From 22097c0a25bb2ba8b49f78dbccd4ae6f76d46a79 Mon Sep 17 00:00:00 2001 From: Anthony Whitford Date: Tue, 27 Oct 2015 00:10:32 -0700 Subject: [PATCH 1/3] Replaced boiler-plate file read with simpler IOUtils call. --- .../data/nvdcve/ConnectionFactory.java | 47 +++++-------------- 1 file changed, 11 insertions(+), 36 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java index fabe1d149..db1e1baa9 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java @@ -30,6 +30,7 @@ import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; import java.util.logging.Level; +import org.apache.commons.io.IOUtils; import org.owasp.dependencycheck.utils.DBUtils; import org.owasp.dependencycheck.utils.DependencyVersion; import org.owasp.dependencycheck.utils.DependencyVersionUtil; @@ -250,22 +251,15 @@ public final class ConnectionFactory { */ private static void createTables(Connection conn) throws DatabaseException { LOGGER.debug("Creating database structure"); - InputStream is; - InputStreamReader reader; - BufferedReader in = null; + InputStream is = null; try { is = ConnectionFactory.class.getClassLoader().getResourceAsStream(DB_STRUCTURE_RESOURCE); - reader = new InputStreamReader(is, "UTF-8"); - in = new BufferedReader(reader); - final StringBuilder sb = new StringBuilder(2110); - String tmp; - while ((tmp = in.readLine()) != null) { - sb.append(tmp); - } + final String dbStructure = IOUtils.toString(is, "UTF-8"); + Statement statement = null; try { statement = conn.createStatement(); - statement.execute(sb.toString()); + statement.execute(dbStructure); } catch (SQLException ex) { LOGGER.debug("", ex); throw new DatabaseException("Unable to create database statement", ex); @@ -275,13 +269,7 @@ public final class ConnectionFactory { } catch (IOException ex) { throw new DatabaseException("Unable to create database schema", ex); } finally { - if (in != null) { - try { - in.close(); - } catch (IOException ex) { - LOGGER.trace("", ex); - } - } + IOUtils.closeQuietly(is); } } @@ -303,9 +291,7 @@ public final class ConnectionFactory { } if ("h2".equalsIgnoreCase(databaseProductName)) { LOGGER.debug("Updating database structure"); - InputStream is; - InputStreamReader reader; - BufferedReader in = null; + InputStream is = null; String updateFile = null; try { updateFile = String.format(DB_STRUCTURE_UPDATE_RESOURCE, schema); @@ -313,17 +299,12 @@ public final class ConnectionFactory { if (is == null) { throw new DatabaseException(String.format("Unable to load update file '%s'", updateFile)); } - reader = new InputStreamReader(is, "UTF-8"); - in = new BufferedReader(reader); - final StringBuilder sb = new StringBuilder(is.available()); - String tmp; - while ((tmp = in.readLine()) != null) { - sb.append(tmp); - } + final String dbStructureUpdate = IOUtils.toString(is, "UTF-8"); + Statement statement = null; try { statement = conn.createStatement(); - boolean success = statement.execute(sb.toString()); + boolean success = statement.execute(dbStructureUpdate); if (!success && statement.getUpdateCount() <= 0) { throw new DatabaseException(String.format("Unable to upgrade the database schema to %s", schema)); } @@ -337,13 +318,7 @@ public final class ConnectionFactory { final String msg = String.format("Upgrade SQL file does not exist: %s", updateFile); throw new DatabaseException(msg, ex); } finally { - if (in != null) { - try { - in.close(); - } catch (IOException ex) { - LOGGER.trace("", ex); - } - } + IOUtils.closeQuietly(is); } } else { LOGGER.error("The database schema must be upgraded to use this version of dependency-check. Please see {} for more information.", UPGRADE_HELP_URL); From a8ff403809d608ad08a782f64e171ff69031883b Mon Sep 17 00:00:00 2001 From: Anthony Whitford Date: Tue, 27 Oct 2015 01:00:04 -0700 Subject: [PATCH 2/3] Removed unused imports. --- .../owasp/dependencycheck/data/nvdcve/ConnectionFactory.