diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java
index d7e1f7c74..7c6be8a04 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java
@@ -23,12 +23,9 @@ import java.sql.SQLException;
import java.util.List;
import java.util.Set;
import org.owasp.dependencycheck.Engine;
-import org.owasp.dependencycheck.analyzer.AnalysisException;
-import org.owasp.dependencycheck.analyzer.AnalysisPhase;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.dependency.Identifier;
-import org.owasp.dependencycheck.analyzer.Analyzer;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/concurrency/DirectoryLockException.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/concurrency/DirectoryLockException.java
index 5985152a1..3fbc7ae95 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/concurrency/DirectoryLockException.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/concurrency/DirectoryLockException.java
@@ -25,6 +25,9 @@ package org.owasp.dependencycheck.concurrency;
*/
public class DirectoryLockException extends Exception {
+ /**
+ * Default serial version UID.
+ */
private static final long serialVersionUID = 1L;
/**
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/concurrency/DirectorySpinLock.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/concurrency/DirectorySpinLock.java
index 001f344bf..2261846ed 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/concurrency/DirectorySpinLock.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/concurrency/DirectorySpinLock.java
@@ -219,7 +219,7 @@ public class DirectorySpinLock implements Closeable /*, AutoCloseable*/ {
/**
* Releases any locks and closes the underlying channel.
*
- * @throws IOException
+ * @throws IOException if an IO Exception occurs
*/
@Override
public void close() throws IOException {
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/concurrency/InvalidDirectoryException.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/concurrency/InvalidDirectoryException.java
index 3faa54ffa..08b29acff 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/concurrency/InvalidDirectoryException.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/concurrency/InvalidDirectoryException.java
@@ -25,6 +25,9 @@ package org.owasp.dependencycheck.concurrency;
*/
public class InvalidDirectoryException extends Exception {
+ /**
+ * Default serial version UID.
+ */
private static final long serialVersionUID = 1L;
/**
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/concurrency/package-info.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/concurrency/package-info.java
new file mode 100644
index 000000000..ab7fba4fd
--- /dev/null
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/concurrency/package-info.java
@@ -0,0 +1,11 @@
+/**
+ *
+ *
+ * org.owasp.dependencycheck.concurrency
+ *
+ *
+ * Contains classes used to create shared and exclusive locks on directories.
+ *
+ *
+ */
+package org.owasp.dependencycheck.concurrency;
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/BaseIndex.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/BaseIndex.java
index 1f6e84d91..f895a99e8 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/BaseIndex.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/BaseIndex.java
@@ -36,11 +36,20 @@ public abstract class BaseIndex {
/**
* The Lucene directory containing the index.
*/
- protected Directory directory;
+ private Directory directory;
/**
* Indicates whether or not the Lucene Index is open.
*/
- protected boolean indexOpen = false;
+ private boolean indexOpen = false;
+
+ /**
+ * Gets the directory.
+ *
+ * @return the directory
+ */
+ public Directory getDirectory() {
+ return directory;
+ }
/**
* Opens the CPE Index.
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeIndexReader.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeIndexReader.java
index dfee343e5..68f9344f4 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeIndexReader.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeIndexReader.java
@@ -79,7 +79,7 @@ public class CpeIndexReader extends BaseIndex {
public void open() throws IOException {
//TODO add spinlock (shared)
super.open();
- indexReader = DirectoryReader.open(directory);
+ indexReader = DirectoryReader.open(getDirectory());
indexSearcher = new IndexSearcher(indexReader);
searchingAnalyzer = createSearchingAnalyzer();
queryParser = new QueryParser(Version.LUCENE_43, Fields.DOCUMENT_KEY, searchingAnalyzer);
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeIndexWriter.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeIndexWriter.java
index cc4c194c4..7efe09f7c 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeIndexWriter.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeIndexWriter.java
@@ -63,7 +63,7 @@ public class CpeIndexWriter extends BaseIndex {
super.open();
indexingAnalyzer = createIndexingAnalyzer();
final IndexWriterConfig conf = new IndexWriterConfig(Version.LUCENE_43, indexingAnalyzer);
- indexWriter = new IndexWriter(directory, conf);
+ indexWriter = new IndexWriter(getDirectory(), conf);
}
/**
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCve20Handler.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCve20Handler.java
index 0a4b439f9..da5686320 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCve20Handler.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCve20Handler.java
@@ -25,8 +25,6 @@ import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.lucene.index.CorruptIndexException;
import org.owasp.dependencycheck.data.cpe.CpeIndexWriter;
-import org.owasp.dependencycheck.data.nvdcve.CveDB;
-import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.dependency.Reference;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/DataStoreMetaInfo.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/DataStoreMetaInfo.java
index 3d25c8e22..d589abe6a 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/DataStoreMetaInfo.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/DataStoreMetaInfo.java
@@ -104,7 +104,7 @@ public class DataStoreMetaInfo {
* Loads the data's meta properties.
