fixed issue with data directory and made a few other minor changes

Former-commit-id: 46f89f4deb6b0b55f34ee61c61424f87bf0334d8

dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java

@@ -29,7 +29,6 @@ import org.apache.commons.cli.OptionGroup;
 import org.apache.commons.cli.Options;
 import org.apache.commons.cli.ParseException;
 import org.apache.commons.cli.PosixParser;
-import org.owasp.dependencycheck.reporting.ReportGenerator;
 import org.owasp.dependencycheck.reporting.ReportGenerator.Format;
 import org.owasp.dependencycheck.utils.Settings;
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/Index.java

@@ -66,13 +66,12 @@ public class Index extends AbstractIndex {
      * @throws IOException is thrown if an IOException occurs of course...
      */
     public File getDataDirectory() throws IOException {
-        final String fileName = Settings.getString(Settings.KEYS.CPE_DATA_DIRECTORY);
+        final File path = Settings.getFile(Settings.KEYS.CPE_DATA_DIRECTORY);
-        final String dataDirectory = Settings.getString(Settings.KEYS.DATA_DIRECTORY);
+        if (!path.exists()) {
-        //final File path = FileUtils.getDataDirectory(fileName, Index.class);
+            if (!path.mkdirs()) {
-        final File path = new File(dataDirectory, fileName);
-        if (!path.exists() && !path.mkdirs()) {
                 throw new IOException("Unable to create CPE Data directory");
             }
+        }
         return path;
     }
 

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java

@@ -523,9 +523,7 @@ public class CveDB {
      * @throws IOException is thrown if an IOException occurs of course...
      */
     public static File getDataDirectory() throws IOException {
-        final String fileName = Settings.getString(Settings.KEYS.CVE_DATA_DIRECTORY);
+        final File path = Settings.getFile(Settings.KEYS.CVE_DATA_DIRECTORY);
-        final String dataDirectory = Settings.getString(Settings.KEYS.DATA_DIRECTORY);
-        final File path = new File(dataDirectory, fileName);
         if (!path.exists()) {
             if (!path.mkdirs()) {
                 throw new IOException("Unable to create NVD CVE Data directory");

dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java

@@ -23,6 +23,8 @@ import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
 import java.util.Properties;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -252,16 +254,48 @@ public final class Settings {
      * argument - this method will return the value from the system properties
      * before the values in the contained configuration file.
      *
+     * This method will also replace a leading "[JAR]\" sequence with the path
+     * to the folder containing the JAR file containing this class.
+     *
      * @param key the key to lookup within the properties file
      * @return the property from the properties file converted to a File object
+     * @throws IOException thrown if the file path to the JAR cannot be found
      */
-    public static File getFile(String key) {
+    public static File getFile(String key) throws IOException {
+        final String file = getString(key);
         final String baseDir = getString(Settings.KEYS.DATA_DIRECTORY);
-        final String tmp = getString(key);
         if (baseDir != null) {
-            return new File(baseDir, tmp);
+            if (baseDir.startsWith("[JAR]/")) {
+                final File jarPath = getJarPath();
+                final File newBase = new File(jarPath.getCanonicalPath(), baseDir.substring(6));
+                return new File(newBase, file);
+            }
+            return new File(baseDir, file);
+        }
+        return new File(file);
+    }
+
+    /**
+     * Attempts to retrieve the folder containing the Jar file containing the
+     * Settings class.
+     *
+     * @return a File object
+     */
+    private static File getJarPath() {
+        final String jarPath = Settings.class.getProtectionDomain().getCodeSource().getLocation().getPath();
+        String decodedPath = ".";
+        try {
+            decodedPath = URLDecoder.decode(jarPath, "UTF-8");
+        } catch (UnsupportedEncodingException ex) {
+            Logger.getLogger(Settings.class.getName()).log(Level.FINEST, null, ex);
+        }
+
+        final File path = new File(decodedPath);
+        if (path.getName().toLowerCase().endsWith(".jar")) {
+            return path.getParentFile();
+        } else {
+            return new File(".");
         }
-        return new File(tmp);
     }
 
     /**

dependency-check-core/src/main/resources/dependencycheck.properties

@@ -5,8 +5,8 @@ autoupdate=true
 #temp.directory defaults to System.getProperty("java.io.tmpdir")
 #temp.directory=[path to temp directory]
 
-# the path to the data directory
+# the path to the data directory; if tis
-data.directory=data
+data.directory=[JAR]/data
 # the path to the lucene index to store the cpe data
 data.cpe=cpe
 # the path to the h2 database to store the nvd cve data

dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java

@@ -67,7 +67,7 @@ public class DownloaderIntegrationTest {
         String outputPath = "target/downloaded_cpe.xml";
         Downloader.fetchFile(url, outputPath, true);
 
