From 9fd8f1c89821de8788dc87d41cdc4d5e5e1c7cdf Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Mon, 7 Aug 2017 18:37:03 -0400 Subject: [PATCH 1/5] initial upgrade of h2 --- .../java/org/owasp/dependencycheck/taskdefs/Purge.java | 2 +- .../src/main/java/org/owasp/dependencycheck/App.java | 2 +- .../src/main/resources/dependencycheck.properties | 4 ++-- .../java/org/owasp/dependencycheck/BaseDBTestCase.java | 9 +++++---- .../test/java/org/owasp/dependencycheck/BaseTest.java | 2 +- .../java/org/owasp/dependencycheck/EngineModeIT.java | 5 +++++ .../src/test/resources/dependencycheck.properties | 4 ++-- .../java/org/owasp/dependencycheck/maven/PurgeMojo.java | 2 +- .../java/org/owasp/dependencycheck/utils/Settings.java | 2 +- .../src/test/resources/dependencycheck.properties | 4 ++-- pom.xml | 2 +- 11 files changed, 22 insertions(+), 16 deletions(-) diff --git a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java index 23f520f35..559bdc27b 100644 --- a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java +++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java @@ -106,7 +106,7 @@ public class Purge extends Task { populateSettings(); File db; try { - db = new File(Settings.getDataDirectory(), "dc.h2.db"); + db = new File(Settings.getDataDirectory(), "odc.h2.db"); if (db.exists()) { if (db.delete()) { log("Database file purged; local copy of the NVD has been removed", Project.MSG_INFO); diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java index c0132d258..2478cbe88 100644 --- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java +++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java @@ -112,7 +112,7 @@ public class App { } File db; try { - db = new File(Settings.getDataDirectory(), "dc.h2.db"); + db = new File(Settings.getDataDirectory(), Settings.getString(Settings.KEYS.DB_FILE_NAME, "odc.h2.db")); if (db.exists()) { if (db.delete()) { LOGGER.info("Database file purged; local copy of the NVD has been removed"); diff --git a/dependency-check-core/src/main/resources/dependencycheck.properties b/dependency-check-core/src/main/resources/dependencycheck.properties index 845074965..36542813d 100644 --- a/dependency-check-core/src/main/resources/dependencycheck.properties +++ b/dependency-check-core/src/main/resources/dependencycheck.properties @@ -16,14 +16,14 @@ engine.version.url=https://jeremylong.github.io/DependencyCheck/current.txt # below contains a %s then the data.directory will replace the %s. data.directory=[JAR]/data #if the filename has a %s it will be replaced with the current expected version -data.file_name=dc.h2.db +data.file_name=odc.h2.db ### if you increment the DB version then you must increment the database file path ### in the mojo.properties, task.properties (maven and ant respectively), and ### the gradle PurgeDataExtension. data.version=3.0 -data.connection_string=jdbc:h2:file:%s;FILE_LOCK=SERIALIZED;AUTOCOMMIT=ON; +data.connection_string=jdbc:h2:file:%s;MV_STORE=FALSE;AUTOCOMMIT=ON; #data.connection_string=jdbc:mysql://localhost:3306/dependencycheck # user name and password for the database connection. The inherent case is to use H2. diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseDBTestCase.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseDBTestCase.java index bfcb5cb5a..59845f4e8 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseDBTestCase.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseDBTestCase.java @@ -48,7 +48,7 @@ public abstract class BaseDBTestCase extends BaseTest { } public static void ensureDBExists() throws Exception { - File f = new File("./target/data/dc.h2.db"); + File f = new File("./target/data/odc.h2.db"); if (f.exists() && f.isFile() && f.length() < 71680) { f.delete(); } @@ -70,9 +70,10 @@ public abstract class BaseDBTestCase extends BaseTest { d.mkdir(); continue; } - File o = new File(dataPath, entry.getName()); - o.createNewFile(); - try (FileOutputStream fos = new FileOutputStream(o, false); + //File o = new File(dataPath, entry.getName()); + //o.createNewFile(); + dataFile.createNewFile(); + try (FileOutputStream fos = new FileOutputStream(dataFile, false); BufferedOutputStream dest = new BufferedOutputStream(fos, BUFFER_SIZE)) { IOUtils.copy(zin, dest); } catch (Throwable ex) { diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseTest.java index bdf307cb6..839c8ef48 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseTest.java @@ -37,7 +37,7 @@ public class BaseTest { @AfterClass public static void tearDownClass() throws Exception { - File f = new File("./target/data/dc.h2.db"); + File f = new File("./target/data/odc.h2.db"); if (f.exists() && f.isFile() && f.length() < 71680) { System.err.println("------------------------------------------------"); System.err.println("------------------------------------------------"); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineModeIT.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineModeIT.java index ab5a6cb7a..f1343adfd 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineModeIT.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineModeIT.java @@ -116,6 +116,11 @@ public class EngineModeIT extends BaseTest { assertThat(Files.exists(directory), is(true)); assertThat(Files.isDirectory(directory), is(true)); Path database = directory.resolve(Settings.getString(Settings.KEYS.DB_FILE_NAME)); + System.err.println(database.toString()); + for (String f : directory.toFile().list()) { + System.err.println(f); + } + assertThat(Files.exists(database), is(exists)); } } diff --git a/dependency-check-core/src/test/resources/dependencycheck.properties b/dependency-check-core/src/test/resources/dependencycheck.properties index 3c2003fe4..c0426a9e6 100644 --- a/dependency-check-core/src/test/resources/dependencycheck.properties +++ b/dependency-check-core/src/test/resources/dependencycheck.properties @@ -16,9 +16,9 @@ engine.version.url=https://jeremylong.github.io/DependencyCheck/current.txt # below contains a %s then the data.directory will replace the %s. data.directory=[JAR]/data #if the filename has a %s it will be replaced with the current expected version -data.file_name=dc.h2.db +data.file_name=odc.h2.db data.version=3.0 -data.connection_string=jdbc:h2:file:%s;FILE_LOCK=SERIALIZED;AUTOCOMMIT=ON; +data.connection_string=jdbc:h2:file:%s;MV_STORE=FALSE;AUTOCOMMIT=ON; #data.connection_string=jdbc:mysql://localhost:3306/dependencycheck # user name and password for the database connection. The inherent case is to use H2. diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/PurgeMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/PurgeMojo.java index 87f551140..98b5b3fcf 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/PurgeMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/PurgeMojo.java @@ -73,7 +73,7 @@ public class PurgeMojo extends BaseDependencyCheckMojo { populateSettings(); File db; try { - db = new File(Settings.getDataDirectory(), "dc.h2.db"); + db = new File(Settings.getDataDirectory(), Settings.getString(Settings.KEYS.DB_FILE_NAME, "odc.h2.db")); if (db.exists()) { if (db.delete()) { getLog().info("Database file purged; local copy of the NVD has been removed"); diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java index f8bf932cc..66e8e7083 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -1010,7 +1010,7 @@ public final class Settings { // yes, for H2 this path won't actually exists - but this is sufficient to get the value needed final File dbFile = new File(directory, fileName); final String cString = String.format(connStr, dbFile.getCanonicalPath()); - LOGGER.debug("Connection String: '{}'", cString); + LOGGER.error("Connection String: '{}'", cString); return cString; } return connStr; diff --git a/dependency-check-utils/src/test/resources/dependencycheck.properties b/dependency-check-utils/src/test/resources/dependencycheck.properties index 4da62d632..e60da2581 100644 --- a/dependency-check-utils/src/test/resources/dependencycheck.properties +++ b/dependency-check-utils/src/test/resources/dependencycheck.properties @@ -15,9 +15,9 @@ engine.version.url=http://jeremylong.github.io/DependencyCheck/current.txt # will not be used. The data.directory will be resolved and if the connection string # below contains a %s then the data.directory will replace the %s. data.directory=[JAR]/data -data.file_name=dc.h2.db +data.file_name=odc.h2.db data.version=3.0 -data.connection_string=jdbc:h2:file:%s;FILE_LOCK=SERIALIZED;AUTOCOMMIT=ON; +data.connection_string=jdbc:h2:file:%s;MV_STORE=FALSE;AUTOCOMMIT=ON; #data.connection_string=jdbc:h2:file:%s;AUTO_SERVER=TRUE;AUTOCOMMIT=ON; #data.connection_string=jdbc:mysql://localhost:3306/dependencycheck diff --git a/pom.xml b/pom.xml index 3b0073c28..0708f71fa 