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java index db1e1baa9..02197a9ca 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java @@ -17,11 +17,9 @@ */ package org.owasp.dependencycheck.data.nvdcve; -import java.io.BufferedReader; import java.io.File; import java.io.IOException; import java.io.InputStream; -import java.io.InputStreamReader; import java.sql.CallableStatement; import java.sql.Connection; import java.sql.Driver; From e21f8a97acb2b76f976c8c56ff937c404ebfc2f7 Mon Sep 17 00:00:00 2001 From: Anthony Whitford Date: Tue, 27 Oct 2015 01:00:29 -0700 Subject: [PATCH 3/3] More opportunities to leverage IOUtils. --- .../analyzer/AssemblyAnalyzer.java | 47 ++++--------------- 1 file changed, 10 insertions(+), 37 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java index 8e5e20a1c..984ea8a22 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java @@ -17,13 +17,13 @@ */ package org.owasp.dependencycheck.analyzer; -import java.io.BufferedReader; import java.io.File; import java.io.FileFilter; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; -import java.io.InputStreamReader; +import org.apache.commons.io.IOUtils; +import org.apache.commons.io.output.NullOutputStream; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Confidence; @@ -115,18 +115,15 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { final List args = buildArgumentList(); args.add(dependency.getActualFilePath()); final ProcessBuilder pb = new ProcessBuilder(args); - BufferedReader rdr = null; Document doc = null; try { final Process proc = pb.start(); // Try evacuating the error stream - rdr = new BufferedReader(new InputStreamReader(proc.getErrorStream(), "UTF-8")); - String line = null; - // CHECKSTYLE:OFF - while (rdr.ready() && (line = rdr.readLine()) != null) { - LOGGER.warn("Error from GrokAssembly: {}", line); + final String errorStream = IOUtils.toString(proc.getErrorStream(), "UTF-8"); + if (null != errorStream && !errorStream.isEmpty()) { + LOGGER.warn("Error from GrokAssembly: {}", errorStream); } - // CHECKSTYLE:ON + int rc = 0; doc = builder.parse(proc.getInputStream()); @@ -176,14 +173,6 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { } catch (XPathExpressionException xpe) { // This shouldn't happen throw new AnalysisException(xpe); - } finally { - if (rdr != null) { - try { - rdr.close(); - } catch (IOException ex) { - LOGGER.debug("ignore", ex); - } - } } } @@ -200,11 +189,8 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { try { fos = new FileOutputStream(tempFile); is = AssemblyAnalyzer.class.getClassLoader().getResourceAsStream("GrokAssembly.exe"); - final byte[] buff = new byte[4096]; - int bread = -1; - while ((bread = is.read(buff)) >= 0) { - fos.write(buff, 0, bread); - } + IOUtils.copy(is, fos); + grokAssemblyExe = tempFile; // Set the temp file to get deleted when we're done grokAssemblyExe.deleteOnExit(); @@ -232,17 +218,12 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { // Now, need to see if GrokAssembly actually runs from this location. final List args = buildArgumentList(); - BufferedReader rdr = null; try { final ProcessBuilder pb = new ProcessBuilder(args); final Process p = pb.start(); // Try evacuating the error stream - rdr = new BufferedReader(new InputStreamReader(p.getErrorStream(), "UTF-8")); - // CHECKSTYLE:OFF - while (rdr.ready() && rdr.readLine() != null) { - // We expect this to complain - } - // CHECKSTYLE:ON + IOUtils.copy(p.getErrorStream(), NullOutputStream.NULL_OUTPUT_STREAM); + final Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(p.getInputStream()); final XPath xpath = XPathFactory.newInstance().newXPath(); final String error = xpath.evaluate("/assembly/error", doc); @@ -263,14 +244,6 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { this.setEnabled(false); throw new AnalysisException("An error occured with the .NET AssemblyAnalyzer", e); } - } finally { - if (rdr != null) { - try { - rdr.close(); - } catch (IOException ex) { - LOGGER.trace("ignore", ex); - } - } } builder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); }