From ece4a51b942e52f646e356efb3e6a99c49a71d3b Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Wed, 9 Sep 2015 23:18:38 -0700
Subject: [PATCH] Replaced update or insert property logic with merge property
 logic.

---
 .../dependencycheck/data/nvdcve/CveDB.java    | 43 ++++++-------------
 .../resources/data/dbStatements.properties    |  3 +-
 2 files changed, 13 insertions(+), 33 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
index 4ab780755..741893289 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
@@ -258,12 +258,10 @@ public class CveDB {
      * @param props a collection of properties
      */
     void saveProperties(Properties props) {
-        PreparedStatement updateProperty = null;
-        PreparedStatement insertProperty = null;
+        PreparedStatement mergeProperty = null;
         try {
             try {
-                updateProperty = getConnection().prepareStatement(statementBundle.getString("UPDATE_PROPERTY"));
-                insertProperty = getConnection().prepareStatement(statementBundle.getString("INSERT_PROPERTY"));
+                mergeProperty = getConnection().prepareStatement(statementBundle.getString("MERGE_PROPERTY"));
             } catch (SQLException ex) {
                 LOGGER.warn("Unable to save properties to the database");
                 LOGGER.debug("Unable to save properties to the database", ex);
@@ -273,20 +271,16 @@ public class CveDB {
                 final String key = entry.getKey().toString();
                 final String value = entry.getValue().toString();
                 try {
-                    updateProperty.setString(1, value);
-                    updateProperty.setString(2, key);
-                    if (updateProperty.executeUpdate() == 0) {
-                        insertProperty.setString(1, key);
-                        insertProperty.setString(2, value);
-                    }
+                    mergeProperty.setString(1, key);
+                    mergeProperty.setString(2, value);
+                    mergeProperty.executeUpdate();
                 } catch (SQLException ex) {
                     LOGGER.warn("Unable to save property '{}' with a value of '{}' to the database", key, value);
                     LOGGER.debug("", ex);
                 }
             }
         } finally {
-            DBUtils.closeStatement(updateProperty);
-            DBUtils.closeStatement(insertProperty);
+            DBUtils.closeStatement(mergeProperty);
         }
     }
 
@@ -297,38 +291,25 @@ public class CveDB {
      * @param value the property value
      */
     void saveProperty(String key, String value) {
-        PreparedStatement updateProperty = null;
-        PreparedStatement insertProperty = null;
+        PreparedStatement mergeProperty = null;
         try {
             try {
-                updateProperty = getConnection().prepareStatement(statementBundle.getString("UPDATE_PROPERTY"));
+                mergeProperty = getConnection().prepareStatement(statementBundle.getString("MERGE_PROPERTY"));
             } catch (SQLException ex) {
                 LOGGER.warn("Unable to save properties to the database");
                 LOGGER.debug("Unable to save properties to the database", ex);
                 return;
             }
             try {
-                updateProperty.setString(1, value);
-                updateProperty.setString(2, key);
-                if (updateProperty.executeUpdate() == 0) {
-                    try {
-                        insertProperty = getConnection().prepareStatement(statementBundle.getString("INSERT_PROPERTY"));
-                    } catch (SQLException ex) {
-                        LOGGER.warn("Unable to save properties to the database");
-                        LOGGER.debug("Unable to save properties to the database", ex);
-                        return;
-                    }
-                    insertProperty.setString(1, key);
-                    insertProperty.setString(2, value);
-                    insertProperty.execute();
-                }
+                mergeProperty.setString(1, key);
+                mergeProperty.setString(2, value);
+                mergeProperty.executeUpdate();
             } catch (SQLException ex) {
                 LOGGER.warn("Unable to save property '{}' with a value of '{}' to the database", key, value);
                 LOGGER.debug("", ex);
             }
         } finally {
-            DBUtils.closeStatement(updateProperty);
-            DBUtils.closeStatement(insertProperty);
+            DBUtils.closeStatement(mergeProperty);
         }
     }
 
diff --git a/dependency-check-core/src/main/resources/data/dbStatements.properties b/dependency-check-core/src/main/resources/data/dbStatements.properties
index e612f259e..02f3bca8c 100644
--- a/dependency-check-core/src/main/resources/data/dbStatements.properties
+++ b/dependency-check-core/src/main/resources/data/dbStatements.properties
@@ -31,8 +31,7 @@ SELECT_VULNERABILITY=SELECT id, description, cwe, cvssScore, cvssAccessVector, c
 SELECT_VULNERABILITY_ID=SELECT id FROM vulnerability WHERE cve = ?
 SELECT_PROPERTIES=SELECT id, value FROM properties
 SELECT_PROPERTY=SELECT id, value FROM properties WHERE id = ?
-INSERT_PROPERTY=INSERT INTO properties (id, value) VALUES (?, ?)
-UPDATE_PROPERTY=UPDATE properties SET value = ? WHERE id = ?
+MERGE_PROPERTY=MERGE INTO properties (id, value) KEY(id) VALUES(?, ?)
 DELETE_PROPERTY=DELETE FROM properties WHERE id = ?
 
 DELETE_UNUSED_DICT_CPE=DELETE FROM cpeEntry WHERE dictionaryEntry=true AND id NOT IN (SELECT cpeEntryId FROM software)