changed update script to fail on non-H2 databases; they require manual upgrades

2026-03-22 00:59:34 +01:00 · 2015-10-12 05:47:50 -04:00
parent 02eab65c4e
commit f0d93538ae
1 changed files with 54 additions and 36 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactory.java
@@ -30,6 +30,8 @@ import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Statement;
 import org.owasp.dependencycheck.utils.DBUtils;
 import org.owasp.dependencycheck.utils.DependencyVersion;
 import org.owasp.dependencycheck.utils.DependencyVersionUtil;
 import org.owasp.dependencycheck.utils.Settings;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -288,48 +290,59 @@ public final class ConnectionFactory {
     * @throws DatabaseException thrown if there is an exception upgrading the database schema
     */
    private static void updateSchema(Connection conn, String schema) throws DatabaseException {
-        LOGGER.debug("Updating database structure");
+        final String databaseProductName = conn.getMetaData().getDatabaseProductName();
-        InputStream is;
+        if ("h2".equalsIgnoreCase(databaseProductName)) {
-        InputStreamReader reader;
+            LOGGER.debug("Updating database structure");
-        BufferedReader in = null;
+            InputStream is;
-        String updateFile = null;
+            InputStreamReader reader;
-        try {
+            BufferedReader in = null;
-            updateFile = String.format(DB_STRUCTURE_UPDATE_RESOURCE, schema);
+            String updateFile = null;
            is = ConnectionFactory.class.getClassLoader().getResourceAsStream(updateFile);
            if (is == null) {
                throw new DatabaseException(String.format("Unable to load update file '%s'", updateFile));
            }
            reader = new InputStreamReader(is, "UTF-8");
            in = new BufferedReader(reader);
            final StringBuilder sb = new StringBuilder(2110);
            String tmp;
            while ((tmp = in.readLine()) != null) {
                sb.append(tmp);
            }
            Statement statement = null;
            try {
-                statement = conn.createStatement();
+                updateFile = String.format(DB_STRUCTURE_UPDATE_RESOURCE, schema);
-                statement.execute(sb.toString());
+                is = ConnectionFactory.class.getClassLoader().getResourceAsStream(updateFile);
-            } catch (SQLException ex) {
+                if (is == null) {
-                LOGGER.debug("", ex);
+                    throw new DatabaseException(String.format("Unable to load update file '%s'", updateFile));
-                throw new DatabaseException("Unable to update database schema", ex);
+                }
-            } finally {
+                reader = new InputStreamReader(is, "UTF-8");
-                DBUtils.closeStatement(statement);
+                in = new BufferedReader(reader);
-            }
+                final StringBuilder sb = new StringBuilder(2110);
-        } catch (IOException ex) {
+                String tmp;
-            final String msg = String.format("Upgrade SQL file does not exist: %s", updateFile);
+                while ((tmp = in.readLine()) != null) {
-            throw new DatabaseException(msg, ex);
+                    sb.append(tmp);
-        } finally {
+                }
-            if (in != null) {
+                Statement statement = null;
                try {
-                    in.close();
+                    statement = conn.createStatement();
-                } catch (IOException ex) {
+                    statement.execute(sb.toString());
-                    LOGGER.trace("", ex);
+                } catch (SQLException ex) {
                    LOGGER.debug("", ex);
                    throw new DatabaseException("Unable to update database schema", ex);
                } finally {
                    DBUtils.closeStatement(statement);
                }
            } catch (IOException ex) {
                final String msg = String.format("Upgrade SQL file does not exist: %s", updateFile);
                throw new DatabaseException(msg, ex);
            } finally {
                if (in != null) {
                    try {
                        in.close();
                    } catch (IOException ex) {
                        LOGGER.trace("", ex);
                    }
                }
            }
        } else {
            LOGGER.error("The database schema must be upgraded to use this version of dependency-check. Please see {} for more information.", UPGRADE_HELP_URL);
            throw new DatabaseException("Database schema is out of date");
        }
    }
    /**
     * Counter to ensure that calls to ensureSchemaVersion does not end up in an endless loop.
     */
    private static int callDepth = 0;
    /**
     * Uses the provided connection to check the specified schema version within the database.
     *
@@ -344,10 +357,15 @@ public final class ConnectionFactory {
            cs = conn.prepareCall("SELECT value FROM properties WHERE id = 'version'");
            rs = cs.executeQuery();
            if (rs.next()) {
-                if (!DB_SCHEMA_VERSION.equals(rs.getString(1))) {
+                final DependencyVersion current = DependencyVersionUtil.parseVersion(DB_SCHEMA_VERSION);
                final DependencyVersion db = DependencyVersionUtil.parseVersion(rs.getString(1));
                if (current.compareTo(db) > 0) {
                    LOGGER.debug("Current Schema: " + DB_SCHEMA_VERSION);
                    LOGGER.debug("DB Schema: " + rs.getString(1));
                    updateSchema(conn, rs.getString(1));
                    if (++callDepth < 10) {
                        ensureSchemaVersion(conn);
                    }
                }
            } else {
                throw new DatabaseException("Database schema is missing");