mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-20 08:14:44 +01:00
resolved merge conflict
This commit is contained in:
Jeremy Long
@@ -68,9 +68,18 @@ public class CveDB {
|
|||||||
*/
|
*/
|
||||||
private ResourceBundle statementBundle = null;
|
private ResourceBundle statementBundle = null;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* <<<<<<< HEAD Creates a new CveDB object and opens the database
|
||||||
|
* connection. Note, the connection must be closed by the caller by calling
|
||||||
|
* the close method. ======= Does the underlying connection support batch
|
||||||
|
* operations?
|
||||||
|
*/
|
||||||
|
private boolean batchSupported;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates a new CveDB object and opens the database connection. Note, the
|
* Creates a new CveDB object and opens the database connection. Note, the
|
||||||
* connection must be closed by the caller by calling the close method.
|
* connection must be closed by the caller by calling the close method.
|
||||||
|
* >>>>>>> e79da72711dc0f326fcdce52deab89e37c0d8230
|
||||||
*
|
*
|
||||||
* @throws DatabaseException thrown if there is an exception opening the
|
* @throws DatabaseException thrown if there is an exception opening the
|
||||||
* database.
|
* database.
|
||||||
@@ -81,6 +90,7 @@ public class CveDB {
|
|||||||
open();
|
open();
|
||||||
try {
|
try {
|
||||||
final String databaseProductName = conn.getMetaData().getDatabaseProductName();
|
final String databaseProductName = conn.getMetaData().getDatabaseProductName();
|
||||||
|
batchSupported = conn.getMetaData().supportsBatchUpdates();
|
||||||
LOGGER.debug("Database dialect: {}", databaseProductName);
|
LOGGER.debug("Database dialect: {}", databaseProductName);
|
||||||
final Locale dbDialect = new Locale(databaseProductName);
|
final Locale dbDialect = new Locale(databaseProductName);
|
||||||
statementBundle = ResourceBundle.getBundle("data/dbStatements", dbDialect);
|
statementBundle = ResourceBundle.getBundle("data/dbStatements", dbDialect);
|
||||||
@@ -388,6 +398,7 @@ public class CveDB {
|
|||||||
ResultSet rsR = null;
|
ResultSet rsR = null;
|
||||||
ResultSet rsS = null;
|
ResultSet rsS = null;
|
||||||
Vulnerability vuln = null;
|
Vulnerability vuln = null;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
psV = getConnection().prepareStatement(statementBundle.getString("SELECT_VULNERABILITY"));
|
psV = getConnection().prepareStatement(statementBundle.getString("SELECT_VULNERABILITY"));
|
||||||
psV.setString(1, cve);
|
psV.setString(1, cve);
|
||||||
@@ -493,6 +504,7 @@ public class CveDB {
|
|||||||
}
|
}
|
||||||
DBUtils.closeResultSet(rs);
|
DBUtils.closeResultSet(rs);
|
||||||
rs = null;
|
rs = null;
|
||||||
|
|
||||||
if (vulnerabilityId != 0) {
|
if (vulnerabilityId != 0) {
|
||||||
if (vuln.getDescription().contains("** REJECT **")) {
|
if (vuln.getDescription().contains("** REJECT **")) {
|
||||||
deleteVulnerability.setInt(1, vulnerabilityId);
|
deleteVulnerability.setInt(1, vulnerabilityId);
|
||||||
@@ -534,13 +546,24 @@ public class CveDB {
|
|||||||
rs = null;
|
rs = null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
insertReference.setInt(1, vulnerabilityId);
|
|
||||||
for (Reference r : vuln.getReferences()) {
|
for (Reference r : vuln.getReferences()) {
|
||||||
|
insertReference.setInt(1, vulnerabilityId);
|
||||||
insertReference.setString(2, r.getName());
|
insertReference.setString(2, r.getName());
|
||||||
insertReference.setString(3, r.getUrl());
|
insertReference.setString(3, r.getUrl());
|
||||||
insertReference.setString(4, r.getSource());
|
insertReference.setString(4, r.getSource());
|
||||||
insertReference.execute();
|
|
||||||
|
if (batchSupported) {
|
||||||
|
insertReference.addBatch();
|
||||||
|
} else {
|
||||||
|
insertReference.execute();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (batchSupported) {
|
||||||
|
insertReference.executeBatch();
|
||||||
|
}
|
||||||
|
|
||||||
for (VulnerableSoftware s : vuln.getVulnerableSoftware()) {
|
for (VulnerableSoftware s : vuln.getVulnerableSoftware()) {
|
||||||
int cpeProductId = 0;
|
int cpeProductId = 0;
|
||||||
selectCpeId.setString(1, s.getName());
|
selectCpeId.setString(1, s.getName());
|
||||||
@@ -569,22 +592,30 @@ public class CveDB {
|
|||||||
|
|
||||||
insertSoftware.setInt(1, vulnerabilityId);
|
insertSoftware.setInt(1, vulnerabilityId);
|
||||||
insertSoftware.setInt(2, cpeProductId);
|
insertSoftware.setInt(2, cpeProductId);
|
||||||
|
|
||||||
if (s.getPreviousVersion() == null) {
|
if (s.getPreviousVersion() == null) {
|
||||||
insertSoftware.setNull(3, java.sql.Types.VARCHAR);
|
insertSoftware.setNull(3, java.sql.Types.VARCHAR);
|
||||||
} else {
|
} else {
|
||||||
insertSoftware.setString(3, s.getPreviousVersion());
|
insertSoftware.setString(3, s.getPreviousVersion());
|
||||||
}
|
}
|
||||||
try {
|
if (batchSupported) {
|
||||||
insertSoftware.execute();
|
insertSoftware.addBatch();
|
||||||
} catch (SQLException ex) {
|
} else {
|
||||||
if (ex.getMessage().contains("Duplicate entry")) {
|
try {
|
||||||
final String msg = String.format("Duplicate software key identified in '%s:%s'", vuln.getName(), s.getName());
|
insertSoftware.execute();
|
||||||
LOGGER.debug(msg, ex);
|
} catch (SQLException ex) {
|
||||||
} else {
|
if (ex.getMessage().contains("Duplicate entry")) {
|
||||||
throw ex;
|
final String msg = String.format("Duplicate software key identified in '%s:%s'", vuln.getName(), s.getName());
|
||||||
|
LOGGER.debug(msg, ex);
|
||||||
|
} else {
|
||||||
|
throw ex;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if (batchSupported) {
|
||||||
|
insertSoftware.executeBatch();
|
||||||
|
}
|
||||||
} catch (SQLException ex) {
|
} catch (SQLException ex) {
|
||||||
final String msg = String.format("Error updating '%s'", vuln.getName());
|
final String msg = String.format("Error updating '%s'", vuln.getName());
|
||||||
LOGGER.debug(msg, ex);
|
LOGGER.debug(msg, ex);
|
||||||
|
|||||||
Reference in New Issue
Block a user