updates to batch update mode to allow batch updates without a modified URL

Former-commit-id: 5e8ff7c0d9c880f2421f020f2891a6f7a794570a

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/DatabaseUpdater.java

@@ -41,7 +41,6 @@ import java.util.logging.Logger;
 import javax.xml.parsers.SAXParser;
 import javax.xml.parsers.SAXParserFactory;
 import org.owasp.dependencycheck.data.UpdateException;
-import org.owasp.dependencycheck.data.cpe.BaseIndex;
 import org.owasp.dependencycheck.data.cpe.CpeIndexWriter;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.dependency.VulnerableSoftware;
@@ -50,8 +49,9 @@ import org.owasp.dependencycheck.utils.Downloader;
 import org.owasp.dependencycheck.utils.FileUtils;
 import org.owasp.dependencycheck.utils.Settings;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
-import static org.owasp.dependencycheck.data.update.DataStoreMetaInfo.MODIFIED;
 import org.owasp.dependencycheck.utils.InvalidSettingException;
+import static org.owasp.dependencycheck.data.update.DataStoreMetaInfo.BATCH;
+import static org.owasp.dependencycheck.data.update.DataStoreMetaInfo.MODIFIED;
 
 /**
  *
@@ -199,10 +199,13 @@ public class DatabaseUpdater implements CachedWebDataSource {
                     }
                 }
             }
-            if (maxUpdates >= 1) {
+            if (maxUpdates >= 1) { //ensure the modified file date gets written
                 properties.save(update.get(MODIFIED));
                 cveDB.cleanupDatabase();
             }
+            if (update.get(BATCH) != null) {
+                properties.save(update.get(BATCH));
+            }
         } catch (MalformedURLException ex) {
             throw new UpdateException(ex);
         } catch (DownloadFailedException ex) {
@@ -249,13 +252,18 @@ public class DatabaseUpdater implements CachedWebDataSource {
      * @throws IOException thrown if the directory cannot be deleted
      */
     protected void deleteExistingData() throws IOException {
-        Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.INFO, "The database version is old. Rebuilding the database.");
+        File data = Settings.getFile(Settings.KEYS.CVE_DATA_DIRECTORY);
-        final File data = Settings.getFile(Settings.KEYS.DATA_DIRECTORY);
+        if (data.exists()) {
             FileUtils.delete(data);
-//        final File cveDir = CveDB.getDataDirectory();
+        }
-//        FileUtils.delete(cveDir);
+        data = Settings.getFile(Settings.KEYS.CPE_DATA_DIRECTORY);
-//        final File cpeDir = BaseIndex.getDataDirectory();
+        if (data.exists()) {
-//        FileUtils.delete(cpeDir);
+            FileUtils.delete(data);
+        }
+        data = properties.getPropertiesFile();
+        if (data.exists()) {
+            FileUtils.delete(data);
+        }
     }
 
     private void performBatchUpdate() throws UpdateException {
@@ -372,26 +380,25 @@ public class DatabaseUpdater implements CachedWebDataSource {
         }
 
         if (currentlyPublished == null) {
-            //TODO change messages once we have a new batch mode
+            throw new DownloadFailedException("Unable to retrieve the timestamps of the currently published NVD CVE data");
-            throw new DownloadFailedException("Unable to retrieve valid timestamp from NVD CVE data feeds");
         }
 
