From f7a83d5a60d2d82b7a83b4b9e4d7809a5c39b6f5 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Mon, 2 Sep 2013 15:54:35 -0400 Subject: [PATCH] fixed merge issues Former-commit-id: fe669abc52c1cbcdec9de8bc1693cea12d9abe0c --- .../dependencycheck/utils/Downloader.java | 61 ++++------------ .../utils/ExtractionException.java | 69 +++++++++++++++++++ .../dependencycheck/utils/FileUtils.java | 12 +++- .../owasp/dependencycheck/utils/Settings.java | 37 +++------- 4 files changed, 99 insertions(+), 80 deletions(-) create mode 100644 dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionException.java diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Downloader.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Downloader.java index 85ec36930..fb3f0568f 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Downloader.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Downloader.java @@ -27,6 +27,7 @@ import java.net.HttpURLConnection; import java.net.InetSocketAddress; import java.net.Proxy; import java.net.SocketAddress; +import java.net.URISyntaxException; import java.net.URL; import java.util.logging.Level; import java.util.logging.Logger; @@ -46,33 +47,6 @@ public final class Downloader { private Downloader() { } - /** - * Retrieves a file from a given URL and saves it to the outputPath. - * - * @param url the URL of the file to download. - * @param outputPath the path to the save the file to. - * @throws DownloadFailedException is thrown if there is an error - * downloading the file. - */ - public static void fetchFile(URL url, String outputPath) throws DownloadFailedException { - fetchFile(url, outputPath, false); - } - - /** - * Retrieves a file from a given URL and saves it to the outputPath. - * - * @param url the URL of the file to download. - * @param outputPath the path to the save the file to. - * @param unzip true/false indicating that the file being retrieved is - * gzipped and if true, should be uncompressed before writing to the file. - * @throws DownloadFailedException is thrown if there is an error - * downloading the file. - */ - public static void fetchFile(URL url, String outputPath, boolean unzip) throws DownloadFailedException { - final File f = new File(outputPath); - fetchFile(url, f, unzip); - } - /** * Retrieves a file from a given URL and saves it to the outputPath. * @@ -82,20 +56,6 @@ public final class Downloader { * downloading the file. */ public static void fetchFile(URL url, File outputPath) throws DownloadFailedException { - fetchFile(url, outputPath, false); - } - - /** - * Retrieves a file from a given URL and saves it to the outputPath. - * - * @param url the URL of the file to download. - * @param outputPath the path to the save the file to. - * @param unzip true/false indicating that the file being retrieved is - * gzipped and if true, should be uncompressed before writing to the file. - * @throws DownloadFailedException is thrown if there is an error - * downloading the file. - */ - public static void fetchFile(URL url, File outputPath, boolean unzip) throws DownloadFailedException { HttpURLConnection conn = null; try { conn = Downloader.getConnection(url); @@ -116,7 +76,7 @@ public final class Downloader { BufferedOutputStream writer = null; InputStream reader = null; try { - if (unzip || (encoding != null && "gzip".equalsIgnoreCase(encoding))) { + if (encoding != null && "gzip".equalsIgnoreCase(encoding)) { reader = new GZIPInputStream(conn.getInputStream()); } else if (encoding != null && "deflate".equalsIgnoreCase(encoding)) { reader = new InflaterInputStream(conn.getInputStream()); @@ -136,7 +96,6 @@ public final class Downloader { if (writer != null) { try { writer.close(); - writer = null; } catch (Exception ex) { Logger.getLogger(Downloader.class.getName()).log(Level.FINEST, "Error closing the writer in Downloader.", ex); @@ -145,9 +104,7 @@ public final class Downloader { if (reader != null) { try { reader.close(); - reader = null; } catch (Exception ex) { - Logger.getLogger(Downloader.class.getName()).log(Level.FINEST, "Error closing the reader in Downloader.", ex); } @@ -162,7 +119,8 @@ public final class Downloader { /** * Makes an HTTP Head request to retrieve the last modified date of the - * given URL. + * given URL. If the file:// protocol is specified, then the lastTimestamp + * of the file is returned. * * @param url the URL to retrieve the timestamp from * @return an epoch timestamp @@ -170,14 +128,21 @@ public final class Downloader { * the HTTP request */ public static long getLastModified(URL url) throws DownloadFailedException { - HttpURLConnection conn = null; long timestamp = 0; - //TODO add the FPR protocol? if ("file".equalsIgnoreCase(url.getProtocol())) { File lastModifiedFile; try { +// if (System.getProperty("os.name").toLowerCase().startsWith("windows")) { +// String filePath = url.toString(); +// if (filePath.matches("file://[a-zA-Z]:.*")) { +// f = new File(filePath.substring(7)); +// } else { +// f = new File(url.toURI()); +// } +// } else { lastModifiedFile = new File(url.toURI()); +// } } catch (URISyntaxException ex) { final String msg = String.format("Unable to locate '%s'; is the cve.url-2.0.modified property set correctly?", url.toString()); throw new DownloadFailedException(msg); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionException.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionException.java new file mode 100644 index 000000000..ed0f51a17 --- /dev/null +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionException.java @@ -0,0 +1,69 @@ +/* + * This file is part of dependency-check-core. + * + * Dependency-check-core is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * Dependency-check-core is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * dependency-check-core. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2013 Jeremy Long. All Rights Reserved. + */ +package org.owasp.dependencycheck.utils; + +import java.io.IOException; + +/** + * An exception used when a file is unable to be un-zipped. + * + * @author Jeremy Long (jeremy.long@owasp.org) + */ +public class ExtractionException extends IOException { + + /** + * The serial version UID. + */ + private static final long serialVersionUID = 1L; + + /** + * Creates a new ExtractionException. + */ + public ExtractionException() { + super(); + } + + /** + * Creates a new ExtractionException. + * + * @param msg a message for the exception. + */ + public ExtractionException(String msg) { + super(msg); + } + + /** + * Creates a new ExtractionException. + * + * @param ex the cause of the download failure. + */ + public ExtractionException(Throwable ex) { + super(ex); + } + + /** + * Creates a new ExtractionException. + * + * @param msg a message for the exception. + * @param ex the cause of the download failure. + */ + public ExtractionException(String msg, Throwable ex) { + super(msg, ex); + } +} diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java index 28010ed8a..107595ecf 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java @@ -18,8 +18,12 @@ */ package org.owasp.dependencycheck.utils; +import java.io.BufferedInputStream; +import java.io.BufferedOutputStream; import java.io.File; +import java.io.FileInputStream; import java.io.FileNotFoundException; +import java.io.FileOutputStream; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.URLDecoder; @@ -36,6 +40,11 @@ import org.owasp.dependencycheck.Engine; */ public final class FileUtils { + /** + * The buffer size to use when extracting files from the archive. + */ + private static final int BUFFER_SIZE = 4096; + /** * Private constructor for a utility class. */ @@ -79,8 +88,6 @@ public final class FileUtils { } /** -<<<<<<< HEAD -======= * Deletes a file. If the File is a directory it will recursively delete the * contents. * @@ -107,7 +114,6 @@ public final class FileUtils { } /** ->>>>>>> batch * Returns the data directory. If a path was specified in * dependencycheck.properties or was specified using the Settings object, * and the path exists, that path will be returned as a File object. If it diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java index 77b7e03ef..6c2b8ac9c 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -67,6 +67,11 @@ public final class Settings { * The base path to use for the data directory. */ public static final String DATA_DIRECTORY = "data.directory"; + /** + * The location of the batch update URL. This is a zip file that + * contains the contents of the data directory. + */ + public static final String BATCH_UPDATE_URL = "batch.update.url"; /** * The properties key for the path where the CPE Lucene Index will be * stored. @@ -77,14 +82,6 @@ public final class Settings { * stored. */ public static final String CVE_DATA_DIRECTORY = "data.cve"; - /** - * The properties key for the URL to the CPE. - */ - public static final String CPE_URL = "cpe.url"; - /** - * The properties key for the URL to the CPE. - */ - public static final String CPE_META_URL = "cpe.meta.url"; /** * The properties key for the URL to retrieve the "meta" data from about * the CVE entries. @@ -261,31 +258,14 @@ public final class Settings { return new File(file); } - /** - * Returns a value from the properties file as a File object. If the value - * was specified as a system property or passed in via the -Dprop=value - * argument - this method will return the value from the system properties - * before the values in the contained configuration file. - * - * This method will also replace a leading "[JAR]\" sequence with the path - * to the folder containing the JAR file containing this class. - * - * @param key the key to lookup within the properties file - * @return the property from the properties file converted to a File object - * @throws IOException thrown if the file path to the JAR cannot be found - */ - public static File getFile(String key) throws IOException { - return getFile(key, Settings.class); - } - /** * Attempts to retrieve the folder containing the Jar file containing the * Settings class. * * @return a File object */ - private static File getJarPath(Class clazz) { - final String jarPath = clazz.getProtectionDomain().getCodeSource().getLocation().getPath(); + private static File getJarPath() { + final String jarPath = Settings.class.getProtectionDomain().getCodeSource().getLocation().getPath(); String decodedPath = "."; try { decodedPath = URLDecoder.decode(jarPath, "UTF-8"); @@ -294,8 +274,7 @@ public final class Settings { } final File path = new File(decodedPath); - //TODO - need to remove the "test-classes" check which is only here to make test cases work. - if (path.getName().toLowerCase().endsWith(".jar") || path.getName().equals("test-classes")) { + if (path.getName().toLowerCase().endsWith(".jar")) { return path.getParentFile(); } else { return new File(".");