100644 --- a/pom.xml +++ b/pom.xml @@ -624,7 +624,7 @@ Copyright (c) 2012 - Jeremy Long com.h2database h2 - 1.3.176 + 1.4.196 commons-cli From 1e269f2a2cd1cdd62bfa67eb081a07d8b5b99a51 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sun, 13 Aug 2017 07:41:35 -0400 Subject: [PATCH 2/5] externalized db lock --- .../data/update/NvdCveUpdater.java | 79 +--------- .../exception/H2DBLockException.java | 66 ++++++++ .../owasp/dependencycheck/utils/H2DBLock.java | 146 ++++++++++++++++++ 3 files changed, 220 insertions(+), 71 deletions(-) create mode 100644 dependency-check-core/src/main/java/org/owasp/dependencycheck/exception/H2DBLockException.java create mode 100644 dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBLock.java diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java index 36014d139..b5fc703cd 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java @@ -47,9 +47,11 @@ import org.owasp.dependencycheck.data.update.nvd.DownloadTask; import org.owasp.dependencycheck.data.update.nvd.NvdCveInfo; import org.owasp.dependencycheck.data.update.nvd.ProcessTask; import org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve; +import org.owasp.dependencycheck.exception.H2DBLockException; import org.owasp.dependencycheck.utils.DateUtil; import org.owasp.dependencycheck.utils.Downloader; import org.owasp.dependencycheck.utils.DownloadFailedException; +import org.owasp.dependencycheck.utils.H2DBLock; import org.owasp.dependencycheck.utils.InvalidSettingException; import org.owasp.dependencycheck.utils.Settings; import org.slf4j.Logger; @@ -107,46 +109,9 @@ public class NvdCveUpdater implements CachedWebDataSource { if (isUpdateConfiguredFalse()) { return; } - FileLock lock = null; - RandomAccessFile ulFile = null; - File lockFile = null; + H2DBLock dbupdate = new H2DBLock(); try { - if (ConnectionFactory.isH2Connection()) { - final File dir = Settings.getDataDirectory(); - lockFile = new File(dir, "odc.update.lock"); - if (lockFile.isFile() && getFileAge(lockFile) > 5 && !lockFile.delete()) { - LOGGER.warn("An old db update lock file was found but the system was unable to delete " - + "the file. Consider manually deleting {}", lockFile.getAbsolutePath()); - } - int ctr = 0; - do { - try { - if (!lockFile.exists() && lockFile.createNewFile()) { - ulFile = new RandomAccessFile(lockFile, "rw"); - lock = ulFile.getChannel().lock(); - } - } catch (IOException ex) { - LOGGER.trace("Expected error as another thread has likely locked the file", ex); - } finally { - if (lock == null && ulFile != null) { - ulFile.close(); - } - } - if (lock == null || !lock.isValid()) { - try { - LOGGER.debug("Sleeping thread {} for 5 seconds because we could not obtain the update lock.", - Thread.currentThread().getName()); - Thread.sleep(5000); - } catch (InterruptedException ex) { - LOGGER.trace("ignorable error, sleep was interrupted.", ex); - Thread.currentThread().interrupt(); - } - } - } while (++ctr < 60 && (lock == null || !lock.isValid())); - if (lock == null || !lock.isValid()) { - throw new UpdateException("Unable to obtain the update lock, skipping the database update. Skippinig the database update."); - } - } + dbupdate.lock(); initializeExecutorServices(); cveDb = CveDB.getInstance(); dbProperties = cveDb.getDatabaseProperties(); @@ -168,30 +133,14 @@ public class NvdCveUpdater implements CachedWebDataSource { throw new UpdateException("Unable to download the NVD CVE data.", ex); } catch (DatabaseException ex) { throw new UpdateException("Database Exception, unable to update the data to use the most current data.", ex); - } catch (IOException ex) { - throw new UpdateException("Database Exception", ex); + } catch (H2DBLockException ex) { + throw new UpdateException("Unable to obtain an exclusive lock on the H2 database to perform updates", ex); } finally { - shutdownExecutorServices(); if (cveDb != null) { cveDb.close(); } - if (lock != null) { - try { - lock.release(); - } catch (IOException ex) { - LOGGER.trace("Ignorable exception", ex); - } - } - if (ulFile != null) { - try { - ulFile.close(); - } catch (IOException ex) { - LOGGER.trace("Ignorable exception", ex); - } - } - if (lockFile != null && lockFile.isFile() && !lockFile.delete()) { - LOGGER.error("Lock file '{}' was unable to be deleted. Please manually delete this file.", lockFile.toString()); - } + dbupdate.release(); + shutdownExecutorServices(); } } @@ -218,18 +167,6 @@ public class NvdCveUpdater implements CachedWebDataSource { return !autoUpdate; } - /** - * Returns the age of the file in minutes. - * - * @param file the file to calculate the age - * @return the age of the file - */ - private long getFileAge(File file) { - final Date d = new Date(); - final long modified = file.lastModified(); - return (d.getTime() - modified) / 1000 / 60; - } - /** * Initialize the executor services for download and processing of the NVD * CVE XML data. diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/exception/H2DBLockException.