-        final File cpeDataDirectory;
+//        final File cpeDataDirectory;
-        try {
+//        try {
-            cpeDataDirectory = CveDB.getDataDirectory();
+//            cpeDataDirectory = CveDB.getDataDirectory();
-        } catch (IOException ex) {
+//        } catch (IOException ex) {
-            String msg;
+//            String msg;
-            try {
+//            try {
-                msg = String.format("Unable to create the CVE Data Directory '%s'",
+//                msg = String.format("Unable to create the CVE Data Directory '%s'",
-                        Settings.getFile(Settings.KEYS.CVE_DATA_DIRECTORY).getCanonicalPath());
+//                        Settings.getFile(Settings.KEYS.CVE_DATA_DIRECTORY).getCanonicalPath());
-            } catch (IOException ex1) {
+//            } catch (IOException ex1) {
-                msg = String.format("Unable to create the CVE Data Directory, this is likely a configuration issue: '%s%s%s'",
+//                msg = String.format("Unable to create the CVE Data Directory, this is likely a configuration issue: '%s%s%s'",
-                        Settings.getString(Settings.KEYS.DATA_DIRECTORY, ""),
+//                        Settings.getString(Settings.KEYS.DATA_DIRECTORY, ""),
-                        File.separator,
+//                        File.separator,
-                        Settings.getString(Settings.KEYS.CVE_DATA_DIRECTORY, ""));
+//                        Settings.getString(Settings.KEYS.CVE_DATA_DIRECTORY, ""));
-            }
+//            }
-            throw new UpdateException(msg, ex);
+//            throw new UpdateException(msg, ex);
-        }
+//        }
 
         if (!properties.isEmpty()) {
             try {
@@ -411,8 +418,24 @@ public class DatabaseUpdater implements CachedWebDataSource {
                         deleteAndRecreate = true;
                     }
                 }
+
+                NvdCveInfo batchInfo = currentlyPublished.get(BATCH);
+                if (properties.isBatchUpdateMode() && batchInfo != null) {
+                    final long lastUpdated = Long.parseLong(properties.getProperty(DataStoreMetaInfo.BATCH, "0"));
+                    if (lastUpdated != batchInfo.getTimestamp()) {
+                        deleteAndRecreate = true;
+                    }
+                }
+
                 if (deleteAndRecreate) {
                     setDoBatchUpdate(properties.isBatchUpdateMode());
+                    try {
+                        deleteExistingData();
+                    } catch (IOException ex) {
+                        final String msg = "Unable to delete existing data";
+                        Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING, msg);
+                        Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, null, ex);
+                    }
                     return currentlyPublished;
                 }
 
@@ -492,12 +515,24 @@ public class DatabaseUpdater implements CachedWebDataSource {
      * timestamps
      * @throws InvalidSettingException thrown if the settings are invalid
      */
-    protected Map<String, NvdCveInfo> retrieveCurrentTimestampsFromWeb()
+    private Map<String, NvdCveInfo> retrieveCurrentTimestampsFromWeb()
             throws MalformedURLException, DownloadFailedException, InvalidDataException, InvalidSettingException {
 
         final Map<String, NvdCveInfo> map = new TreeMap<String, NvdCveInfo>();
         String retrieveUrl = Settings.getString(Settings.KEYS.CVE_MODIFIED_20_URL);
-
+        if (retrieveUrl == null && properties.isBatchUpdateMode()) {
+            NvdCveInfo item = new NvdCveInfo();
+            retrieveUrl = Settings.getString(Settings.KEYS.BATCH_UPDATE_URL);
+            if (retrieveUrl == null) {
+                final String msg = "Invalid configuration - neither the modified or batch update URLs are specified in the configuration.";
+                Logger.getLogger(DataStoreMetaInfo.class.getName()).log(Level.SEVERE, msg);
+                throw new InvalidSettingException(msg);
+            }
+            item.setTimestamp(Downloader.getLastModified(new URL(retrieveUrl)));
+            item.setId(BATCH);
+            item.setNeedsUpdate(false);
+            map.put(BATCH, item);
+        } else {
             NvdCveInfo item = new NvdCveInfo();
             item.setNeedsUpdate(false); //the others default to true, to make life easier later this should default to false.
             item.setId(MODIFIED);
@@ -523,6 +558,7 @@ public class DatabaseUpdater implements CachedWebDataSource {
                     map.put(item.getId(), item);
                 }
             }
+        }
         return map;
     }
 }