github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-26 02:51:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed NPE issues

Browse Source
This commit is contained in:
Jeremy Long
2016-09-04 18:41:58 -04:00
parent 0b260cef2a
commit bcd6634d8a
5 changed files with 99 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java
View File

@@ -209,10 +209,12 @@ public final class CpeMemoryIndex {
final Set<Pair<String, String>> data = cve.getVendorProductList(); final Set<Pair<String, String>> data = cve.getVendorProductList();
for (Pair<String, String> pair : data) { for (Pair<String, String> pair : data) {
v.setStringValue(pair.getLeft()); if (pair.getLeft() != null && pair.getRight() != null) {
p.setStringValue(pair.getRight()); v.setStringValue(pair.getLeft());
indexWriter.addDocument(doc); p.setStringValue(pair.getRight());
resetFieldAnalyzer(); indexWriter.addDocument(doc);
resetFieldAnalyzer();
}
} }
} catch (DatabaseException ex) { } catch (DatabaseException ex) {
LOGGER.debug("", ex); LOGGER.debug("", ex);

161
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java
View File

@@ -77,10 +77,10 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
} }
if (autoUpdate && checkUpdate()) { if (autoUpdate && checkUpdate()) {
final UpdateableNvdCve updateable = getUpdatesNeeded(); final UpdateableNvdCve updateable = getUpdatesNeeded();
getProperties().save(DatabaseProperties.LAST_CHECKED, Long.toString(System.currentTimeMillis()));
if (updateable.isUpdateNeeded()) { if (updateable.isUpdateNeeded()) {
performUpdate(updateable); performUpdate(updateable);
} }
getProperties().save(DatabaseProperties.LAST_CHECKED, Long.toString(System.currentTimeMillis()));
} }
} catch (MalformedURLException ex) { } catch (MalformedURLException ex) {
throw new UpdateException("NVD CVE properties files contain an invalid URL, unable to update the data to use the most current data.", ex); throw new UpdateException("NVD CVE properties files contain an invalid URL, unable to update the data to use the most current data.", ex);
@@ -156,93 +156,86 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
* @throws UpdateException is thrown if there is an error updating the * @throws UpdateException is thrown if there is an error updating the
* database * database
*/ */
public void performUpdate(UpdateableNvdCve updateable) throws UpdateException { private void performUpdate(UpdateableNvdCve updateable) throws UpdateException {
int maxUpdates = 0; int maxUpdates = 0;
try { for (NvdCveInfo cve : updateable) {
for (NvdCveInfo cve : updateable) { if (cve.getNeedsUpdate()) {
if (cve.getNeedsUpdate()) { maxUpdates += 1;
maxUpdates += 1; }
}
if (maxUpdates <= 0) {
return;
}
if (maxUpdates > 3) {
LOGGER.info("NVD CVE requires several updates; this could take a couple of minutes.");
}
final int poolSize = (MAX_THREAD_POOL_SIZE < maxUpdates) ? MAX_THREAD_POOL_SIZE : maxUpdates;
final ExecutorService downloadExecutors = Executors.newFixedThreadPool(poolSize);
final ExecutorService processExecutor = Executors.newSingleThreadExecutor();
final Set<Future<Future<ProcessTask>>> downloadFutures = new HashSet<Future<Future<ProcessTask>>>(maxUpdates);
for (NvdCveInfo cve : updateable) {
if (cve.getNeedsUpdate()) {
final DownloadTask call = new DownloadTask(cve, processExecutor, getCveDB(), Settings.getInstance());
downloadFutures.add(downloadExecutors.submit(call));
}
}
downloadExecutors.shutdown();
//next, move the future future processTasks to just future processTasks
final Set<Future<ProcessTask>> processFutures = new HashSet<Future<ProcessTask>>(maxUpdates);
for (Future<Future<ProcessTask>> future : downloadFutures) {
Future<ProcessTask> task = null;
try {
task = future.get();
} catch (InterruptedException ex) {
downloadExecutors.shutdownNow();
processExecutor.shutdownNow();
LOGGER.debug("Thread was interrupted during download", ex);
throw new UpdateException("The download was interrupted", ex);
} catch (ExecutionException ex) {
downloadExecutors.shutdownNow();
processExecutor.shutdownNow();
LOGGER.debug("Thread was interrupted during download execution", ex);
throw new UpdateException("The execution of the download was interrupted", ex);
}
if (task == null) {
downloadExecutors.shutdownNow();
processExecutor.shutdownNow();
LOGGER.debug("Thread was interrupted during download");
throw new UpdateException("The download was interrupted; unable to complete the update");
} else {
processFutures.add(task);
}
}
for (Future<ProcessTask> future : processFutures) {
try {
final ProcessTask task = future.get();
if (task.getException() != null) {
throw task.getException();
} }
} catch (InterruptedException ex) {
processExecutor.shutdownNow();
LOGGER.debug("Thread was interrupted during processing", ex);
throw new UpdateException(ex);
} catch (ExecutionException ex) {
processExecutor.shutdownNow();
LOGGER.debug("Execution Exception during process", ex);
throw new UpdateException(ex);
} finally {
processExecutor.shutdown();
} }
if (maxUpdates <= 0) { }
return;
}
if (maxUpdates > 3) {
LOGGER.info("NVD CVE requires several updates; this could take a couple of minutes.");
}
if (maxUpdates > 0) {
openDataStores();
}
final int poolSize = (MAX_THREAD_POOL_SIZE < maxUpdates) ? MAX_THREAD_POOL_SIZE : maxUpdates; if (maxUpdates >= 1) { //ensure the modified file date gets written (we may not have actually updated it)
getProperties().save(updateable.get(MODIFIED));
final ExecutorService downloadExecutors = Executors.newFixedThreadPool(poolSize); LOGGER.info("Begin database maintenance.");
final ExecutorService processExecutor = Executors.newSingleThreadExecutor(); getCveDB().cleanupDatabase();
final Set<Future<Future<ProcessTask>>> downloadFutures = new HashSet<Future<Future<ProcessTask>>>(maxUpdates); LOGGER.info("End database maintenance.");
for (NvdCveInfo cve : updateable) {
if (cve.getNeedsUpdate()) {
final DownloadTask call = new DownloadTask(cve, processExecutor, getCveDB(), Settings.getInstance());
downloadFutures.add(downloadExecutors.submit(call));
}
}
downloadExecutors.shutdown();
//next, move the future future processTasks to just future processTasks
final Set<Future<ProcessTask>> processFutures = new HashSet<Future<ProcessTask>>(maxUpdates);
for (Future<Future<ProcessTask>> future : downloadFutures) {
Future<ProcessTask> task = null;
try {
task = future.get();
} catch (InterruptedException ex) {
downloadExecutors.shutdownNow();
processExecutor.shutdownNow();
LOGGER.debug("Thread was interrupted during download", ex);
throw new UpdateException("The download was interrupted", ex);
} catch (ExecutionException ex) {
downloadExecutors.shutdownNow();
processExecutor.shutdownNow();
LOGGER.debug("Thread was interrupted during download execution", ex);
throw new UpdateException("The execution of the download was interrupted", ex);
}
if (task == null) {
downloadExecutors.shutdownNow();
processExecutor.shutdownNow();
LOGGER.debug("Thread was interrupted during download");
throw new UpdateException("The download was interrupted; unable to complete the update");
} else {
processFutures.add(task);
}
}
for (Future<ProcessTask> future : processFutures) {
try {
final ProcessTask task = future.get();
if (task.getException() != null) {
throw task.getException();
}
} catch (InterruptedException ex) {
processExecutor.shutdownNow();
LOGGER.debug("Thread was interrupted during processing", ex);
throw new UpdateException(ex);
} catch (ExecutionException ex) {
processExecutor.shutdownNow();
LOGGER.debug("Execution Exception during process", ex);
throw new UpdateException(ex);
} finally {
processExecutor.shutdown();
}
}
if (maxUpdates >= 1) { //ensure the modified file date gets written (we may not have actually updated it)
getProperties().save(updateable.get(MODIFIED));
LOGGER.info("Begin database maintenance.");
getCveDB().cleanupDatabase();
LOGGER.info("End database maintenance.");
}
} finally {
closeDataStores();
} }
} }

