fixed merge issues

Former-commit-id: 5c4fcc5d1dc5aeb0442e4083286cd5438accf657

dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Downloader.java

@@ -27,6 +27,7 @@ import java.net.HttpURLConnection;
 import java.net.InetSocketAddress;
 import java.net.Proxy;
 import java.net.SocketAddress;
+import java.net.URISyntaxException;
 import java.net.URL;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -46,33 +47,6 @@ public final class Downloader {
     private Downloader() {
     }
 
-    /**
-     * Retrieves a file from a given URL and saves it to the outputPath.
-     *
-     * @param url the URL of the file to download.
-     * @param outputPath the path to the save the file to.
-     * @throws DownloadFailedException is thrown if there is an error
-     * downloading the file.
-     */
-    public static void fetchFile(URL url, String outputPath) throws DownloadFailedException {
-        fetchFile(url, outputPath, false);
-    }
-
-    /**
-     * Retrieves a file from a given URL and saves it to the outputPath.
-     *
-     * @param url the URL of the file to download.
-     * @param outputPath the path to the save the file to.
-     * @param unzip true/false indicating that the file being retrieved is
-     * gzipped and if true, should be uncompressed before writing to the file.
-     * @throws DownloadFailedException is thrown if there is an error
-     * downloading the file.
-     */
-    public static void fetchFile(URL url, String outputPath, boolean unzip) throws DownloadFailedException {
-        final File f = new File(outputPath);
-        fetchFile(url, f, unzip);
-    }
-
     /**
      * Retrieves a file from a given URL and saves it to the outputPath.
      *
@@ -82,20 +56,6 @@ public final class Downloader {
      * downloading the file.
      */
     public static void fetchFile(URL url, File outputPath) throws DownloadFailedException {
-        fetchFile(url, outputPath, false);
-    }
-
-    /**
-     * Retrieves a file from a given URL and saves it to the outputPath.
-     *
-     * @param url the URL of the file to download.
-     * @param outputPath the path to the save the file to.
-     * @param unzip true/false indicating that the file being retrieved is
-     * gzipped and if true, should be uncompressed before writing to the file.
-     * @throws DownloadFailedException is thrown if there is an error
-     * downloading the file.
-     */
-    public static void fetchFile(URL url, File outputPath, boolean unzip) throws DownloadFailedException {
         HttpURLConnection conn = null;
         try {
             conn = Downloader.getConnection(url);
@@ -116,7 +76,7 @@ public final class Downloader {
         BufferedOutputStream writer = null;
         InputStream reader = null;
         try {
-            if (unzip || (encoding != null && "gzip".equalsIgnoreCase(encoding))) {
+            if (encoding != null && "gzip".equalsIgnoreCase(encoding)) {
                 reader = new GZIPInputStream(conn.getInputStream());
             } else if (encoding != null && "deflate".equalsIgnoreCase(encoding)) {
                 reader = new InflaterInputStream(conn.getInputStream());
@@ -136,7 +96,6 @@ public final class Downloader {
             if (writer != null) {
                 try {
                     writer.close();
-                    writer = null;
                 } catch (Exception ex) {
                     Logger.getLogger(Downloader.class.getName()).log(Level.FINEST,
                             "Error closing the writer in Downloader.", ex);
@@ -145,9 +104,7 @@ public final class Downloader {
             if (reader != null) {
                 try {
                     reader.close();
-                    reader = null;
                 } catch (Exception ex) {
-
                     Logger.getLogger(Downloader.class.getName()).log(Level.FINEST,
                             "Error closing the reader in Downloader.", ex);
                 }
@@ -162,7 +119,8 @@ public final class Downloader {
 
     /**
      * Makes an HTTP Head request to retrieve the last modified date of the
-     * given URL.
+     * given URL. If the file:// protocol is specified, then the lastTimestamp
+     * of the file is returned.
      *
      * @param url the URL to retrieve the timestamp from
      * @return an epoch timestamp
@@ -170,14 +128,21 @@ public final class Downloader {
      * the HTTP request
      */
     public static long getLastModified(URL url) throws DownloadFailedException {
-        HttpURLConnection conn = null;
         long timestamp = 0;
-
         //TODO add the FPR protocol?
         if ("file".equalsIgnoreCase(url.getProtocol())) {
             File lastModifiedFile;
             try {
+//                if (System.getProperty("os.name").toLowerCase().startsWith("windows")) {
+//                    String filePath = url.toString();
+//                    if (filePath.matches("file://[a-zA-Z]:.*")) {
+//                        f = new File(filePath.substring(7));
+//                    } else {
+//                        f = new File(url.toURI());
+//                    }
+//                } else {
                 lastModifiedFile = new File(url.toURI());
+//                }
             } catch (URISyntaxException ex) {
                 final String msg = String.format("Unable to locate '%s'; is the cve.url-2.0.modified property set correctly?", url.toString());
                 throw new DownloadFailedException(msg);

dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionException.java

@@ -0,0 +1,69 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Dependency-check-core is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation, either version 3 of the License, or (at your option) any
+ * later version.
+ *
+ * Dependency-check-core is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * dependency-check-core. If not, see http://www.gnu.org/licenses/.
+ *
+ * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.utils;
+
+import java.io.IOException;
+
+/**
+ * An exception used when a file is unable to be un-zipped.
+ *
+ * @author Jeremy Long (jeremy.long@owasp.org)
+ */
+public class ExtractionException extends IOException {
+
+    /**
+     * The serial version UID.
+     */
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Creates a new ExtractionException.
+     */
+    public ExtractionException() {
+        super();
+    }
+
+    /**
+     * Creates a new ExtractionException.
+     *
+     * @param msg a message for the exception.
+     */
+    public ExtractionException(String msg) {
+        super(msg);
+    }
+
+    /**
+     * Creates a new ExtractionException.
+     *
+     * @param ex the cause of the download failure.
+     */
+    public ExtractionException(Throwable ex) {
+        super(ex);
+    }
+
+    /**
+     * Creates a new ExtractionException.
+     *
+     * @param msg a message for the exception.
+     * @param ex the cause of the download failure.
+     */
+    public ExtractionException(String msg, Throwable ex) {
+        super(msg, ex);
+    }
+}

dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java

@@ -18,8 +18,12 @@
  */
 package org.owasp.dependencycheck.utils;
 
+import java.io.BufferedInputStream;
+import java.io.BufferedOutputStream;
 import java.io.File;
+import java.io.FileInputStream;
 import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.net.URLDecoder;
@@ -36,6 +40,11 @@ import org.owasp.dependencycheck.Engine;
  */
 public final class FileUtils {
 
+    /**
+     * The buffer size to use when extracting files from the archive.
+     */
+    private static final int BUFFER_SIZE = 4096;
+
     /**
      * Private constructor for a utility class.
      */
@@ -79,8 +88,6 @@ public final class FileUtils {
     }
 
     /**
-<<<<<<< HEAD
-=======
      * Deletes a file. If the File is a directory it will recursively delete the
      * contents.
      *
@@ -107,7 +114,6 @@ public final class FileUtils {
     }
 
     /**
->>>>>>> batch
      * Returns the data directory. If a path was specified in
      * dependencycheck.properties or was specified using the Settings object,
      * and the path exists, that path will be returned as a File object. If it

dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java

@@ -67,6 +67,11 @@ public final class Settings {
          * The base path to use for the data directory.
          */
         public static final String DATA_DIRECTORY = "data.directory";
+        /**
+         * The location of the batch update URL. This is a zip file that
+         * contains the contents of the data directory.
+         */
+        public static final String BATCH_UPDATE_URL = "batch.update.url";
         /**
          * The properties key for the path where the CPE Lucene Index will be
          * stored.
@@ -77,14 +82,6 @@ public final class Settings {
          * stored.
          */
         public static final String CVE_DATA_DIRECTORY = "data.cve";
-        /**
-         * The properties key for the URL to the CPE.
-         */
-        public static final String CPE_URL = "cpe.url";
-        /**
-         * The properties key for the URL to the CPE.
-         */
-        public static final String CPE_META_URL = "cpe.meta.url";
         /**
          * The properties key for the URL to retrieve the "meta" data from about
          * the CVE entries.
@@ -261,31 +258,14 @@ public final class Settings {
         return new File(file);
     }
 
-    /**
-     * Returns a value from the properties file as a File object. If the value
-     * was specified as a system property or passed in via the -Dprop=value
-     * argument - this method will return the value from the system properties
-     * before the values in the contained configuration file.
-     *
-     * This method will also replace a leading "[JAR]\" sequence with the path
-     * to the folder containing the JAR file containing this class.
-     *
-     * @param key the key to lookup within the properties file
-     * @return the property from the properties file converted to a File object
-     * @throws IOException thrown if the file path to the JAR cannot be found
-     */
-    public static File getFile(String key) throws IOException {
-        return getFile(key, Settings.class);
-    }
-
     /**
      * Attempts to retrieve the folder containing the Jar file containing the
      * Settings class.
      *
      * @return a File object
      */
-    private static File getJarPath(Class clazz) {
+    private static File getJarPath() {
-        final String jarPath = clazz.getProtectionDomain().getCodeSource().getLocation().getPath();
+        final String jarPath = Settings.class.getProtectionDomain().getCodeSource().getLocation().getPath();
         String decodedPath = ".";
         try {
             decodedPath = URLDecoder.decode(jarPath, "UTF-8");
@@ -294,8 +274,7 @@ public final class Settings {
         }
 
         final File path = new File(decodedPath);
-        //TODO - need to remove the "test-classes" check which is only here to make test cases work.
+        if (path.getName().toLowerCase().endsWith(".jar")) {
-        if (path.getName().toLowerCase().endsWith(".jar") || path.getName().equals("test-classes")) {
             return path.getParentFile();
         } else {
             return new File(".");