diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java index aaf6d6a8b..f6b9ecf40 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java @@ -421,8 +421,8 @@ public class Engine { * @throws NoDataException thrown if no data exists in the CPE Index */ private void ensureDataExists() throws NoDataException { - CpeMemoryIndex cpe = CpeMemoryIndex.getInstance(); - CveDB cve = new CveDB(); + final CpeMemoryIndex cpe = CpeMemoryIndex.getInstance(); + final CveDB cve = new CveDB(); try { cve.open(); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java index 2875e13cb..1a2ba6b0d 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java @@ -1,6 +1,20 @@ /* - * To change this template, choose Tools | Templates - * and open the template in the editor. + * This file is part of dependency-check-core. + * + * Dependency-check-core is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * Dependency-check-core is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * dependency-check-core. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2013 Jeremy Long. All Rights Reserved. */ package org.owasp.dependencycheck.data.cpe; @@ -34,10 +48,12 @@ import org.owasp.dependencycheck.data.lucene.LuceneUtils; import org.owasp.dependencycheck.data.lucene.SearchFieldAnalyzer; /** + * An in memory lucene index that contains the vendor/product combinations from + * the CPE (application) identifiers within the NVD CVE data. * * @author Jeremy Long (jeremy.long@owasp.org) */ -public class CpeMemoryIndex { +public final class CpeMemoryIndex { /** * singleton instance. @@ -94,7 +110,7 @@ public class CpeMemoryIndex { * @throws IndexException thrown if there is an error creating the index */ public void open(CveDB cve) throws IndexException { - if (!_open) { + if (!openState) { index = new RAMDirectory(); buildIndex(cve); try { @@ -105,13 +121,13 @@ public class CpeMemoryIndex { indexSearcher = new IndexSearcher(indexReader); searchingAnalyzer = createSearchingAnalyzer(); queryParser = new QueryParser(LuceneUtils.CURRENT_VERSION, Fields.DOCUMENT_KEY, searchingAnalyzer); - _open = true; + openState = true; } } /** * A flag indicating whether or not the index is open. */ - private boolean _open = false; + private boolean openState = false; /** * returns whether or not the index is open. @@ -119,7 +135,7 @@ public class CpeMemoryIndex { * @return whether or not the index is open */ public boolean isOpen() { - return _open; + return openState; } /** @@ -191,9 +207,15 @@ public class CpeMemoryIndex { index.close(); index = null; } - _open = false; + openState = false; } + /** + * Builds the lucene index based off of the data within the CveDB. + * + * @param cve the data base containing the CPE data + * @throws IndexException thrown if there is an issue creating the index + */ private void buildIndex(CveDB cve) throws IndexException { Analyzer analyzer = null; IndexWriter indexWriter = null; @@ -201,7 +223,7 @@ public class CpeMemoryIndex { analyzer = createIndexingAnalyzer(); final IndexWriterConfig conf = new IndexWriterConfig(LuceneUtils.CURRENT_VERSION, analyzer); indexWriter = new IndexWriter(index, conf); - ResultSet rs = cve.getVendorProductList(); + final ResultSet rs = cve.getVendorProductList(); if (rs == null) { throw new IndexException("No data exists"); } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/LuceneUtils.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/LuceneUtils.java index a43056baa..e134bd652 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/LuceneUtils.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/lucene/LuceneUtils.java @@ -32,7 +32,7 @@ public final class LuceneUtils { * The current version of Lucene being used. Declaring this one place so an * upgrade doesn't require hunting through the code base. */ - public final static Version CURRENT_VERSION = Version.LUCENE_45; + public static final Version CURRENT_VERSION = Version.LUCENE_45; /** * Private constructor as this is a utility class. diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java index 101468fc6..e5da5f3c9 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java @@ -176,7 +176,7 @@ public class CveDB extends BaseDB { final Set set = new HashSet(); ResultSet rs = null; try { - PreparedStatement ps = getConnection().prepareStatement(SELECT_VENDOR_PRODUCT_LIST); + final PreparedStatement ps = getConnection().prepareStatement(SELECT_VENDOR_PRODUCT_LIST); rs = ps.executeQuery(); } catch (SQLException ex) { Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CallableDownloadTask.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CallableDownloadTask.java index 355e85a08..0a28d2bb7 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CallableDownloadTask.