From fad704b692786a875978d5692792ba5aa6488c8f Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sun, 16 Jun 2013 07:24:34 -0400 Subject: [PATCH] updated logging Former-commit-id: b305a66140786ce59f547a7fce4a211e092a883d --- .../java/org/owasp/dependencycheck/App.java | 2 +- .../org/owasp/dependencycheck/Engine.java | 4 +-- .../dependencycheck/analyzer/JarAnalyzer.java | 13 +++++----- .../data/lucene/AbstractIndex.java | 10 ++++---- .../dependencycheck/data/nvdcve/CveDB.java | 23 ++++++++++------- .../data/nvdcve/xml/DatabaseUpdater.java | 9 ++++--- .../data/nvdcve/xml/NvdCve20Handler.java | 2 +- .../dependency/Dependency.java | 4 +-- .../dependency/VulnerableSoftware.java | 2 +- .../reporting/ReportGenerator.java | 2 +- .../owasp/dependencycheck/utils/Settings.java | 25 ++++++++++--------- 11 files changed, 50 insertions(+), 46 deletions(-) diff --git a/src/main/java/org/owasp/dependencycheck/App.java b/src/main/java/org/owasp/dependencycheck/App.java index 96031eaca..3f66d1936 100644 --- a/src/main/java/org/owasp/dependencycheck/App.java +++ b/src/main/java/org/owasp/dependencycheck/App.java @@ -89,7 +89,7 @@ public class App { try { in.close(); } catch (Exception ex) { - Logger.getLogger(App.class.getName()).log(Level.FINEST, null, ex); + Logger.getLogger(App.class.getName()).log(Level.FINEST, "Error closing resource stream", ex); } } } diff --git a/src/main/java/org/owasp/dependencycheck/Engine.java b/src/main/java/org/owasp/dependencycheck/Engine.java index ddfaf2908..2b53d101c 100644 --- a/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/src/main/java/org/owasp/dependencycheck/Engine.java @@ -283,9 +283,7 @@ public class Engine { Logger.getLogger(Engine.class.getName()).log(Level.WARNING, "Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities."); Logger.getLogger(Engine.class.getName()).log(Level.FINE, - String.format("Unable to update Cached Web DataSource, using local data instead. Results may not include recent " - + "vulnerabilities. Unable to update details for %s", - source.getClass().getName()), ex); + String.format("Unable to update details for %s", source.getClass().getName()), ex); } } } diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index 4a4727a22..90701cf28 100644 --- a/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -138,7 +138,8 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { final JAXBContext jaxbContext = JAXBContext.newInstance("org.owasp.dependencycheck.analyzer.pom.generated"); pomUnmarshaller = jaxbContext.createUnmarshaller(); } catch (JAXBException ex) { //guess we will just have a null pointer exception later... - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, null, ex); + Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, "Unable to load parser. See the log for more details."); + Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex); } } @@ -345,14 +346,12 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { final JAXBElement el = pomUnmarshaller.unmarshal(source, Model.class); m = el.getValue(); } catch (ParserConfigurationException ex) { - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, null, ex); + final String msg = String.format("Unable to parse pom '%s' in jar '%s'", path, jar.getName()); + Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, msg, ex); } catch (SAXException ex) { - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, null, ex); - } catch (JAXBException ex) { - Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, "failure reading pom via jaxb path:'" - + path + "' jar:'" + jar.getName() + "'", ex); + final String msg = String.format("Unable to parse pom '%s' in jar '%s'", path, jar.getName()); + Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, msg, ex); } - return m; } return null; diff --git a/src/main/java/org/owasp/dependencycheck/data/lucene/AbstractIndex.java b/src/main/java/org/owasp/dependencycheck/data/lucene/AbstractIndex.java index a1e011ccd..00e5b2be5 100644 --- a/src/main/java/org/owasp/dependencycheck/data/lucene/AbstractIndex.java +++ b/src/main/java/org/owasp/dependencycheck/data/lucene/AbstractIndex.java @@ -100,22 +100,22 @@ public abstract class AbstractIndex { } catch (CorruptIndexException ex) { final String msg = "Unable to update database, there is a corrupt