Merge branch 'upmaster' into openssl-source-analyzer

Conflicts:
	dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzerTest.java

Former-commit-id: 6d92982227ad0ff7c4381d03eb1bf542dfe7697f

dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java

@@ -78,7 +78,7 @@ public final class FileUtils {
         boolean success = true;
         if (!org.apache.commons.io.FileUtils.deleteQuietly(file)) {
             success = false;
-            LOGGER.info("Failed to delete file: {}; attempting to delete on exit.", file.getPath());
+            LOGGER.debug("Failed to delete file: {}; attempting to delete on exit.", file.getPath());
             file.deleteOnExit();
         }
         return success;
@@ -103,16 +103,16 @@ public final class FileUtils {
     }
 
     /**
-     * Returns the data directory. If a path was specified in dependencycheck.properties or was specified using the
-     * Settings object, and the path exists, that path will be returned as a File object. If it does not exist, then a
-     * File object will be created based on the file location of the JAR containing the specified class.
+     * Returns the data directory. If a path was specified in dependencycheck.properties or was specified using the Settings
+     * object, and the path exists, that path will be returned as a File object. If it does not exist, then a File object will be
+     * created based on the file location of the JAR containing the specified class.
      *
      * @param configuredFilePath the configured relative or absolute path
      * @param clazz the class to resolve the path
      * @return a File object
      * @throws IOException is thrown if the path could not be decoded
-     * @deprecated This method should no longer be used. See the implementation in dependency-check-cli/App.java to see
-     * how the data directory should be set.
+     * @deprecated This method should no longer be used. See the implementation in dependency-check-cli/App.java to see how the
+     * data directory should be set.
      */
     @java.lang.Deprecated
     public static File getDataDirectory(String configuredFilePath, Class clazz) throws IOException {
@@ -126,8 +126,8 @@ public final class FileUtils {
     }
 
     /**
-     * Retrieves the physical path to the parent directory containing the provided class. For example, if a JAR file
-     * contained a class org.something.clazz this method would return the parent directory of the JAR file.
+     * Retrieves the physical path to the parent directory containing the provided class. For example, if a JAR file contained a
+     * class org.something.clazz this method would return the parent directory of the JAR file.
      *
      * @param clazz the class to determine the parent directory of
      * @return the parent directory of the file containing the specified class.

dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java

@@ -130,6 +130,14 @@ public final class Settings {
          * The properties key for the CVE schema version 2.0.
          */
         public static final String CVE_SCHEMA_2_0 = "cve.url-2.0.base";
+        /**
+         * The properties key that indicates how often the CPE data needs to be updated.
+         */
+        public static final String CPE_MODIFIED_VALID_FOR_DAYS = "cpe.validfordays";
+        /**
+         * The properties key for the URL to retrieve the CPE.
+         */
+        public static final String CPE_URL = "cpe.url";
         /**
          * The properties key for the proxy server.
          *
@@ -732,16 +740,15 @@ public final class Settings {
      *
      * @param connectionStringKey the property file key for the connection string
      * @param dbFileNameKey the settings key for the db filename
-     * @param dbVersionKey the settings key for the dbVersion
      * @return the connection string
      * @throws IOException thrown the data directory cannot be created
      * @throws InvalidSettingException thrown if there is an invalid setting
      */
-    public static String getConnectionString(String connectionStringKey, String dbFileNameKey, String dbVersionKey)
+    public static String getConnectionString(String connectionStringKey, String dbFileNameKey)
             throws IOException, InvalidSettingException {
         final String connStr = Settings.getString(connectionStringKey);
         if (connStr == null) {
-            final String msg = String.format("Invalid properties file to get the connection string; '%s' must be defined.",
+            final String msg = String.format("Invalid properties file; data.connection_string is missing.",
                     connectionStringKey);
             throw new InvalidSettingException(msg);
         }
@@ -756,18 +763,6 @@ public final class Settings {
                         dbFileNameKey);
                 throw new InvalidSettingException(msg);
             }
-            if (fileName.contains("%s")) {
-                String version = null;
-                if (dbVersionKey != null) {
-                    version = Settings.getString(dbVersionKey);
-                }
-                if (version == null) {
-                    final String msg = String.format("Invalid properties file to get a file based connection string; '%s' must be defined.",
-                            dbFileNameKey);
-                    throw new InvalidSettingException(msg);
-                }
-                fileName = String.format(fileName, version);
-            }
             if (connStr.startsWith("jdbc:h2:file:") && fileName.endsWith(".h2.db")) {
                 fileName = fileName.substring(0, fileName.length() - 6);
             }