diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java index 19b71ed8b..8d86230ca 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java @@ -170,10 +170,11 @@ public class CveDB { } /** - * Creates the database structure (tables and indexes) to store the CVE data + * Creates the database structure (tables and indexes) to store the CVE + * data. * - * @throws SQLException thrown if there is a sql exception - * @throws DatabaseException thrown if there is a database exception + * @throws SQLException thrown if there is a SQL Exception + * @throws DatabaseException thrown if there is a Database Exception */ public void createTables() throws SQLException, DatabaseException { InputStream is; @@ -232,7 +233,7 @@ public class CveDB { private DatabaseProperties databaseProperties; /** - * Get the value of databaseProperties + * Get the value of databaseProperties. * * @return the value of databaseProperties */ @@ -373,7 +374,8 @@ public class CveDB { cpe.add(vs); } } catch (SQLException ex) { - Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, "unexpected SQL Exception occured; please see the verbose log for more details."); + final String msg = "An unexpected SQL Exception occured; please see the verbose log for more details."; + Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, msg); Logger.getLogger(CveDB.class.getName()).log(Level.FINE, null, ex); } finally { DBUtils.closeResultSet(rs); @@ -393,7 +395,8 @@ public class CveDB { final PreparedStatement ps = getConnection().prepareStatement(SELECT_VENDOR_PRODUCT_LIST); rs = ps.executeQuery(); } catch (SQLException ex) { - Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, "unexpected SQL Exception occured; please see the verbose log for more details."); + final String msg = "An unexpected SQL Exception occured; please see the verbose log for more details."; + Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, msg); Logger.getLogger(CveDB.class.getName()).log(Level.FINE, null, ex); } // can't close the statement in the PS as the resultset is returned, closing PS would close the resultset return rs; @@ -405,7 +408,7 @@ public class CveDB { * @return the properties from the database */ Properties getProperties() { - Properties prop = new Properties(); + final Properties prop = new Properties(); ResultSet rs = null; try { final PreparedStatement ps = getConnection().prepareStatement(SELECT_PROPERTIES); @@ -414,7 +417,8 @@ public class CveDB { prop.setProperty(rs.getString(1), rs.getString(2)); } } catch (SQLException ex) { - Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, "unexpected SQL Exception occured; please see the verbose log for more details."); + final String msg = "An unexpected SQL Exception occured; please see the verbose log for more details."; + Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, msg); Logger.getLogger(CveDB.class.getName()).log(Level.FINE, null, ex); } finally { DBUtils.closeResultSet(rs); @@ -782,7 +786,8 @@ public class CveDB { ps.executeUpdate(); } } catch (SQLException ex) { - Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, "unexpected SQL Exception occured; please see the verbose log for more details."); + final String msg = "An unexpected SQL Exception occured; please see the verbose log for more details."; + Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, msg); Logger.getLogger(CveDB.class.getName()).log(Level.FINE, null, ex); } finally { DBUtils.closeStatement(ps); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CallableDownloadTask.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CallableDownloadTask.java index 4b733d02a..542c200be 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CallableDownloadTask.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CallableDownloadTask.java @@ -27,7 +27,6 @@ import java.util.concurrent.ExecutorService; import java.util.concurrent.Future; import java.util.logging.Level; import java.util.logging.Logger; -import org.owasp.dependencycheck.data.UpdateException; import org.owasp.dependencycheck.data.nvdcve.CveDB; import org.owasp.dependencycheck.utils.DownloadFailedException; import org.owasp.dependencycheck.utils.Downloader; @@ -187,7 +186,7 @@ public class CallableDownloadTask implements Callable> { msg = String.format("Download Complete for NVD CVE - %s", nvdCveInfo.getId()); Logger.getLogger(CallableDownloadTask.class.getName()).log(Level.INFO, msg); - final ProcessTask task = new ProcessTask(cveDB, properties, this); + final ProcessTask task = new ProcessTask(cveDB, this); return this.processorService.submit(task); } catch (Throwable ex) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/ProcessTask.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/ProcessTask.java index e48e5eeb5..9b2063e8c 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/ProcessTask.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/ProcessTask.java @@ -80,12 +80,26 @@ public class ProcessTask implements Callable { */ private final DatabaseProperties properties; - public ProcessTask(final CveDB cveDB, final DatabaseProperties properties, final CallableDownloadTask filePair) { + /** + * Constructs a new ProcessTask used to process an NVD CVE update. + * + * @param cveDB the data store object + * @param filePair the download task that contains the URL references to + * download + */ + public ProcessTask(final CveDB cveDB, final CallableDownloadTask filePair) { this.cveDB = cveDB; this.filePair = filePair; - this.properties = properties; + this.properties = cveDB.getDatabaseProperties(); } + /** + * Implements the callable interface. + * + * @return this object + * @throws Exception thrown if there is an exception; note that any + * UpdateExceptions are simply added to the tasks exception collection + */ @Override public ProcessTask call() throws Exception { try { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdate.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdate.java index 0d894fd0b..068d9dc58 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdate.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdate.java @@ -19,7 +19,6 @@ package org.owasp.dependencycheck.data.update; import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties; -import java.io.File; import java.io.IOException; import java.net.MalformedURLException; import java.sql.SQLException; @@ -40,7 +39,6 @@ import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.data.nvdcve.DatabaseException; import org.owasp.dependencycheck.utils.InvalidSettingException; import static org.owasp.dependencycheck.data.nvdcve.DatabaseProperties.MODIFIED; -import org.owasp.dependencycheck.utils.FileUtils; /** * Class responsible for updating the NVDCVE data store. @@ -360,7 +358,7 @@ public class StandardUpdate { * * @throws UpdateException thrown if a data store cannot be opened */ - final protected void openDataStores() throws UpdateException { + protected final void openDataStores() throws UpdateException { if (cveDB != null) { return; }