updated lock file cleanup to be useable by other build plugins

dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBCleanupHook.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2017 OWASP.
+ * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -12,23 +12,63 @@
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
+ *
+ * Copyright (c) 2017 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.utils;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 /**
+ * A cleanup hook that will register with the JVM to remove the H@DBLock file
+ * during an unexpected shutdown.
  *
- * @author jeremy
+ * @author Jeremy Long
  */
-public class H2DBCleanupHook extends Thread {
+public class H2DBCleanupHook extends H2DBShutdownHook {
 
-    private final H2DBLock lock;
+    /**
+     * A reference to the lock file.
+     */
+    private H2DBLock lock;
 
-    public H2DBCleanupHook(H2DBLock lock) {
+    /**
+     * The logger.
+     */
+    private static final Logger LOGGER = LoggerFactory.getLogger(H2DBShutdownHookFactory.class);
+
+    /**
+     * Add the shutdown hook.
+     *
+     * @param lock the lock object
+     */
+    @Override
+    public void add(H2DBLock lock) {
         this.lock = lock;
+        Runtime.getRuntime().addShutdownHook(this);
     }
 
+    /**
+     * Removes the shutdown hook.
+     */
+    @Override
+    public void remove() {
+        try {
+            Runtime.getRuntime().removeShutdownHook(this);
+        } catch (IllegalStateException ex) {
+            LOGGER.trace("ignore as we are likely shutting down", ex);
+        }
+    }
+
+    /**
+     * Releases the custom h2 lock file used by dependency-check.
+     */
     @Override
     public void run() {
+        if (lock != null) {
             lock.release();
+            lock = null;
+        }
     }
 }

dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBLock.java

@@ -30,6 +30,8 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 /**
+ * The H2 DB lock file implementation; creates a custom lock file so that only a
+ * single instance of dependency-check can update the embedded h2 database.
  *
  * @author Jeremy Long
  */
@@ -69,7 +71,10 @@ public class H2DBLock {
      */
     private final String magic;
 
-    private H2DBCleanupHook hook = null;
+    /**
+     * The shutdown hook used to remove the lock file in case of an unexpected shutdown.
+     */
+    private H2DBShutdownHook hook = null;
 
     /**
      * Constructs a new H2DB Lock object with the configured settings.
@@ -229,18 +234,15 @@ public class H2DBLock {
 
     private void addShutdownHook() {
         if (hook == null) {
-            hook = new H2DBCleanupHook(this);
+            hook = H2DBShutdownHookFactory.getHook(settings);
-            Runtime.getRuntime().addShutdownHook(hook);
+            hook.add(this);
+
         }
     }
 
     private void removeShutdownHook() {
         if (hook != null) {
-            try {
+            hook.remove();
-                Runtime.getRuntime().removeShutdownHook(hook);
-            } catch (IllegalStateException ex) {
-                LOGGER.trace("ignore as we are likely shutting down", ex);
-            }
             hook = null;
         }
     }

dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBShutdownHook.java

@@ -0,0 +1,39 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2017 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.utils;
+
+/**
+ * Definition of the shutdown hook used during the unexpected shutdown during
+ * the update process of the H2 DB.
+ *
+ * @author Jeremy Long
+ */
+public abstract class H2DBShutdownHook extends Thread {
+
+    /**
+     * Adds the shutdown hook.
+     *
+     * @param lock the H2DB Lock reference
+     */
+    public abstract void add(H2DBLock lock);
+
+    /**
+     * Removes the shutdown hook.
+     */
+    public abstract void remove();
+}

dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBShutdownHookFactory.java

@@ -0,0 +1,51 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2017 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.utils;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Simple factory to instantiate the H2DB Shutdown Hook.
+ *
+ * @author Jeremy Long
+ */
+public final class H2DBShutdownHookFactory {
+
+    /**
+     * The logger.
+     */
+    private static final Logger LOGGER = LoggerFactory.getLogger(H2DBShutdownHookFactory.class);
+
+    /**
+     * Creates a new H2DB Shutdown Hook.
+     *
+     * @param settings the configured settings
+     * @return the H2DB Shutdown Hook
+     */
+    public static H2DBShutdownHook getHook(Settings settings) {
+        try {
+            String className = settings.getString(Settings.KEYS.H2DB_SHUTDOWN_HOOK, "org.owasp.dependencycheck.utils.H2DBCleanupHook");
+            Class type = Class.forName(className);
+            return (H2DBShutdownHook) type.newInstance();
+        } catch (ClassNotFoundException | InstantiationException | IllegalAccessException ex) {
+            LOGGER.debug("Failed to instantiate {}, using default shutdown hook instead", ex);
+            return new H2DBCleanupHook();
+        }
+    }
+}

dependency-check-core/src/main/resources/dependencycheck.properties

@@ -41,6 +41,8 @@ data.password=DC-Pass1337!
 data.driver_name=org.h2.Driver
 data.driver_path=
 
+# the class name of the H2 database shutdown hook
+data.h2.shutdownhook=org.owasp.dependencycheck.utils.H2DBCleanupHook
 
 proxy.disableSchemas=true
 # the number of days that the modified nvd cve data holds data for. We don't need

dependency-check-core/src/test/resources/dependencycheck.properties

@@ -36,6 +36,9 @@ data.password=DC-Pass1337!
 data.driver_name=org.h2.Driver
 data.driver_path=
 
+# the class name of the H2 database shutdown hook
+data.h2.shutdownhook=org.owasp.dependencycheck.utils.H2DBCleanupHook
+
 proxy.disableSchemas=true
 # the number of days that the modified nvd cve data holds data for. We don't need
 # to update the other files if we are within this timespan. Per NIST this file

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java

@@ -1106,7 +1106,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
             mojoProperties = this.getClass().getClassLoader().getResourceAsStream(PROPERTIES_FILE);
             settings.mergeProperties(mojoProperties);
         } catch (IOException ex) {
-            getLog().warn("Unable to load the dependency-check ant task.properties file.");
+            getLog().warn("Unable to load the dependency-check maven mojo.properties file.");
             if (getLog().isDebugEnabled()) {
                 getLog().debug("", ex);
             }

dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java

@@ -456,6 +456,10 @@ public final class Settings {
          * Size of database batch inserts
          */
         public static final String MAX_BATCH_SIZE = "database.batchinsert.maxsize";
+        /**
+         * The key that specifies the class name of the H2 database shutdown hook.
+         */
+        public static String H2DB_SHUTDOWN_HOOK = "data.h2.shutdownhook";
 
         /**
          * private constructor because this is a "utility" class containing
@@ -958,6 +962,7 @@ public final class Settings {
         }
         if (connStr.contains("%s")) {
             final File directory = getDataDirectory();
+            LOGGER.debug("Data directory: {}", directory);
             String fileName = null;
             if (dbFileNameKey != null) {
                 fileName = getString(dbFileNameKey);