github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 07:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

resolved merge conflict

Browse Source
This commit is contained in:
Jeremy Long
2016-06-04 09:09:57 -04:00
parent 63d24737dd e79da72711
commit b295e927b7
1 changed files with 41 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
View File

@@ -68,9 +68,18 @@ public class CveDB {
*/
private ResourceBundle statementBundle = null;
/**
* <<<<<<< HEAD Creates a new CveDB object and opens the database
* connection. Note, the connection must be closed by the caller by calling
* the close method. ======= Does the underlying connection support batch
* operations?
*/
private boolean batchSupported;
/**
* Creates a new CveDB object and opens the database connection. Note, the
* connection must be closed by the caller by calling the close method.
* >>>>>>> e79da72711dc0f326fcdce52deab89e37c0d8230
*
* @throws DatabaseException thrown if there is an exception opening the
* database.
@@ -81,6 +90,7 @@ public class CveDB {
open();
try {
final String databaseProductName = conn.getMetaData().getDatabaseProductName();
batchSupported = conn.getMetaData().supportsBatchUpdates();
LOGGER.debug("Database dialect: {}", databaseProductName);
final Locale dbDialect = new Locale(databaseProductName);
statementBundle = ResourceBundle.getBundle("data/dbStatements", dbDialect);
@@ -388,6 +398,7 @@ public class CveDB {
ResultSet rsR = null;
ResultSet rsS = null;
Vulnerability vuln = null;
try {
psV = getConnection().prepareStatement(statementBundle.getString("SELECT_VULNERABILITY"));
psV.setString(1, cve);
@@ -493,6 +504,7 @@ public class CveDB {
}
DBUtils.closeResultSet(rs);
rs = null;
if (vulnerabilityId != 0) {
if (vuln.getDescription().contains("** REJECT **")) {
deleteVulnerability.setInt(1, vulnerabilityId);
@@ -534,13 +546,24 @@ public class CveDB {
rs = null;
}
}
insertReference.setInt(1, vulnerabilityId);
for (Reference r : vuln.getReferences()) {
insertReference.setInt(1, vulnerabilityId);
insertReference.setString(2, r.getName());
insertReference.setString(3, r.getUrl());
insertReference.setString(4, r.getSource());
insertReference.execute();
if (batchSupported) {
insertReference.addBatch();
} else {
insertReference.execute();
}
}
if (batchSupported) {
insertReference.executeBatch();
}
for (VulnerableSoftware s : vuln.getVulnerableSoftware()) {
int cpeProductId = 0;
selectCpeId.setString(1, s.getName());
@@ -569,22 +592,30 @@ public class CveDB {
insertSoftware.setInt(1, vulnerabilityId);
insertSoftware.setInt(2, cpeProductId);
if (s.getPreviousVersion() == null) {
insertSoftware.setNull(3, java.sql.Types.VARCHAR);
} else {
insertSoftware.setString(3, s.getPreviousVersion());
}
try {
insertSoftware.execute();
} catch (SQLException ex) {
if (ex.getMessage().contains("Duplicate entry")) {
final String msg = String.format("Duplicate software key identified in '%s:%s'", vuln.getName(), s.getName());
LOGGER.debug(msg, ex);
} else {
throw ex;
if (batchSupported) {
insertSoftware.addBatch();
} else {
try {
insertSoftware.execute();
} catch (SQLException ex) {
if (ex.getMessage().contains("Duplicate entry")) {
final String msg = String.format("Duplicate software key identified in '%s:%s'", vuln.getName(), s.getName());
LOGGER.debug(msg, ex);
} else {
throw ex;
}
}
}
}
if (batchSupported) {
insertSoftware.executeBatch();
}
} catch (SQLException ex) {
final String msg = String.format("Error updating '%s'", vuln.getName());
LOGGER.debug(msg, ex);