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/exception/H2DBLockException.java new file mode 100644 index 000000000..55e496592 --- /dev/null +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/exception/H2DBLockException.java @@ -0,0 +1,66 @@ +/* + * This file is part of dependency-check-core. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright (c) 2017 Jeremy Long. All Rights Reserved. + */ +package org.owasp.dependencycheck.exception; + +/** + * An exception used when trying to obtain a lock on the H2 database. + * + * @author Jeremy Long + */ +public class H2DBLockException extends Exception { + + /** + * The serial version uid. + */ + private static final long serialVersionUID = 1L; + + /** + * Creates a new H2DBLockException. + */ + public H2DBLockException() { + super(); + } + + /** + * Creates a new H2DBLockException. + * + * @param msg a message for the exception. + */ + public H2DBLockException(String msg) { + super(msg); + } + + /** + * Creates a new H2DBLockException. + * + * @param ex the cause of the exception. + */ + public H2DBLockException(Throwable ex) { + super(ex); + } + + /** + * Creates a new H2DBLockException. + * + * @param msg a message for the exception. + * @param ex the cause of the exception. + */ + public H2DBLockException(String msg, Throwable ex) { + super(msg, ex); + } +} diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBLock.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBLock.java new file mode 100644 index 000000000..f92fa1bf6 --- /dev/null +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBLock.java @@ -0,0 +1,146 @@ +/* + * This file is part of dependency-check-core. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright (c) 2017 Jeremy Long. All Rights Reserved. + */ +package org.owasp.dependencycheck.utils; + +import java.io.File; +import java.io.IOException; +import java.io.RandomAccessFile; +import java.nio.channels.FileLock; +import java.util.Date; +import org.owasp.dependencycheck.data.nvdcve.ConnectionFactory; +import org.owasp.dependencycheck.data.update.NvdCveUpdater; +import org.owasp.dependencycheck.data.update.exception.UpdateException; +import org.owasp.dependencycheck.exception.H2DBLockException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * + * @author Jeremy Long + */ +public class H2DBLock { + + /** + * The logger. + */ + private static final Logger LOGGER = LoggerFactory.getLogger(H2DBLock.class); + /** + * The file lock. + */ + private FileLock lock = null; + /** + * Reference to the file that we are locking. + */ + private RandomAccessFile file = null; + /** + * The lock file. + */ + private File lockFile = null; + + /** + * Determine if the lock is currently held. + * + * @return true if the lock is currently held + */ + public boolean isLocked() { + return lock != null && lock.isValid(); + } + + public void lock() throws H2DBLockException { + if (ConnectionFactory.isH2Connection()) { + try { + final File dir = Settings.getDataDirectory(); + lockFile = new File(dir, "odc.update.lock"); + if (lockFile.isFile() && getFileAge(lockFile) > 5 && !lockFile.delete()) { + LOGGER.warn("An old db update lock file was found but the system was unable to delete " + + "the file. Consider manually deleting {}", lockFile.getAbsolutePath()); + } + int ctr = 0; + do { + try { + if (!lockFile.exists() && lockFile.createNewFile()) { + file = new RandomAccessFile(lockFile, "rw"); + lock = file.getChannel().lock(); + } + } catch (IOException ex) { + LOGGER.trace("Expected error as another thread has likely locked the file", ex); + } finally { + if (lock == null && file != null) { + try { + file.close(); + } catch (IOException ex) { + LOGGER.trace("Unable to close the ulFile", ex); + } + } + } + if (lock == null || !lock.isValid()) { + try { + LOGGER.debug("Sleeping thread {} for 5 seconds because we could not obtain the update lock.", + Thread.currentThread().getName()); + Thread.sleep(5000); + } catch (InterruptedException ex) { + LOGGER.trace("ignorable error, sleep was interrupted.", ex); + Thread.currentThread().interrupt(); + } + } + } while (++ctr < 60 && (lock == null || !lock.isValid())); + if (lock == null || !lock.isValid()) { + throw new H2DBLockException("Unable to obtain the update lock, skipping the database update. Skippinig the database update."); + } + } catch (IOException ex) { + throw new H2DBLockException(ex.getMessage(), ex); + } + } + } + + public void release() { + if (lock != null) { + try { + lock.release(); + lock = null; + } catch (IOException ex) { + LOGGER.trace("Ignorable exception", ex); + } + } + if (file != null) { + try { + file.close(); + file = null; + } catch (IOException ex) { + LOGGER.trace("Ignorable exception", ex); + } + } + if (lockFile != null && lockFile.isFile() && !lockFile.delete()) { + LOGGER.error("Lock file '{}' was unable to be deleted. Please manually delete this file.", lockFile.toString()); + lockFile.deleteOnExit(); + } + lockFile = null; + } + + /** + * Returns the age of the file in minutes. + * + * @param file the file to calculate the age + * @return the age of the file + */ + private long getFileAge(File file) { + final Date d = new Date(); + final long modified = file.lastModified(); + return (d.getTime() - modified) / 1000 / 60; + } +} From d401a7e60abc74be381c419c89a147709e6e68e3 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sun, 13 Aug 2017 07:43:34 -0400 Subject: [PATCH 3/5] minor code formating fix --- .../data/nvdcve/ConnectionFactory.java | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java index 829fdad27..e7a815c4c 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java @@ -82,6 +82,11 @@ public final class ConnectionFactory { * The password for the database. */ private static String password = null; + /** + * Counter to ensure that calls to ensureSchemaVersion does not end up in an + * endless loop. + */ + private static int callDepth = 0; /** * Private constructor for this factory class; no instance is ever needed. @@ -369,12 +374,6 @@ public final class ConnectionFactory { } } - /** - * Counter to ensure that calls to ensureSchemaVersion does not end up in an - * endless loop. - */ - private static int callDepth = 0; - /** * Uses the provided connection to check the specified schema version within * the database. From 3ef80644f83d3282a3830341541dab0ff3c62066 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sun, 13 Aug 2017 08:28:32 -0400 Subject: [PATCH 4/5] updated connection string for concurrency --- .../src/main/resources/dependencycheck.properties | 2 +- .../src/test/resources/dependencycheck.properties | 2 +- .../src/test/resources/dependencycheck.properties | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dependency-check-core/src/main/resources/dependencycheck.properties b/dependency-check-core/src/main/resources/dependencycheck.properties index 36542813d..ce257684f 100644 --- a/dependency-check-core/src/main/resources/dependencycheck.properties +++ b/dependency-check-core/src/main/resources/dependencycheck.properties @@ -23,7 +23,7 @@ data.file_name=odc.h2.db ### the gradle PurgeDataExtension. data.version=3.0 -data.connection_string=jdbc:h2:file:%s;MV_STORE=FALSE;AUTOCOMMIT=ON; +data.connection_string=jdbc:h2:file:%s;MV_STORE=FALSE;AUTOCOMMIT=ON;LOCK_MODE=0;FILE_LOCK=NO #data.connection_string=jdbc:mysql://localhost:3306/dependencycheck # user name and password for the database connection. The inherent case is to use H2. diff --git a/dependency-check-core/src/test/resources/dependencycheck.properties b/dependency-check-core/src/test/resources/dependencycheck.properties index c0426a9e6..524e6ac7f 100644 --- a/dependency-check-core/src/test/resources/dependencycheck.properties +++ b/dependency-check-core/src/test/resources/dependencycheck.properties @@ -18,7 +18,7 @@ data.directory=[JAR]/data #if the filename has a %s it will be replaced with the current expected version data.file_name=odc.h2.db data.version=3.0 -data.connection_string=jdbc:h2:file:%s;MV_STORE=FALSE;AUTOCOMMIT=ON; +data.connection_string=jdbc:h2:file:%s;MV_STORE=FALSE;AUTOCOMMIT=ON;LOCK_MODE=0;FILE_LOCK=NO #data.connection_string=jdbc:mysql://localhost:3306/dependencycheck # user name and password for the database connection. The inherent case is to use H2. diff --git a/dependency-check-utils/src/test/resources/dependencycheck.properties b/dependency-check-utils/src/test/resources/dependencycheck.properties index e60da2581..5e04e5344 100644 --- a/dependency-check-utils/src/test/resources/dependencycheck.properties +++ b/dependency-check-utils/src/test/resources/dependencycheck.properties @@ -17,7 +17,7 @@ engine.version.url=http://jeremylong.github.io/DependencyCheck/current.txt data.directory=[JAR]/data data.file_name=odc.h2.db data.version=3.0 -data.connection_string=jdbc:h2:file:%s;MV_STORE=FALSE;AUTOCOMMIT=ON; +data.connection_string=jdbc:h2:file:%s;MV_STORE=FALSE;AUTOCOMMIT=ON;LOCK_MODE=0;FILE_LOCK=NO #data.connection_string=jdbc:h2:file:%s;AUTO_SERVER=TRUE;AUTOCOMMIT=ON; #data.connection_string=jdbc:mysql://localhost:3306/dependencycheck From c0aca39d31f936515f7f1e70418bd70a37b516d1 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sun, 13 Aug 2017 16:05:26 -0400 Subject: [PATCH 5/5] revert database name to dc.h2.db --- .../org/owasp/dependencycheck/taskdefs/Purge.java | 2 +- .../src/main/java/org/owasp/dependencycheck/App.java | 2 +- .../org/owasp/dependencycheck/utils/H2DBLock.java | 12 +++++++++--- .../src/main/resources/dependencycheck.properties | 2 +- .../org/owasp/dependencycheck/BaseDBTestCase.java | 2 +- .../java/org/owasp/dependencycheck/BaseTest.java | 2 +- .../src/test/resources/dependencycheck.properties | 2 +- .../org/owasp/dependencycheck/maven/PurgeMojo.java | 2 +- .../src/test/resources/dependencycheck.properties | 2 +- 9 files changed, 17 insertions(+), 11 deletions(-) diff --git a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java index 559bdc27b..23f520f35 100644 --- a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java +++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java @@ -106,7 +106,7 @@ public class Purge extends Task { populateSettings(); File db; try { - db = new File(Settings.getDataDirectory(), "odc.h2.db"); + db = new File(Settings.getDataDirectory(), "dc.h2.db"); if (db.exists()) { if (db.delete()) { log("Database file purged; local copy of the NVD has been removed", Project.MSG_INFO); diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java index 2478cbe88..39b564bab 100644 --- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java +++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java @@ -112,7 +112,7 @@ public class App { } File db; try { - db = new File(Settings.getDataDirectory(), Settings.getString(Settings.KEYS.DB_FILE_NAME, "odc.h2.db")); + db = new File(Settings.getDataDirectory(), Settings.getString(Settings.KEYS.DB_FILE_NAME, "dc.h2.db")); if (db.exists()) { if (db.delete()) { LOGGER.info("Database file purged; local copy of the NVD has been removed"); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBLock.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBLock.java index f92fa1bf6..1d274bbd2 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBLock.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/H2DBLock.java @@ -23,8 +23,6 @@ import java.io.RandomAccessFile; import java.nio.channels.FileLock; import java.util.Date; import org.owasp.dependencycheck.data.nvdcve.ConnectionFactory; -import org.owasp.dependencycheck.data.update.NvdCveUpdater; -import org.owasp.dependencycheck.data.update.exception.UpdateException; import org.owasp.dependencycheck.exception.H2DBLockException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -61,11 +59,16 @@ public class H2DBLock { return lock != null && lock.isValid(); } + /** + * Obtains a lock on the H2 database. + * + * @throws H2DBLockException thrown if a lock could not be obtained + */ public void lock() throws H2DBLockException { if (ConnectionFactory.isH2Connection()) { try { final File dir = Settings.getDataDirectory(); - lockFile = new File(dir, "odc.update.lock"); + lockFile = new File(dir, "dc.update.lock"); if (lockFile.isFile() && getFileAge(lockFile) > 5 && !lockFile.delete()) { LOGGER.warn("An old db update lock file was found but the system was unable to delete " + "the file. Consider manually deleting {}", lockFile.getAbsolutePath()); @@ -108,6 +111,9 @@ public class H2DBLock { } } + /** + * Releases the lock on the H2 database. + */ public void release() { if (lock != null) { try { diff --git a/dependency-check-core/src/main/resources/dependencycheck.properties b/dependency-check-core/src/main/resources/dependencycheck.properties index ce257684f..792964606 100644 --- a/dependency-check-core/src/main/resources/dependencycheck.properties +++ b/dependency-check-core/src/main/resources/dependencycheck.properties @@ -16,7 +16,7 @@ engine.version.url=https://jeremylong.github.io/DependencyCheck/current.txt # below contains a %s then the data.directory will replace the %s. data.directory=[JAR]/data #if the filename has a %s it will be replaced with the current expected version -data.file_name=odc.h2.db +data.file_name=dc.h2.db ### if you increment the DB version then you must increment the database file path ### in the mojo.properties, task.properties (maven and ant respectively), and diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseDBTestCase.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseDBTestCase.java index 59845f4e8..cec529ff2 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseDBTestCase.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseDBTestCase.java @@ -48,7 +48,7 @@ public abstract class BaseDBTestCase extends BaseTest { } public static void ensureDBExists() throws Exception { - File f = new File("./target/data/odc.h2.db"); + File f = new File("./target/data/dc.h2.db"); if (f.exists() && f.isFile() && f.length() < 71680) { f.delete(); } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseTest.java index 839c8ef48..bdf307cb6 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseTest.java @@ -37,7 +37,7 @@ public class BaseTest { @AfterClass public static void tearDownClass() throws Exception { - File f = new File("./target/data/odc.h2.db"); + File f = new File("./target/data/dc.h2.db"); if (f.exists() && f.isFile() && f.length() < 71680) { System.err.println("------------------------------------------------"); System.err.println("------------------------------------------------"); diff --git a/dependency-check-core/src/test/resources/dependencycheck.properties b/dependency-check-core/src/test/resources/dependencycheck.properties index 524e6ac7f..1bdd122ea 100644 --- a/dependency-check-core/src/test/resources/dependencycheck.properties +++ b/dependency-check-core/src/test/resources/dependencycheck.properties @@ -16,7 +16,7 @@ engine.version.url=https://jeremylong.github.io/DependencyCheck/current.txt # below contains a %s then the data.directory will replace the %s. data.directory=[JAR]/data #if the filename has a %s it will be replaced with the current expected version -data.file_name=odc.h2.db +data.file_name=dc.h2.db data.version=3.0 data.connection_string=jdbc:h2:file:%s;MV_STORE=FALSE;AUTOCOMMIT=ON;LOCK_MODE=0;FILE_LOCK=NO #data.connection_string=jdbc:mysql://localhost:3306/dependencycheck diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/PurgeMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/PurgeMojo.java index 98b5b3fcf..42960fd5f 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/PurgeMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/PurgeMojo.java @@ -73,7 +73,7 @@ public class PurgeMojo extends BaseDependencyCheckMojo { populateSettings(); File db; try { - db = new File(Settings.getDataDirectory(), Settings.getString(Settings.KEYS.DB_FILE_NAME, "odc.h2.db")); + db = new File(Settings.getDataDirectory(), Settings.getString(Settings.KEYS.DB_FILE_NAME, "dc.h2.db")); if (db.exists()) { if (db.delete()) { getLog().info("Database file purged; local copy of the NVD has been removed"); diff --git a/dependency-check-utils/src/test/resources/dependencycheck.properties b/dependency-check-utils/src/test/resources/dependencycheck.properties index 5e04e5344..b079d254b 100644 --- a/dependency-check-utils/src/test/resources/dependencycheck.properties +++ b/dependency-check-utils/src/test/resources/dependencycheck.properties @@ -15,7 +15,7 @@ engine.version.url=http://jeremylong.github.io/DependencyCheck/current.txt # will not be used. The data.directory will be resolved and if the connection string # below contains a %s then the data.directory will replace the %s. data.directory=[JAR]/data -data.file_name=odc.h2.db +data.file_name=dc.h2.db data.version=3.0 data.connection_string=jdbc:h2:file:%s;MV_STORE=FALSE;AUTOCOMMIT=ON;LOCK_MODE=0;FILE_LOCK=NO #data.connection_string=jdbc:h2:file:%s;AUTO_SERVER=TRUE;AUTOCOMMIT=ON;