github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-13 15:23:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/jeremylong/DependencyCheck

Browse Source 
Former-commit-id: 9189529fca392ee1ef0b810528288e243dcdb6e4
This commit is contained in:
Jeremy Long
2013-05-27 09:07:18 -04:00
parent e6efe6e610 dbc862ad39
commit a5dc79dffe
7 changed files with 133 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/main/java/org/owasp/dependencycheck/data/cpe/Index.java
View File

@@ -20,7 +20,6 @@ package org.owasp.dependencycheck.data.cpe;
import java.io.File;
import java.io.IOException;
import java.net.URLDecoder;
import java.util.HashMap;
import java.util.Map;
import org.apache.lucene.analysis.Analyzer;
@@ -37,6 +36,7 @@ import org.apache.lucene.store.Directory;
import org.apache.lucene.store.FSDirectory;
import org.apache.lucene.util.Version;
import org.owasp.dependencycheck.data.lucene.AbstractIndex;
import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.data.lucene.FieldAnalyzer;
import org.owasp.dependencycheck.data.lucene.SearchFieldAnalyzer;
@@ -70,16 +70,7 @@ public class Index extends AbstractIndex {
*/
public File getDataDirectory() throws IOException {
final String fileName = Settings.getString(Settings.KEYS.CPE_INDEX);
final String filePath = Index.class.getProtectionDomain().getCodeSource().getLocation().getPath();
final String decodedPath = URLDecoder.decode(filePath, "UTF-8");
File exePath = new File(decodedPath);
if (exePath.getName().toLowerCase().endsWith(".jar")) {
exePath = exePath.getParentFile();
} else {
exePath = new File(".");
}
File path = new File(exePath.getCanonicalFile() + File.separator + fileName);
path = new File(path.getCanonicalPath());
File path = FileUtils.getDataDirectory(fileName, Index.class);
if (!path.exists()) {
if (!path.mkdirs()) {
throw new IOException("Unable to create CPE Data directory");

15
src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
View File

@@ -21,7 +21,6 @@ package org.owasp.dependencycheck.data.nvdcve;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.sql.CallableStatement;
import java.sql.Connection;
import java.sql.DriverManager;
@@ -37,6 +36,7 @@ import org.owasp.dependencycheck.data.cwe.CweDB;
import org.owasp.dependencycheck.dependency.Reference;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.Settings;
/**
@@ -408,18 +408,7 @@ public class CveDB {
*/
public static File getDataDirectory() throws IOException {
final String fileName = Settings.getString(Settings.KEYS.CVE_INDEX);
final String filePath = CveDB.class.getProtectionDomain().getCodeSource().getLocation().getPath();
final String decodedPath = URLDecoder.decode(filePath, "UTF-8");
File exePath = new File(decodedPath);
if (exePath.getName().toLowerCase().endsWith(".jar")) {
exePath = exePath.getParentFile();
} else {
exePath = new File(".");
}
File path = new File(exePath.getCanonicalFile() + File.separator + fileName);
path = new File(path.getCanonicalPath());
File path = FileUtils.getDataDirectory(fileName, CveDB.class);
if (!path.exists()) {
if (!path.mkdirs()) {
throw new IOException("Unable to create NVD CVE Data directory");

1
src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java
View File

@@ -100,6 +100,7 @@ public class ReportGenerator {
*/
private VelocityEngine createVelocityEngine() {
final VelocityEngine ve = new VelocityEngine();
ve.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, VelocityLoggerRedirect.class.getName());
ve.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
ve.setProperty("classpath.resource.loader.class", ClasspathResourceLoader.class.getName());
return ve;

93
src/main/java/org/owasp/dependencycheck/reporting/VelocityLoggerRedirect.java Normal file
View File