index."; Logger.getLogger(AbstractIndex.class.getName()).log(Level.SEVERE, msg); - Logger.getLogger(AbstractIndex.class.getName()).log(Level.FINE, msg, ex); + Logger.getLogger(AbstractIndex.class.getName()).log(Level.FINE, null, ex); } catch (IOException ex) { final String msg = "Unable to update database due to an IO error."; Logger.getLogger(AbstractIndex.class.getName()).log(Level.SEVERE, msg); - Logger.getLogger(AbstractIndex.class.getName()).log(Level.FINE, msg, ex); + Logger.getLogger(AbstractIndex.class.getName()).log(Level.FINE, null, ex); } try { indexWriter.close(true); } catch (CorruptIndexException ex) { final String msg = "Unable to update database, there is a corrupt index."; Logger.getLogger(AbstractIndex.class.getName()).log(Level.SEVERE, msg); - Logger.getLogger(AbstractIndex.class.getName()).log(Level.FINE, msg, ex); + Logger.getLogger(AbstractIndex.class.getName()).log(Level.FINE, null, ex); } catch (IOException ex) { final String msg = "Unable to update database due to an IO error."; Logger.getLogger(AbstractIndex.class.getName()).log(Level.SEVERE, msg); - Logger.getLogger(AbstractIndex.class.getName()).log(Level.FINE, msg, ex); + Logger.getLogger(AbstractIndex.class.getName()).log(Level.FINE, null, ex); } finally { indexWriter = null; } @@ -139,7 +139,7 @@ public abstract class AbstractIndex { } catch (IOException ex) { final String msg = "Unable to update database due to an IO error."; Logger.getLogger(AbstractIndex.class.getName()).log(Level.SEVERE, msg); - Logger.getLogger(AbstractIndex.class.getName()).log(Level.FINE, msg, ex); + Logger.getLogger(AbstractIndex.class.getName()).log(Level.FINE, null, ex); } finally { directory = null; } diff --git a/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java index fc5bde2f8..cee6b84ff 100644 --- a/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java +++ b/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java @@ -220,7 +220,9 @@ public class CveDB { try { conn.close(); } catch (SQLException ex) { - Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex); + final String msg = "There was an error attempting to close the CveDB, see the log for more details."; + Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, msg, ex); + Logger.getLogger(CveDB.class.getName()).log(Level.FINE, null, ex); } conn = null; } @@ -239,7 +241,9 @@ public class CveDB { try { cpe.parseName(cpeStr); } catch (UnsupportedEncodingException ex) { - Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex); + final String msg = "There was an encoding error parsing a vulerability, see the log for more details."; + Logger.getLogger(CveDB.class.getName()).log(Level.WARNING, msg); + Logger.getLogger(CveDB.class.getName()).log(Level.FINE, String.format("Error parsing '%s'", cpeStr), ex); } final List vulnerabilities = new ArrayList(); @@ -259,7 +263,7 @@ public class CveDB { try { rs.close(); } catch (SQLException ex) { - Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex); + Logger.getLogger(CveDB.class.getName()).log(Level.FINE, "Error closing RecordSet", ex); } } } @@ -325,21 +329,21 @@ public class CveDB { try { rsV.close(); } catch (SQLException ex) { - Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex); + Logger.getLogger(CveDB.class.getName()).log(Level.FINE, "Error closing RecordSet", ex); } } if (rsR != null) { try { rsR.close(); } catch (SQLException ex) { - Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex); + Logger.getLogger(CveDB.class.getName()).log(Level.FINE, "Error closing RecordSet", ex); } } if (rsS != null) { try { rsS.close(); } catch (SQLException ex) { - Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex); + Logger.getLogger(CveDB.class.getName()).log(Level.FINE, "Error closing RecordSet", ex); } } } @@ -398,8 +402,9 @@ public class CveDB { } } catch (SQLException ex) { - Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex); - throw new DatabaseException("Error updating '" + vuln.getName() + "'", ex); + final String msg = String.format("Error updating '%s'", vuln.getName()); + Logger.getLogger(CveDB.class.getName()).log(Level.INFO, null, ex); + throw new DatabaseException(msg, ex); } } @@ -443,7 +448,7 @@ public class CveDB { try { statement.close(); } catch (SQLException ex) { - Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex); + Logger.getLogger(CveDB.class.getName()).log(Level.FINE, "Error