19
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Reference.java
View File

@@ -18,6 +18,7 @@
package org.owasp.dependencycheck.dependency; package org.owasp.dependencycheck.dependency;
import java.io.Serializable; import java.io.Serializable;
import org.apache.commons.lang3.builder.CompareToBuilder;
/** /**
* An external reference for a vulnerability. This contains a name, URL, and a * An external reference for a vulnerability. This contains a name, URL, and a
@@ -141,18 +142,10 @@ public class Reference implements Serializable, Comparable<Reference> {
*/ */
@Override @Override
public int compareTo(Reference o) { public int compareTo(Reference o) {
if (source.equals(o.source)) { return new CompareToBuilder()
if (name.equals(o.name)) { .append(source, o.source)
if (url.equals(o.url)) { .append(name, o.name)
return 0; //they are equal .append(url, o.url)
} else { .toComparison();
return url.compareTo(o.url);
}
} else {
return name.compareTo(o.name);
}
} else {
return source.compareTo(o.source);
}
} }
} }

5
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java
View File

@@ -183,12 +183,17 @@ public class CPEAnalyzerIntegrationTest extends BaseDBTestCase {
hintAnalyzer.analyze(spring3, null); hintAnalyzer.analyze(spring3, null);
CPEAnalyzer instance = new CPEAnalyzer(); CPEAnalyzer instance = new CPEAnalyzer();
try {
instance.open(); instance.open();
instance.determineCPE(commonValidator); instance.determineCPE(commonValidator);
instance.determineCPE(struts); instance.determineCPE(struts);
instance.determineCPE(spring); instance.determineCPE(spring);
instance.determineCPE(spring3); instance.determineCPE(spring3);
instance.close(); instance.close();
} catch (Throwable ex) {
ex.printStackTrace();
}
String expResult = "cpe:/a:apache:struts:2.1.2"; String expResult = "cpe:/a:apache:struts:2.1.2";
Identifier expIdentifier = new Identifier("cpe", expResult, expResult); Identifier expIdentifier = new Identifier("cpe", expResult, expResult);

11
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/NvdCveUpdaterIntegrationTest.java
View File

@@ -40,12 +40,11 @@ public class NvdCveUpdaterIntegrationTest extends BaseTest {
// /** // /**
// * Test of update method, of class StandardUpdate. // * Test of update method, of class StandardUpdate.
// */ // */
// @Test @Test
// public void testUpdate() throws Exception { public void testUpdate() throws Exception {
// StandardUpdate instance = getStandardUpdateTask(); NvdCveUpdater instance = getUpdater();
// instance.update(); instance.update();
// //TODO make this an actual test }
// }
/** /**
* Test of updatesNeeded method, of class StandardUpdate. * Test of updatesNeeded method, of class StandardUpdate.
*/ */