@@ -0,0 +1,93 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.reporting;
import org.apache.velocity.app.Velocity;
import org.apache.velocity.runtime.RuntimeServices;
import org.apache.velocity.runtime.log.LogChute;
import java.util.logging.Level;
import java.util.logging.Logger;
/**
* DependencyCheck uses {@link java.util.logging.Logger} as a logging framework,
* and Apache Velocity uses a custom logging implementation that outputs to a
* file named velocity.log by default. This class is an implementation of a
* custom Velocity logger that redirects all velocity logging to the Java Logger
* class.
* <p/>
* This class was written to address permission issues when using DependencyCheck
* in a server environment (such as the Jenkins plugin). In some circumstances,
* Velocity would attempt to create velocity.log in an un-writable directory.
*
* @author Steve Springett (steve.springett@owasp.org)
*/
public class VelocityLoggerRedirect implements LogChute {
/**
* This will be invoked once by the LogManager
*/
public void init(RuntimeServices rsvc) {
// do nothing
}
/**
* Given a Velocity log level and message, this method will
* call the appropriate Logger level and log the specified values.
*/
public void log(int level, String message) {
Logger.getLogger(Velocity.class.getName()).log(getLevel(level), message);
}
/**
* Given a Velocity log level, message and Throwable, this method will
* call the appropriate Logger level and log the specified values.
*/
public void log(int level, String message, Throwable t) {
Logger.getLogger(Velocity.class.getName()).log(getLevel(level), message, t);
}
/**
* Will always return true. The property file will decide what level to log.
*/
public boolean isLevelEnabled(int level) {
return true;
}
/**
* Maps Velocity log levels to {@link Logger} values.
*/
private Level getLevel(int velocityLevel) {
switch (velocityLevel) {
case TRACE_ID:
return Level.ALL;
case DEBUG_ID:
return Level.FINE;
case INFO_ID:
return Level.INFO;
case WARN_ID:
return Level.WARNING;
case ERROR_ID:
return Level.SEVERE;
default:
return Level.INFO;
}
}
}

31
src/main/java/org/owasp/dependencycheck/utils/FileUtils.java
View File

@@ -21,6 +21,7 @@ package org.owasp.dependencycheck.utils;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.URLDecoder;
/**
* A collection of utilities for processing information about files.
@@ -67,4 +68,34 @@ public final class FileUtils {
throw new FileNotFoundException("Failed to delete file: " + file);
}
}
/**
* Returns the data directory. If a path was specified in dependencycheck.properties
* or was specified using the Settings object, and the path exists, that path will be
* returned as a File object. If it does not exist, then a File object will be created
* based on the file location of the JAR containing the specified class.
*
* @param configuredFilePath the configured relative or absolute path
* @param clazz the class whos path will be resolved
* @return a File object
* @throws IOException is thrown if the path could not be decoded
*/
public static File getDataDirectory(String configuredFilePath, Class clazz) throws IOException {
File file = new File(configuredFilePath);
if (file.exists() && file.isDirectory() && file.canWrite()) {
return new File(file.getCanonicalPath());
} else {
final String filePath = clazz.getProtectionDomain().getCodeSource().getLocation().getPath();
final String decodedPath = URLDecoder.decode(filePath, "UTF-8");
File exePath = new File(decodedPath);
if (exePath.getName().toLowerCase().endsWith(".jar")) {
exePath = exePath.getParentFile();
} else {
exePath = new File(".");
}
File path = new File(exePath.getCanonicalFile() + File.separator + configuredFilePath);
return new File(path.getCanonicalPath());
}
}
}

15
src/test/java/org/owasp/dependencycheck/data/cpe/BaseIndexTestCase.java
View File

@@ -18,20 +18,19 @@
*/
package org.owasp.dependencycheck.data.cpe;
import org.owasp.dependencycheck.data.cpe.Index;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.URLDecoder;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.Settings;
/**
@@ -59,17 +58,7 @@ public abstract class BaseIndexTestCase {
protected static File getDataDirectory() throws IOException {
String fileName = Settings.getString(Settings.KEYS.CPE_INDEX);
String filePath = Index.class.getProtectionDomain().getCodeSource().getLocation().getPath();
String decodedPath = URLDecoder.decode(filePath, "UTF-8");
File exePath = new File(decodedPath);
if (exePath.getName().toLowerCase().endsWith(".jar")) {
exePath = exePath.getParentFile();
} else {
exePath = new File(".");
}
File path = new File(exePath.getCanonicalFile() + File.separator + fileName);
path = new File(path.getCanonicalPath());
return path;
return FileUtils.getDataDirectory(fileName, Index.class);
}
public static void ensureIndexExists() throws Exception {

14
src/test/java/org/owasp/dependencycheck/data/nvdcve/BaseDBTestCase.java
View File

@@ -25,10 +25,10 @@ import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.URLDecoder;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import junit.framework.TestCase;
import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.Settings;
/**
@@ -49,17 +49,7 @@ public abstract class BaseDBTestCase extends TestCase {
protected static File getDataDirectory() throws IOException {
String fileName = Settings.getString(Settings.KEYS.CVE_INDEX);
String filePath = Index.class.getProtectionDomain().getCodeSource().getLocation().getPath();
String decodedPath = URLDecoder.decode(filePath, "UTF-8");
File exePath = new File(decodedPath);
if (exePath.getName().toLowerCase().endsWith(".jar")) {
exePath = exePath.getParentFile();
} else {
exePath = new File(".");
}
File path = new File(exePath.getCanonicalFile() + File.separator + fileName);
path = new File(path.getCanonicalPath());
return path;
return FileUtils.getDataDirectory(fileName, Index.class);
}
public static void ensureDBExists() throws Exception {