-        url = new URL("http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2010.xml");
+        url = new URL(Settings.getString(Settings.KEYS.CVE_MODIFIED_20_URL));
         outputPath = "target/downloaded_cve.xml";
         Downloader.fetchFile(url, outputPath, false);
 

dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java

@@ -67,7 +67,7 @@ public class SettingsTest {
      * Test of getFile method, of class Settings.
      */
     @Test
-    public void testGetFile() {
+    public void testGetFile() throws IOException {
         String key = Settings.KEYS.CPE_DATA_DIRECTORY;
         String expResult = "data" + File.separator + "cpe";
         File result = Settings.getFile(key);

dependency-check-maven/pom.xml

@@ -279,6 +279,11 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
             <artifactId>maven-core</artifactId>
             <version>3.0</version>
         </dependency>
+        <dependency>
+            <groupId>org.apache.maven.plugins</groupId>
+            <artifactId>maven-site-plugin</artifactId>
+            <version>3.0</version>
+        </dependency>
         <dependency>
             <groupId>org.apache.maven.plugin-tools</groupId>
             <artifactId>maven-plugin-annotations</artifactId>

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java

@@ -67,6 +67,10 @@ import org.owasp.dependencycheck.utils.Settings;
         requiresOnline = true)
 public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageReport {
 
+    /**
+     * The properties file location.
+     */
+    private static final String PROPERTIES_FILE = "mojo.properties";
     /**
      * Name of the logging properties file.
      */
@@ -619,6 +623,23 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
      * proxy url, port, and connection timeout.
      */
     private void populateSettings() {
+        InputStream mojoProperties = null;
+        try {
+            mojoProperties = this.getClass().getClassLoader().getResourceAsStream(PROPERTIES_FILE);
+            Settings.mergeProperties(mojoProperties);
+        } catch (IOException ex) {
+            Logger.getLogger(DependencyCheckMojo.class.getName()).log(Level.WARNING, "Unable to load the dependency-check ant task.properties file.");
+            Logger.getLogger(DependencyCheckMojo.class.getName()).log(Level.FINE, null, ex);
+        } finally {
+            if (mojoProperties != null) {
+                try {
+                    mojoProperties.close();
+                } catch (IOException ex) {
+                    Logger.getLogger(DependencyCheckMojo.class.getName()).log(Level.FINEST, null, ex);
+                }
+            }
+        }
+
         Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
 
         if (proxyUrl != null && !proxyUrl.isEmpty()) {

dependency-check-maven/src/main/resources/mojo.properties

@@ -0,0 +1,2 @@
+# the path to the data directory
+data.directory=[JAR]/../../dependency-check-data

dependency-check-maven/src/test/java/org/owasp/dependencycheck/maven/MySink.java

@@ -23,7 +23,9 @@ import java.io.OutputStream;
 import java.io.OutputStreamWriter;
 import java.util.logging.Level;
 import java.util.logging.Logger;
+import org.apache.maven.doxia.logging.Log;
 import org.apache.maven.doxia.sink.Sink;
+import org.apache.maven.doxia.sink.SinkEventAttributes;
 
 /**
  *
@@ -419,4 +421,179 @@ public class MySink implements Sink {
             Logger.getLogger(MySink.class.getName()).log(Level.FINEST, null, ex);
         }
     }
+
+    @Override
+    public void head(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void title(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void author(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void date(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void body(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void section(int i, SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void section_(int i) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void sectionTitle(int i, SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void sectionTitle_(int i) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void list(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void listItem(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void numberedList(int i, SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void numberedListItem(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void definitionList(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void definitionListItem(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void definition(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void definedTerm(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void figure(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void figureCaption(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void figureGraphics(String string, SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void table(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void tableRow(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void tableCell(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void tableHeaderCell(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void tableCaption(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void paragraph(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void verbatim(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void horizontalRule(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void anchor(String string, SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void link(String string, SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void lineBreak(SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void text(String string, SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void comment(String string) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void unknown(String string, Object[] os, SinkEventAttributes sea) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void enableLogging(Log log) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
 }

pom.xml

@@ -209,6 +209,20 @@ along with Dependency-Check.  If not, see <http://www.gnu.org/licenses />.
                 </executions>
             </plugin>
             <!-- end copy -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-gpg-plugin</artifactId>
+                <version>1.4</version>
+                <executions>
+                    <execution>
+                        <id>sign-artifacts</id>
+                        <phase>verify</phase>
+                        <goals>
+                            <goal>sign</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
     </build>
     <dependencies>