*/
private void loadProperties() {
- File file = getPropertiesFile();
+ final File file = getPropertiesFile();
if (file.exists()) {
InputStream is = null;
try {
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/DatabaseUpdater.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/DatabaseUpdater.java
index 9af48b57b..f69ae3c63 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/DatabaseUpdater.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/DatabaseUpdater.java
@@ -54,6 +54,7 @@ import static org.owasp.dependencycheck.data.update.DataStoreMetaInfo.BATCH;
import static org.owasp.dependencycheck.data.update.DataStoreMetaInfo.MODIFIED;
/**
+ * Class responsible for updating the CPE and NVDCVE data stores.
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
@@ -74,7 +75,7 @@ public class DatabaseUpdater implements CachedWebDataSource {
/**
* A flag indicating whether or not the batch update should be performed.
*/
- protected boolean doBatchUpdate;
+ private boolean doBatchUpdate;
/**
* Get the value of doBatchUpdate
@@ -266,6 +267,12 @@ public class DatabaseUpdater implements CachedWebDataSource {
}
}
+ /**
+ * Performs the batch update based on the configured batch update URL.
+ *
+ * @throws UpdateException thrown if there is an exception during the update
+ * process
+ */
private void performBatchUpdate() throws UpdateException {
if (properties.isBatchUpdateMode() && doBatchUpdate) {
final String batchSrc = Settings.getString(Settings.KEYS.BATCH_UPDATE_URL);
@@ -419,7 +426,7 @@ public class DatabaseUpdater implements CachedWebDataSource {
}
}
- NvdCveInfo batchInfo = currentlyPublished.get(BATCH);
+ final NvdCveInfo batchInfo = currentlyPublished.get(BATCH);
if (properties.isBatchUpdateMode() && batchInfo != null) {
final long lastUpdated = Long.parseLong(properties.getProperty(DataStoreMetaInfo.BATCH, "0"));
if (lastUpdated != batchInfo.getTimestamp()) {
@@ -477,7 +484,8 @@ public class DatabaseUpdater implements CachedWebDataSource {
}
}
} catch (NumberFormatException ex) {
- Logger.getLogger(DataStoreMetaInfo.class.getName()).log(Level.WARNING, "An invalid schema version or timestamp exists in the data.properties file.");
+ final String msg = "An invalid schema version or timestamp exists in the data.properties file.";
+ Logger.getLogger(DataStoreMetaInfo.class.getName()).log(Level.WARNING, msg);
Logger.getLogger(DataStoreMetaInfo.class.getName()).log(Level.FINE, null, ex);
setDoBatchUpdate(properties.isBatchUpdateMode());
}
@@ -521,7 +529,7 @@ public class DatabaseUpdater implements CachedWebDataSource {
final Map map = new TreeMap();
String retrieveUrl = Settings.getString(Settings.KEYS.CVE_MODIFIED_20_URL);
if (retrieveUrl == null && properties.isBatchUpdateMode()) {
- NvdCveInfo item = new NvdCveInfo();
+ final NvdCveInfo item = new NvdCveInfo();
retrieveUrl = Settings.getString(Settings.KEYS.BATCH_UPDATE_URL);
if (retrieveUrl == null) {
final String msg = "Invalid configuration - neither the modified or batch update URLs are specified in the configuration.";
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveInfo.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveInfo.java
index 76af51cf3..7a27a9124 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveInfo.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveInfo.java
@@ -20,6 +20,8 @@ package org.owasp.dependencycheck.data.update;
/**
* A pojo that contains the Url and timestamp of the current NvdCve XML files.
+ *
+ * @author Jeremy Long (jeremy.long@owasp.org)
*/
public class NvdCveInfo {
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java
index 3958b1a90..9d0c1108f 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java
@@ -32,7 +32,6 @@ import java.util.logging.Logger;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import org.owasp.dependencycheck.Engine;
-import org.owasp.dependencycheck.analyzer.AnalysisException;
import org.owasp.dependencycheck.analyzer.ArchiveAnalyzer;
/**
@@ -81,8 +80,11 @@ public final class FileUtils {
delete(c);
}
}
- if (!file.delete()) {
+ if (!org.apache.commons.io.FileUtils.deleteQuietly(file)) {
+ //if (!file.delete()) {
throw new FileNotFoundException("Failed to delete file: " + file);
+ } else {
+ file.deleteOnExit();
}
}
@@ -102,7 +104,8 @@ public final class FileUtils {
delete(c);
}
}
- if (!file.delete()) {
+ if (!org.apache.commons.io.FileUtils.deleteQuietly(file)) {
+ //if (!file.delete()) {
if (deleteOnExit) {
file.deleteOnExit();
} else {