From a641c9858cef64be253543ba3f20aae52e8cd199 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sat, 16 Nov 2013 23:05:23 -0500 Subject: [PATCH] removed CPE from database updates Former-commit-id: 0243c4b17c672afd10f77db9edb8a92ea9eeb764 --- .../data/nvdcve/NvdCve20Handler.java | 19 ------------- .../data/update/AbstractUpdateTask.java | 28 ++----------------- .../data/update/DatabaseUpdater.java | 26 ----------------- .../data/update/StandardUpdateTask.java | 1 - 4 files changed, 2 insertions(+), 72 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCve20Handler.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCve20Handler.java index aa9c06ed5..9cd30929b 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCve20Handler.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCve20Handler.java @@ -24,7 +24,6 @@ import java.util.Map; import java.util.logging.Level; import java.util.logging.Logger; import org.apache.lucene.index.CorruptIndexException; -import org.owasp.dependencycheck.data.cpe.CpeIndexWriter; import org.owasp.dependencycheck.dependency.Reference; import org.owasp.dependencycheck.dependency.Vulnerability; import org.owasp.dependencycheck.dependency.VulnerableSoftware; @@ -260,26 +259,8 @@ public class NvdCve20Handler extends DefaultHandler { vuln.updateVulnerableSoftware(vs); } } - for (VulnerableSoftware vs : vuln.getVulnerableSoftware()) { - if (cpeIndex != null) { - cpeIndex.saveEntry(vs); - } - } cveDB.updateVulnerability(vuln); } - /** - * the cpe index. - */ - private CpeIndexWriter cpeIndex; - - /** - * Sets the cpe index writer. - * - * @param index the CPE Lucene Index - */ - public void setCpeIndex(CpeIndexWriter index) { - cpeIndex = index; - } // /** diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/AbstractUpdateTask.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/AbstractUpdateTask.java index d2409d618..0e25e9e40 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/AbstractUpdateTask.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/AbstractUpdateTask.java @@ -30,7 +30,6 @@ import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.SAXParser; import javax.xml.parsers.SAXParserFactory; import org.owasp.dependencycheck.data.UpdateException; -import org.owasp.dependencycheck.data.cpe.CpeIndexWriter; import org.owasp.dependencycheck.data.nvdcve.CveDB; import org.owasp.dependencycheck.utils.FileUtils; import org.owasp.dependencycheck.utils.Settings; @@ -92,19 +91,6 @@ public abstract class AbstractUpdateTask implements UpdateTask { protected CveDB getCveDB() { return cveDB; } - /** - * Reference to the Cpe Index. - */ - private CpeIndexWriter cpeIndex = null; - - /** - * Returns the CpeIndex. - * - * @return the CpeIndex - */ - protected CpeIndexWriter getCpeIndex() { - return cpeIndex; - } /** * Gets whether or not an update is needed. @@ -199,13 +185,6 @@ public abstract class AbstractUpdateTask implements UpdateTask { Logger.getLogger(AbstractUpdateTask.class.getName()).log(Level.FINEST, "Error closing the cveDB", ignore); } } - if (cpeIndex != null) { - try { - cpeIndex.close(); - } catch (Exception ignore) { - Logger.getLogger(AbstractUpdateTask.class.getName()).log(Level.FINEST, "Error closing the cpeIndex", ignore); - } - } } /** @@ -218,8 +197,6 @@ public abstract class AbstractUpdateTask implements UpdateTask { try { cveDB = new CveDB(); cveDB.open(); - cpeIndex = new CpeIndexWriter(); - cpeIndex.open(); } catch (IOException ex) { closeDataStores(); Logger.getLogger(AbstractUpdateTask.class.getName()).log(Level.FINE, "IO Error opening databases", ex); @@ -269,8 +246,8 @@ public abstract class AbstractUpdateTask implements UpdateTask { * @throws ClassNotFoundException thrown if the h2 database driver cannot be * loaded */ - protected void importXML(File file, File oldVersion) - throws ParserConfigurationException, SAXException, IOException, SQLException, DatabaseException, ClassNotFoundException { + protected void importXML(File file, File oldVersion) throws ParserConfigurationException, + SAXException, IOException, SQLException, DatabaseException, ClassNotFoundException { final SAXParserFactory factory = SAXParserFactory.newInstance(); final SAXParser saxParser = factory.newSAXParser(); @@ -282,7 +259,6 @@ public abstract class AbstractUpdateTask implements UpdateTask { final NvdCve20Handler cve20Handler = new NvdCve20Handler(); cve20Handler.setCveDB(cveDB); cve20Handler.setPrevVersionVulnMap(prevVersionVulnMap); - cve20Handler.setCpeIndex(cpeIndex); saxParser.parse(file, cve20Handler); } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/DatabaseUpdater.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/DatabaseUpdater.java index 5239a623f..ff87d7f3e 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/DatabaseUpdater.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/DatabaseUpdater.java @@ -24,9 +24,6 @@ import org.owasp.dependencycheck.data.CachedWebDataSource; import java.net.MalformedURLException; import java.util.logging.Level; import java.util.logging.Logger; -import org.owasp.dependencycheck.concurrency.DirectoryLockException; -import org.owasp.dependencycheck.concurrency.DirectorySpinLock; -import org.owasp.dependencycheck.concurrency.InvalidDirectoryException; import org.owasp.dependencycheck.data.UpdateException; import org.owasp.dependencycheck.utils.DownloadFailedException; import org.owasp.dependencycheck.utils.FileUtils; @@ -48,24 +45,9 @@ public class DatabaseUpdater implements CachedWebDataSource { */ @Override public void update() throws UpdateException { - final File dataDir = Settings.getFile(Settings.KEYS.DATA_DIRECTORY); - DirectorySpinLock lock = null; try { - lock = new DirectorySpinLock(dataDir); - } catch (InvalidDirectoryException ex) { - throw new UpdateException("Unable to obtain lock on the data directory", ex); - } catch (DirectoryLockException ex) { - throw new UpdateException("Unable to obtain exclusive lock on the data directory", ex); - } - - try { - lock.obtainSharedLock(); final UpdateTask task = UpdateTaskFactory.getUpdateTask(); - - if (task.isUpdateNeeded()) { - lock.release(); - lock.obtainExclusiveLock(); if (task.shouldDeleteAndRecreate()) { try { deleteExistingData(); @@ -76,10 +58,6 @@ public class DatabaseUpdater implements CachedWebDataSource { } task.update(); } - } catch (DirectoryLockException ex) { - Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING, - "Unable to obtain lock on data directory, unable to update the data to use the most current data."); - Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, null, ex); } catch (MalformedURLException ex) { Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING, "NVD CVE properties files contain an invalid URL, unable to update the data to use the most current data."); @@ -88,10 +66,6 @@ public class DatabaseUpdater implements CachedWebDataSource { Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING, "Unable to download the NVD CVE data, unable to update the data to use the most current data."); Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, null, ex); - } finally { - if (lock != null) { - lock.release(); - } } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdateTask.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdateTask.java index 43b24b06c..5c50ee9a5 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdateTask.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdateTask.java @@ -110,7 +110,6 @@ public class StandardUpdateTask extends AbstractUpdateTask { importXML(outputPath, outputPath12); getCveDB().commit(); - getCpeIndex().commit(); getProperties().save(cve); Logger.getLogger(StandardUpdateTask.class.getName()).log(Level.INFO,