initial fix for CveDB singleton

dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseDBTestCase.java

@@ -53,11 +53,6 @@ public abstract class BaseDBTestCase extends BaseTest {
         ensureDBExists();
     }
 
-    @AfterClass
-    public static void tearDownClass() throws Exception {
-        CveDB.getInstance().closeDatabase();
-    }
-
     public static void ensureDBExists() throws Exception {
         File f = new File("./target/data/dc.h2.db");
         if (f.exists() && f.isFile() && f.length() < 71680) {

dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineIntegrationTest.java

@@ -73,6 +73,7 @@ public class EngineIntegrationTest extends BaseDBTestCase {
         }
         CveDB cveDB = CveDB.getInstance();
         DatabaseProperties dbProp = cveDB.getDatabaseProperties();
+        CveDB.close();
         ReportGenerator rg = new ReportGenerator("DependencyCheck", instance.getDependencies(), instance.getAnalyzers(), dbProp);
         rg.generateReports("./target/", "ALL");
         instance.cleanup();

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java

@@ -53,7 +53,7 @@ import org.owasp.dependencycheck.exception.InitializationException;
  * @author Dale Visser
  */
 public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
-
+    
     private static final Logger LOGGER = LoggerFactory.getLogger(RubyBundleAuditAnalyzerTest.class);
 
     /**
@@ -117,7 +117,7 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
             analyzer.analyze(result, engine);
             int size = engine.getDependencies().size();
             assertTrue(size >= 1);
-
+            
             Dependency dependency = engine.getDependencies().get(0);
             assertTrue(dependency.getProductEvidence().toString().toLowerCase().contains("redcarpet"));
             assertTrue(dependency.getVersionEvidence().toString().toLowerCase().contains("2.2.2"));
@@ -136,16 +136,16 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
     public void testAddCriticalityToVulnerability() throws AnalysisException, DatabaseException {
         try {
             analyzer.initialize();
-
+            
             final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
                     "ruby/vulnerable/gems/sinatra/Gemfile.lock"));
             final Engine engine = new Engine();
             analyzer.analyze(result, engine);
-
+            
             Dependency dependency = engine.getDependencies().get(0);
             Vulnerability vulnerability = dependency.getVulnerabilities().first();
             assertEquals(vulnerability.getCvssScore(), 5.0f, 0.0);
-
+            
         } catch (InitializationException | DatabaseException | AnalysisException e) {
             LOGGER.warn("Exception setting up RubyBundleAuditAnalyzer. Make sure Ruby gem bundle-audit is installed. You may also need to set property \"analyzer.bundle.audit.path\".");
             Assume.assumeNoException("Exception setting up RubyBundleAuditAnalyzer; bundle audit may not be installed, or property \"analyzer.bundle.audit.path\" may not be set.", e);
@@ -166,6 +166,7 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
             analyzer.initialize();
         } catch (Exception e) {
             //expected, so ignore.
+            LOGGER.error("Exception", e);
         } finally {
             assertThat(analyzer.isEnabled(), is(false));
             LOGGER.info("phantom-bundle-audit is not available. Ruby Bundle Audit Analyzer is disabled as expected.");
@@ -197,14 +198,14 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
         while (dIterator.hasNext()) {
             Dependency dept = dIterator.next();
             LOGGER.info("dept path: " + dept.getActualFilePath());
-
+            
             Set<Identifier> identifiers = dept.getIdentifiers();
             Iterator<Identifier> idIterator = identifiers.iterator();
             while (idIterator.hasNext()) {
                 Identifier id = idIterator.next();
                 LOGGER.info("  Identifier: " + id.getValue() + ", type=" + id.getType() + ", url=" + id.getUrl() + ", conf=" + id.getConfidence());
             }
-
+            
             Set<Evidence> prodEv = dept.getProductEvidence().getEvidence();
             Iterator<Evidence> it = prodEv.iterator();
             while (it.hasNext()) {
@@ -217,7 +218,7 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
                 Evidence e = vIt.next();
                 LOGGER.info("  version: name=" + e.getName() + ", value=" + e.getValue() + ", source=" + e.getSource() + ", confidence=" + e.getConfidence());
             }
-
+            
             Set<Evidence> vendorEv = dept.getVendorEvidence().getEvidence();
             Iterator<Evidence> vendorIt = vendorEv.iterator();
             while (vendorIt.hasNext()) {

dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/CveDBIntegrationTest.java

@@ -51,6 +51,8 @@ public class CveDBIntegrationTest extends BaseDBTestCase {
             instance.commit();
         } catch (DatabaseException | SQLException ex) {
             fail(ex.getMessage());
+        } finally {
+            CveDB.close();
         }
     }
 
