From a1db394d9353c0294927f2241b2a4aa7f1f70bbb Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 19 Apr 2014 08:21:59 -0400
Subject: [PATCH] added a mechanism to copy the global settings object to
 forked threads

Former-commit-id: 2932ae216d79d3cd08f4fb57695f3bd979c95c59
---
 .../data/update/StandardUpdate.java            |  2 +-
 .../data/update/task/CallableDownloadTask.java | 12 ++++++++++--
 .../data/update/task/ProcessTask.java          | 11 ++++++++++-
 .../owasp/dependencycheck/utils/Settings.java  | 18 ++++++++++++++++++
 4 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdate.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdate.java
index 2f090fa8c..930736e9d 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdate.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdate.java
@@ -118,7 +118,7 @@ public class StandardUpdate {
             final Set<Future<Future<ProcessTask>>> downloadFutures = new HashSet<Future<Future<ProcessTask>>>(maxUpdates);
             for (NvdCveInfo cve : updateable) {
                 if (cve.getNeedsUpdate()) {
-                    final CallableDownloadTask call = new CallableDownloadTask(cve, processExecutor, cveDB);
+                    final CallableDownloadTask call = new CallableDownloadTask(cve, processExecutor, cveDB, Settings.getInstance());
                     downloadFutures.add(downloadExecutors.submit(call));
                 }
             }
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/CallableDownloadTask.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/CallableDownloadTask.java
index e1d11536a..6a016dd55 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/CallableDownloadTask.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/CallableDownloadTask.java
@@ -45,10 +45,11 @@ public class CallableDownloadTask implements Callable<Future<ProcessTask>> {
      * @param processor the processor service to submit the downloaded files to
      * @param cveDB the CVE DB to use to store the vulnerability data
      */
-    public CallableDownloadTask(NvdCveInfo nvdCveInfo, ExecutorService processor, CveDB cveDB) {
+    public CallableDownloadTask(NvdCveInfo nvdCveInfo, ExecutorService processor, CveDB cveDB, Settings settings) {
         this.nvdCveInfo = nvdCveInfo;
         this.processorService = processor;
         this.cveDB = cveDB;
+        this.settings = settings;
 
         final File file1;
         final File file2;
@@ -75,6 +76,10 @@ public class CallableDownloadTask implements Callable<Future<ProcessTask>> {
      * The NVD CVE Meta Data.
      */
     private NvdCveInfo nvdCveInfo;
+    /**
+     * A reference to the global settings object.
+     */
+    private Settings settings;
 
     /**
      * Get the value of nvdCveInfo.
@@ -163,6 +168,7 @@ public class CallableDownloadTask implements Callable<Future<ProcessTask>> {
     @Override
     public Future<ProcessTask> call() throws Exception {
         try {
+            Settings.setInstance(settings);
             final URL url1 = new URL(nvdCveInfo.getUrl());
             final URL url2 = new URL(nvdCveInfo.getOldSchemaVersionUrl());
             String msg = String.format("Download Started for NVD CVE - %s", nvdCveInfo.getId());
@@ -180,13 +186,15 @@ public class CallableDownloadTask implements Callable<Future<ProcessTask>> {
             msg = String.format("Download Complete for NVD CVE - %s", nvdCveInfo.getId());
             Logger.getLogger(CallableDownloadTask.class.getName()).log(Level.INFO, msg);
 
-            final ProcessTask task = new ProcessTask(cveDB, this);
+            final ProcessTask task = new ProcessTask(cveDB, this, settings);
             return this.processorService.submit(task);
 
         } catch (Throwable ex) {
             final String msg = String.format("An exception occurred downloading NVD CVE - %s%nSome CVEs may not be reported.", nvdCveInfo.getId());
             Logger.getLogger(CallableDownloadTask.class.getName()).log(Level.WARNING, msg);
             Logger.getLogger(CallableDownloadTask.class.getName()).log(Level.FINE, "Download Task Failed", ex);
+        } finally {
+            Settings.cleanup();
         }
         return null;
     }
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/ProcessTask.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/ProcessTask.java
index f8a43806d..7ea150b40 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/ProcessTask.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/ProcessTask.java
@@ -37,6 +37,7 @@ import org.owasp.dependencycheck.data.update.exception.UpdateException;
 import org.owasp.dependencycheck.data.update.xml.NvdCve12Handler;
 import org.owasp.dependencycheck.data.update.xml.NvdCve20Handler;
 import org.owasp.dependencycheck.dependency.VulnerableSoftware;
+import org.owasp.dependencycheck.utils.Settings;
 import org.xml.sax.SAXException;
 
 /**
@@ -80,6 +81,10 @@ public class ProcessTask implements Callable<ProcessTask> {
      * A reference to the properties.
      */
     private final DatabaseProperties properties;
+    /**
+     * A reference to the global settings object.
+     */
+    private Settings settings;
 
     /**
      * Constructs a new ProcessTask used to process an NVD CVE update.
@@ -87,10 +92,11 @@ public class ProcessTask implements Callable<ProcessTask> {
      * @param cveDB the data store object
      * @param filePair the download task that contains the URL references to download
      */
-    public ProcessTask(final CveDB cveDB, final CallableDownloadTask filePair) {
+    public ProcessTask(final CveDB cveDB, final CallableDownloadTask filePair, Settings settings) {
         this.cveDB = cveDB;
         this.filePair = filePair;
         this.properties = cveDB.getDatabaseProperties();
+        this.settings = settings;
     }
 
     /**
@@ -103,9 +109,12 @@ public class ProcessTask implements Callable<ProcessTask> {
     @Override
     public ProcessTask call() throws Exception {
         try {
+            Settings.setInstance(settings);
             processFiles();
         } catch (UpdateException ex) {
             this.exception = ex;
+        } finally {
+            Settings.cleanup();
         }
         return this;
     }
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java
index 94f5b8ab8..d5b09f641 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java
@@ -258,6 +258,24 @@ public final class Settings {
         }
     }
 
+    /**
+     * Gets the underlying instance of the Settings object.
+     *
+     * @return the Settings object
+     */
+    public static Settings getInstance() {
+        return THREAD_LOCAL.get();
+    }
+
+    /**
+     * Sets the instance of the Settings object to use in this thread.
+     *
+     * @param instance the instance of the settings object to use in this thread
+     */
+    public static void setInstance(Settings instance) {
+        THREAD_LOCAL.set(instance);
+    }
+
     /**
      * Logs the properties. This will not log any properties that contain 'password' in the key.
      *