
 # user name and password for the database connection. The inherent case is to use H2.
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseDBTestCase.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseDBTestCase.java
index bfcb5cb5a..59845f4e8 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseDBTestCase.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseDBTestCase.java
@@ -48,7 +48,7 @@ public abstract class BaseDBTestCase extends BaseTest {
     }
 
     public static void ensureDBExists() throws Exception {
-        File f = new File("./target/data/dc.h2.db");
+        File f = new File("./target/data/odc.h2.db");
         if (f.exists() && f.isFile() && f.length() < 71680) {
             f.delete();
         }
@@ -70,9 +70,10 @@ public abstract class BaseDBTestCase extends BaseTest {
                         d.mkdir();
                         continue;
                     }
-                    File o = new File(dataPath, entry.getName());
-                    o.createNewFile();
-                    try (FileOutputStream fos = new FileOutputStream(o, false);
+                    //File o = new File(dataPath, entry.getName());
+                    //o.createNewFile();
+                    dataFile.createNewFile();
+                    try (FileOutputStream fos = new FileOutputStream(dataFile, false);
                             BufferedOutputStream dest = new BufferedOutputStream(fos, BUFFER_SIZE)) {
                         IOUtils.copy(zin, dest);
                     } catch (Throwable ex) {
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseTest.java
index bdf307cb6..839c8ef48 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseTest.java
@@ -37,7 +37,7 @@ public class BaseTest {
 
     @AfterClass
     public static void tearDownClass() throws Exception {
-        File f = new File("./target/data/dc.h2.db");
+        File f = new File("./target/data/odc.h2.db");
         if (f.exists() && f.isFile() && f.length() < 71680) {
             System.err.println("------------------------------------------------");
             System.err.println("------------------------------------------------");
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineModeIT.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineModeIT.java
index ab5a6cb7a..f1343adfd 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineModeIT.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineModeIT.java
@@ -116,6 +116,11 @@ public class EngineModeIT extends BaseTest {
         assertThat(Files.exists(directory), is(true));
         assertThat(Files.isDirectory(directory), is(true));
         Path database = directory.resolve(Settings.getString(Settings.KEYS.DB_FILE_NAME));
+        System.err.println(database.toString());
+        for (String f : directory.toFile().list()) {
+            System.err.println(f);
+        }
+
         assertThat(Files.exists(database), is(exists));
     }
 }
diff --git a/dependency-check-core/src/test/resources/dependencycheck.properties b/dependency-check-core/src/test/resources/dependencycheck.properties
index 3c2003fe4..c0426a9e6 100644
--- a/dependency-check-core/src/test/resources/dependencycheck.properties
+++ b/dependency-check-core/src/test/resources/dependencycheck.properties
@@ -16,9 +16,9 @@ engine.version.url=https://jeremylong.github.io/DependencyCheck/current.txt
 # below contains a %s then the data.directory will replace the %s.
 data.directory=[JAR]/data
 #if the filename has a %s it will be replaced with the current expected version
-data.file_name=dc.h2.db
+data.file_name=odc.h2.db
 data.version=3.0
-data.connection_string=jdbc:h2:file:%s;FILE_LOCK=SERIALIZED;AUTOCOMMIT=ON;
+data.connection_string=jdbc:h2:file:%s;MV_STORE=FALSE;AUTOCOMMIT=ON;
 #data.connection_string=jdbc:mysql://localhost:3306/dependencycheck
 
 # user name and password for the database connection. The inherent case is to use H2.
diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/PurgeMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/PurgeMojo.java
index 87f551140..98b5b3fcf 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/PurgeMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/PurgeMojo.java
@@ -73,7 +73,7 @@ public class PurgeMojo extends BaseDependencyCheckMojo {
             populateSettings();
             File db;
             try {
-                db = new File(Settings.getDataDirectory(), "dc.h2.db");
+                db = new File(Settings.getDataDirectory(), Settings.getString(Settings.KEYS.DB_FILE_NAME, "odc.h2.db"));
                 if (db.exists()) {
                     if (db.delete()) {
                         getLog().info("Database file purged; local copy of the NVD has been removed");
diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
index f8bf932cc..66e8e7083 100644
--- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
+++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
@@ -1010,7 +1010,7 @@ public final class Settings {
             // yes, for H2 this path won't actually exists - but this is sufficient to get the value needed
             final File dbFile = new File(directory, fileName);
             final String cString = String.format(connStr, dbFile.getCanonicalPath());
-            LOGGER.debug("Connection String: '{}'", cString);
+            LOGGER.error("Connection String: '{}'", cString);
             return cString;
         }
         return connStr;
diff --git a/dependency-check-utils/src/test/resources/dependencycheck.properties b/dependency-check-utils/src/test/resources/dependencycheck.properties
index 4da62d632..e60da2581 100644
--- a/dependency-check-utils/src/test/resources/dependencycheck.properties
+++ b/dependency-check-utils/src/test/resources/dependencycheck.properties
@@ -15,9 +15,9 @@ engine.version.url=http://jeremylong.github.io/DependencyCheck/current.txt
 # will not be used. The data.directory will be resolved and if the connection string
 # below contains a %s then the data.directory will replace the %s.
 data.directory=[JAR]/data
-data.file_name=dc.h2.db
+data.file_name=odc.h2.db
 data.version=3.0
-data.connection_string=jdbc:h2:file:%s;FILE_LOCK=SERIALIZED;AUTOCOMMIT=ON;
+data.connection_string=jdbc:h2:file:%s;MV_STORE=FALSE;AUTOCOMMIT=ON;
 #data.connection_string=jdbc:h2:file:%s;AUTO_SERVER=TRUE;AUTOCOMMIT=ON;
 #data.connection_string=jdbc:mysql://localhost:3306/dependencycheck
 
diff --git a/pom.xml b/pom.xml
index 3b0073c28..0708f71fa 100644
--- a/pom.xml
+++ b/pom.xml
@@ -624,7 +624,7 @@ Copyright (c) 2012 - Jeremy Long
             <dependency>
                 <groupId>com.h2database</groupId>
                 <artifactId>h2</artifactId>
-                <version>1.3.176</version>
+                <version>1.4.196</version>
             </dependency>
             <dependency>
                 <groupId>commons-cli</groupId>