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/CallableDownloadTask.java @@ -1,6 +1,20 @@ /* - * To change this template, choose Tools | Templates - * and open the template in the editor. + * This file is part of dependency-check-core. + * + * Dependency-check-core is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * Dependency-check-core is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * dependency-check-core. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2013 Jeremy Long. All Rights Reserved. */ package org.owasp.dependencycheck.data.update; @@ -31,10 +45,13 @@ public class CallableDownloadTask implements Callable { this.first = first; this.second = second; } + /** + * The NVD CVE Meta Data. + */ private NvdCveInfo nvdCveInfo; /** - * Get the value of nvdCveInfo + * Get the value of nvdCveInfo. * * @return the value of nvdCveInfo */ @@ -43,7 +60,7 @@ public class CallableDownloadTask implements Callable { } /** - * Set the value of nvdCveInfo + * Set the value of nvdCveInfo. * * @param nvdCveInfo new value of nvdCveInfo */ @@ -94,50 +111,6 @@ public class CallableDownloadTask implements Callable { public void setSecond(File second) { this.second = second; } - /** - * the first url. - */ - private URL firstUrl; - - /** - * Get the value of firstUrl. - * - * @return the value of firstUrl - */ - public URL getFirstUrl() { - return firstUrl; - } - - /** - * Set the value of firstUrl. - * - * @param firstUrl new value of firstUrl - */ - public void setFirstUrl(URL firstUrl) { - this.firstUrl = firstUrl; - } - /** - * the second url. - */ - private URL secondUrl; - - /** - * Get the value of secondURL. - * - * @return the value of secondURL - */ - public URL getSecondUrl() { - return secondUrl; - } - - /** - * Set the value of secondUrl. - * - * @param secondURL new value of secondUrl - */ - public void setSecondUrl(URL secondUrl) { - this.secondUrl = secondUrl; - } /** * A placeholder for an exception. */ @@ -164,12 +137,12 @@ public class CallableDownloadTask implements Callable { @Override public CallableDownloadTask call() throws Exception { try { - final URL url_1 = new URL(nvdCveInfo.getUrl()); - final URL url_2 = new URL(nvdCveInfo.getOldSchemaVersionUrl()); + final URL url1 = new URL(nvdCveInfo.getUrl()); + final URL url2 = new URL(nvdCveInfo.getOldSchemaVersionUrl()); String msg = String.format("Download Started for NVD CVE - %s", nvdCveInfo.getId()); Logger.getLogger(CallableDownloadTask.class.getName()).log(Level.INFO, msg); - Downloader.fetchFile(url_1, first); - Downloader.fetchFile(url_2, second); + Downloader.fetchFile(url1, first); + Downloader.fetchFile(url2, second); msg = String.format("Download Complete for NVD CVE - %s", nvdCveInfo.getId()); Logger.getLogger(CallableDownloadTask.class.getName()).log(Level.INFO, msg); } catch (DownloadFailedException ex) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdateTask.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdateTask.java index 99bb94459..4286bef20 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdateTask.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/StandardUpdateTask.java @@ -99,26 +99,26 @@ public class StandardUpdateTask extends AbstractUpdateTask { final int poolSize = (MAX_THREAD_POOL_SIZE > maxUpdates) ? MAX_THREAD_POOL_SIZE : maxUpdates; final ExecutorService executorService = Executors.newFixedThreadPool(poolSize); - Set> futures = new HashSet>(maxUpdates); + final Set> futures = new HashSet>(maxUpdates); for (NvdCveInfo cve : getUpdateable()) { if (cve.getNeedsUpdate()) { - final File file_1; - final File file_2; + final File file1; + final File file2; try { - file_1 = File.createTempFile("cve" + cve.getId() + "_", ".xml"); - file_2 = File.createTempFile("cve_1_2_" + cve.getId() + "_", ".xml"); + file1 = File.createTempFile("cve" + cve.getId() + "_", ".xml"); + file2 = File.createTempFile("cve_1_2_" + cve.getId() + "_", ".xml"); } catch (IOException ex) { throw new UpdateException(ex); } - final CallableDownloadTask call = new CallableDownloadTask(cve, file_1, file_2); + final CallableDownloadTask call = new CallableDownloadTask(cve, file1, file2); futures.add(executorService.submit(call)); } } try { for (Future future : futures) { - CallableDownloadTask filePair = future.get(); + final CallableDownloadTask filePair = future.get(); String msg = String.format("Processing Started for NVD CVE - %s", filePair.getNvdCveInfo().getId()); Logger.getLogger(StandardUpdateTask.class.getName()).log(Level.INFO, msg); try { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java index ad42c4905..da240fc78 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -139,7 +139,7 @@ public final class Settings { /** * The maximum number of threads to allocate when downloading files. */ - public static String MAX_DOWNLOAD_THREAD_POOL_SIZE = "max.download.threads"; + public static final String MAX_DOWNLOAD_THREAD_POOL_SIZE = "max.download.threads"; } /** * The properties file location.