closing Statement", ex); } } } diff --git a/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/DatabaseUpdater.java b/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/DatabaseUpdater.java index ffdbbc488..44600e200 100644 --- a/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/DatabaseUpdater.java +++ b/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/DatabaseUpdater.java @@ -296,11 +296,12 @@ public class DatabaseUpdater implements CachedWebDataSource { try { currentlyPublished = retrieveCurrentTimestampsFromWeb(); } catch (InvalidDataException ex) { - //Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.SEVERE, null, ex); - throw new DownloadFailedException("Unable to retrieve valid timestamp from nvd cve downloads page", ex); + final String msg = "Unable to retrieve valid timestamp from nvd cve downloads page"; + Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, msg, ex); + throw new DownloadFailedException(msg, ex); } catch (InvalidSettingException ex) { - ///Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.SEVERE, null, ex); + Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, "Invalid setting found when retrieving timestamps", ex); throw new DownloadFailedException("Invalid settings", ex); } @@ -311,7 +312,7 @@ public class DatabaseUpdater implements CachedWebDataSource { try { dir = CveDB.getDataDirectory().getCanonicalPath(); } catch (IOException ex) { - //Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.SEVERE, null, ex); + Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, "CveDB data directory doesn't exist?", ex); throw new UpdateException("Unable to locate last updated properties file.", ex); } diff --git a/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/NvdCve20Handler.java b/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/NvdCve20Handler.java index 315575579..fe63f23a3 100644 --- a/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/NvdCve20Handler.java +++ b/src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/NvdCve20Handler.java @@ -173,7 +173,7 @@ public class NvdCve20Handler extends DefaultHandler { vulnerability.setCvssScore(score); } catch (NumberFormatException ex) { Logger.getLogger(NvdCve20Handler.class.getName()).log(Level.SEVERE, "Error parsing CVSS Score."); - Logger.getLogger(NvdCve20Handler.class.getName()).log(Level.FINE, "Error parsing CVSS Score.", ex); + Logger.getLogger(NvdCve20Handler.class.getName()).log(Level.FINE, null, ex); } nodeText = null; } else if (current.isCVSSAccessVectorNode()) { diff --git a/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java b/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java index 17f883d0c..bca57445c 100644 --- a/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java +++ b/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java @@ -429,11 +429,11 @@ public class Dependency implements Comparable { } catch (IOException ex) { final String msg = String.format("Unable to read '%s' to determine hashes.", file.getName()); Logger.getLogger(Dependency.class.getName()).log(Level.WARNING, msg); - Logger.getLogger(Dependency.class.getName()).log(Level.FINE, msg, ex); + Logger.getLogger(Dependency.class.getName()).log(Level.FINE, null, ex); } catch (NoSuchAlgorithmException ex) { final String msg = "Unable to use MD5 of SHA1 checksums."; Logger.getLogger(Dependency.class.getName()).log(Level.WARNING, msg); - Logger.getLogger(Dependency.class.getName()).log(Level.FINE, msg, ex); + Logger.getLogger(Dependency.class.getName()).log(Level.FINE, null, ex); } this.setMd5sum(md5); this.setSha1sum(sha1); diff --git a/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java b/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java index 6dcaff037..0b7a154db 100644 --- a/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java +++ b/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java @@ -48,7 +48,7 @@ public class VulnerableSoftware extends Entry implements Serializable, Comparabl } catch (UnsupportedEncodingException ex) { final String msg = String.format("Character encoding is unsupported for CPE '%s'.", cpe); Logger.getLogger(VulnerableSoftware.class.getName()).log(Level.WARNING, msg); - Logger.getLogger(VulnerableSoftware.class.getName()).log(Level.FINE, msg, ex); + Logger.getLogger(VulnerableSoftware.class.getName()).log(Level.FINE, null, ex); setName(cpe); } } diff --git a/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java b/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java index 4a7055ecb..14a465822 100644 --- a/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java +++ b/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java @@ -195,7 +195,7 @@ public class ReportGenerator { input = new FileInputStream(f); } catch (FileNotFoundException ex) { Logger.getLogger(ReportGenerator.class.getName()).log(Level.SEVERE, "Unable to generate the report, the report template file could not be found."); - Logger.getLogger(ReportGenerator.class.getName()).log(Level.FINE, "Unable to generate the report, the report template file could not be found.", ex); + Logger.getLogger(ReportGenerator.class.getName()).log(Level.FINE, null, ex); } } else { templatePath = "templates/" + templateName + ".vsl"; diff --git a/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/src/main/java/org/owasp/dependencycheck/utils/Settings.java index c16507915..619257a1b 100644 --- a/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -37,19 +37,19 @@ public final class Settings { * The collection of keys used within the properties file. */ public static final class KEYS { + /** - * private constructor because this is a "utility" class containing constants + * private constructor because this is a "utility" class containing + * constants */ private KEYS() { //do nothing } - /** * The properties key indicating whether or not the cached data sources * should be updated. */ public static final String AUTO_UPDATE = "autoupdate"; - /** * The properties key for the path where the CPE Lucene Index will be * stored. @@ -107,8 +107,6 @@ public final class Settings { * The properties key for the CVE schema version 2.0. */ public static final String CVE_SCHEMA_2_0 = "2.0."; - - /** * The properties key for the proxy url. */ @@ -130,7 +128,6 @@ public final class Settings { * The location of the temporary directory. */ public static final String TEMP_DIRECTORY = "temp.directory"; - } /** * The properties file location. @@ -156,7 +153,7 @@ public final class Settings { props.load(in); } catch (IOException ex) { Logger.getLogger(Settings.class.getName()).log(Level.SEVERE, "Unable to load default settings."); - Logger.getLogger(Settings.class.getName()).log(Level.FINE, "Unable to load default settings.", ex); + Logger.getLogger(Settings.class.getName()).log(Level.FINE, null, ex); } } @@ -169,6 +166,7 @@ public final class Settings { public static void setString(String key, String value) { INSTANCE.props.setProperty(key, value); } + /** * Sets a property value. * @@ -265,6 +263,7 @@ public final class Settings { } return value; } + /** * Returns an int value from the properties file. If the value was specified * as a system property or passed in via the -Dprop=value argument - this @@ -273,8 +272,8 @@ public final class Settings { * * @param key the key to lookup within the properties file * @param defaultValue the default value to return - * @return the property from the properties file or the defaultValue if the property does - * not exist or cannot be converted to an integer + * @return the property from the properties file or the defaultValue if the + * property does not exist or cannot be converted to an integer */ public static int getInt(String key, int defaultValue) { int value; @@ -287,6 +286,7 @@ public final class Settings { } return value; } + /** * Returns a long value from the properties file. If the value was specified * as a system property or passed in via the -Dprop=value argument - this @@ -310,9 +310,10 @@ public final class Settings { /** * Returns a boolean value from the properties file. If the value was - * specified as a system property or passed in via the -Dprop=value - * argument this method will return the value from the system properties before - * the values in the contained configuration file. + * specified as a system property or passed in via the + * -Dprop=value argument this method will return the value from + * the system properties before the values in the contained configuration + * file. * * @param key the key to lookup within the properties file * @return the property from the properties file