github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-13 15:23:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

jacks recommended change for thread safety

Browse Source
This commit is contained in:
Jeremy Long
2016-12-05 22:41:15 -05:00
parent bd3af45db9
commit f47c6b07f4
5 changed files with 58 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
dependency-check-core/pom.xml
View File

@@ -261,6 +261,10 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
</reporting>
<dependencies>
<!-- Note, to stay compatible with Jenkins installations only JARs compiled to 1.6 can be used -->
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
</dependency>
<dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>annotations</artifactId>

19
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/DatabaseProperties.java
View File

@@ -17,13 +17,13 @@
*/
package org.owasp.dependencycheck.data.nvdcve;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Properties;
import java.util.TreeMap;
import org.joda.time.DateTime;
import org.joda.time.format.DateTimeFormat;
import org.joda.time.format.DateTimeFormatter;
import org.owasp.dependencycheck.data.update.nvd.NvdCveInfo;
import org.owasp.dependencycheck.data.update.exception.UpdateException;
import org.slf4j.Logger;
@@ -170,12 +170,13 @@ public class DatabaseProperties {
if (key.startsWith("NVD CVE ")) {
try {
final long epoch = Long.parseLong((String) entry.getValue());
final Date date = new Date(epoch);
synchronized (date) {
final DateFormat format = new SimpleDateFormat("dd/MM/yyyy HH:mm:ss");
final String formatted = format.format(date);
map.put(key, formatted);
}
final DateTime date = new DateTime(epoch);
DateTimeFormatter format = DateTimeFormat.forPattern("dd/MM/yyyy HH:mm:ss");
String formatted = format.print(date);
// final Date date = new Date(epoch);
// final DateFormat format = new SimpleDateFormat("dd/MM/yyyy HH:mm:ss");
// final String formatted = format.format(date);
map.put(key, formatted);
} catch (Throwable ex) { //deliberately being broad in this catch clause
LOGGER.debug("Unable to parse timestamp from DB", ex);
map.put(key, (String) entry.getValue());

24
dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java
View File

@@ -35,6 +35,9 @@ import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
import org.apache.velocity.context.Context;
import org.apache.velocity.runtime.RuntimeConstants;
import org.joda.time.DateTime;
import org.joda.time.format.DateTimeFormat;
import org.joda.time.format.DateTimeFormatter;
import org.owasp.dependencycheck.analyzer.Analyzer;
import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
import org.owasp.dependencycheck.dependency.Dependency;
@@ -104,15 +107,18 @@ public class ReportGenerator {
velocityEngine.init();
final EscapeTool enc = new EscapeTool();
final Date d = new Date();
String scanDate;
String scanDateXML;
synchronized (d) {
final DateFormat dateFormat = new SimpleDateFormat("MMM d, yyyy 'at' HH:mm:ss z");
final DateFormat dateFormatXML = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ");
scanDate = dateFormat.format(d);
scanDateXML = dateFormatXML.format(d);
}
final DateTime dt = DateTime.now();
DateTimeFormatter dateFormat = DateTimeFormat.forPattern("MMM d, yyyy 'at' HH:mm:ss z");
DateTimeFormatter dateFormatXML = DateTimeFormat.forPattern("yyyy-MM-dd'T'HH:mm:ss.SSSZ");
// final Date d = new Date();
// final DateFormat dateFormat = new SimpleDateFormat("MMM d, yyyy 'at' HH:mm:ss z");
// final DateFormat dateFormatXML = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ");
final String scanDate = dateFormat.print(dt);
final String scanDateXML = dateFormatXML.print(dt);
context.put("applicationName", applicationName);
context.put("dependencies", dependencies);
context.put("analyzers", analyzers);

24
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DatabasePropertiesIntegrationTest.java
View File

@@ -17,8 +17,14 @@
*/
package org.owasp.dependencycheck.data.nvdcve;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
import org.owasp.dependencycheck.BaseDBTestCase;
import java.util.Properties;
import org.joda.time.DateTime;
import org.joda.time.format.DateTimeFormat;
import org.joda.time.format.DateTimeFormatter;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import org.junit.Test;
@@ -143,4 +149,22 @@ public class DatabasePropertiesIntegrationTest extends BaseDBTestCase {
}
}
}
@Test
public void testTest() {
final Date now = new Date();
final DateFormat format = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ");
final String formatted = format.format(now);
final DateTime dt = new DateTime(now.getTime());
DateTimeFormatter fmt = DateTimeFormat.forPattern("yyyy-MM-dd'T'HH:mm:ss.SSSZ");
String jodaFormatted = fmt.print(dt);
System.out.println(formatted);
System.out.println(jodaFormatted);
assertTrue(jodaFormatted.equals(formatted));
}
}

5
pom.xml
View File

@@ -543,6 +543,11 @@ Copyright (c) 2012 - Jeremy Long
</reporting>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
<version>2.9.6</version>
</dependency>
<dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>annotations</artifactId>