@@ -64,6 +66,7 @@ public class CveDBIntegrationTest extends BaseDBTestCase {
         String product = "struts";
         Set<VulnerableSoftware> result = instance.getCPEs(vendor, product);
         assertTrue(result.size() > 5);
+        CveDB.close();
     }
 
     /**
@@ -74,6 +77,7 @@ public class CveDBIntegrationTest extends BaseDBTestCase {
         CveDB instance = CveDB.getInstance();
         Vulnerability result = instance.getVulnerability("CVE-2014-0094");
         assertEquals("The ParametersInterceptor in Apache Struts before 2.3.16.1 allows remote attackers to \"manipulate\" the ClassLoader via the class parameter, which is passed to the getClass method.", result.getDescription());
+        CveDB.close();
     }
 
     /**
@@ -110,6 +114,7 @@ public class CveDBIntegrationTest extends BaseDBTestCase {
             }
         }
         assertTrue("Expected " + expected + ", but was not identified", found);
+        CveDB.close();
     }
 
     /**
@@ -165,5 +170,6 @@ public class CveDBIntegrationTest extends BaseDBTestCase {
         identifiedVersion = new DependencyVersion("1.6.3");
         results = instance.getMatchingSoftware(versions, "springsource", "spring_framework", identifiedVersion);
         assertNotNull(results);
+        CveDB.close();
     }
 }

dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/CveDBMySQLTest.java

@@ -44,6 +44,8 @@ public class CveDBMySQLTest extends BaseTest {
         } catch (DatabaseException ex) {
             System.out.println("Unable to connect to the My SQL database; verify that the db server is running and that the schema has been generated");
             fail(ex.getMessage());
+        } finally {
+            CveDB.close();
         }
     }
 
@@ -61,6 +63,8 @@ public class CveDBMySQLTest extends BaseTest {
         } catch (Exception ex) {
             System.out.println("Unable to access the My SQL database; verify that the db server is running and that the schema has been generated");
             throw ex;
+        } finally {
+            CveDB.close();
         }
     }
 
@@ -77,6 +81,8 @@ public class CveDBMySQLTest extends BaseTest {
         } catch (Exception ex) {
             System.out.println("Unable to access the My SQL database; verify that the db server is running and that the schema has been generated");
             throw ex;
-        } 
+        } finally {
+            CveDB.close();
+        }
     }
 }

dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DatabasePropertiesIntegrationTest.java

@@ -41,6 +41,7 @@ public class DatabasePropertiesIntegrationTest extends BaseDBTestCase {
         assertNotNull(instance);
         //no exception means the call worked... whether or not it is empty depends on if the db is new
         //assertEquals(expResult, result);
+        CveDB.close();
     }
 
     /**
@@ -59,6 +60,7 @@ public class DatabasePropertiesIntegrationTest extends BaseDBTestCase {
         instance = cveDB.reloadProperties();
         long results = Long.parseLong(instance.getProperty("NVD CVE " + key));
         assertEquals(expected, results);
+        CveDB.close();
     }
 
     /**
@@ -73,6 +75,7 @@ public class DatabasePropertiesIntegrationTest extends BaseDBTestCase {
         String expResult = "default";
         String result = instance.getProperty(key, defaultValue);
         assertEquals(expResult, result);
+        CveDB.close();
     }
 
     /**
@@ -87,6 +90,7 @@ public class DatabasePropertiesIntegrationTest extends BaseDBTestCase {
         double version = Double.parseDouble(result);
         assertTrue(version >= 2.8);
         assertTrue(version <= 10);
+        CveDB.close();
     }
 
     /**
@@ -98,5 +102,6 @@ public class DatabasePropertiesIntegrationTest extends BaseDBTestCase {
         DatabaseProperties instance = cveDB.getDatabaseProperties();
         Properties result = instance.getProperties();
         assertTrue(result.size() > 0);
+        CveDB.close();
     }
 }

dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorIntegrationTest.java

@@ -149,6 +149,7 @@ public class ReportGeneratorIntegrationTest extends BaseDBTestCase {
             
             ReportGenerator generator = new ReportGenerator("Test Report", engine.getDependencies(), engine.getAnalyzers(), dbProp);
             generator.generateReport(templateName, writeTo);
+            CveDB.close();
             
             engine.cleanup();