Coverage Report

Coverage Report - org.owasp.dependencycheck.data.update.nvd.ProcessTask

Classes in this File

Line Coverage

Branch Coverage

Complexity

ProcessTask

0/52

N/A

3.5

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.data.update.nvd;
 
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.sql.SQLException;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.Callable;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.parsers.SAXParser;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
 import org.owasp.dependencycheck.data.update.exception.UpdateException;
 import org.owasp.dependencycheck.dependency.VulnerableSoftware;
 import org.owasp.dependencycheck.utils.Settings;
 import org.owasp.dependencycheck.utils.XmlUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.xml.sax.SAXException;
 
 /**
  * A callable task that will process a given set of NVD CVE xml files and update
  * the Cve Database accordingly.
  *
  * @author Jeremy Long
  */
 public class ProcessTask implements Callable<ProcessTask> {
 
     /**
      * The logger.
      */
     private static final Logger LOGGER = LoggerFactory.getLogger(ProcessTask.class);
     /**
      * A field to store any update exceptions that occur during the "call".
      */
     private UpdateException exception = null;
 
     /**
      * Get the value of exception.
      *
      * @return the value of exception
      */
     public UpdateException getException() {
         return exception;
     }
 
     /**
      * Set the value of exception.
      *
      * @param exception new value of exception
      */
     public void setException(UpdateException exception) {
         this.exception = exception;
     }
     /**
      * A reference to the CveDB.
      */
     private final CveDB cveDB;
     /**
      * A reference to the callable download task.
      */
     private final DownloadTask filePair;
     /**
      * A reference to the properties.
      */
     private final DatabaseProperties properties;
     /**
      * A reference to the global settings object.
      */
     private final Settings settings;
 
     /**
      * Constructs a new ProcessTask used to process an NVD CVE update.
      *
      * @param cveDB the data store object
      * @param filePair the download task that contains the URL references to
      * download
      * @param settings a reference to the global settings object; this is
      * necessary so that when the thread is started the dependencies have a
      * correct reference to the global settings.
      */
     public ProcessTask(final CveDB cveDB, final DownloadTask filePair, Settings settings) {
         this.cveDB = cveDB;
         this.filePair = filePair;
         this.properties = cveDB.getDatabaseProperties();
         this.settings = settings;
     }
 
     /**
      * Implements the callable interface.
      *
      * @return this object
      * @throws Exception thrown if there is an exception; note that any
      * UpdateExceptions are simply added to the tasks exception collection
      */
     @Override
     public ProcessTask call() throws Exception {
         try {
             Settings.setInstance(settings);
             processFiles();
         } catch (UpdateException ex) {
             this.exception = ex;
         } finally {
             Settings.cleanup(false);
         }
         return this;
     }
 
     /**
      * Imports the NVD CVE XML File into the Lucene Index.
      *
      * @param file the file containing the NVD CVE XML
      * @param oldVersion contains the file containing the NVD CVE XML 1.2
      * @throws ParserConfigurationException is thrown if there is a parser
      * configuration exception
      * @throws SAXException is thrown if there is a SAXException
      * @throws IOException is thrown if there is a IO Exception
      * @throws SQLException is thrown if there is a SQL exception
      * @throws DatabaseException is thrown if there is a database exception
      * @throws ClassNotFoundException thrown if the h2 database driver cannot be
      * loaded
      */
     protected void importXML(File file, File oldVersion) throws ParserConfigurationException,
             SAXException, IOException, SQLException, DatabaseException, ClassNotFoundException {
 
         final SAXParser saxParser = XmlUtils.buildSecureSaxParser();
 
         final NvdCve12Handler cve12Handler = new NvdCve12Handler();
         saxParser.parse(oldVersion, cve12Handler);
         final Map<String, List<VulnerableSoftware>> prevVersionVulnMap = cve12Handler.getVulnerabilities();
 
         final NvdCve20Handler cve20Handler = new NvdCve20Handler();
         cve20Handler.setCveDB(cveDB);
         cve20Handler.setPrevVersionVulnMap(prevVersionVulnMap);
         saxParser.parse(file, cve20Handler);
     }
 
     /**
      * Processes the NVD CVE XML file and imports the data into the DB.
      *
      * @throws UpdateException thrown if there is an error loading the data into
      * the database
      */
     private void processFiles() throws UpdateException {
         LOGGER.info("Processing Started for NVD CVE - {}", filePair.getNvdCveInfo().getId());
         final long startProcessing = System.currentTimeMillis();
         try {
             importXML(filePair.getFirst(), filePair.getSecond());
             cveDB.commit();
             properties.save(filePair.getNvdCveInfo());
         } catch (FileNotFoundException ex) {
             throw new UpdateException(ex);
         } catch (ParserConfigurationException ex) {
             throw new UpdateException(ex);
         } catch (SAXException ex) {
             throw new UpdateException(ex);
         } catch (IOException ex) {
             throw new UpdateException(ex);
         } catch (SQLException ex) {
             throw new UpdateException(ex);
         } catch (DatabaseException ex) {
             throw new UpdateException(ex);
         } catch (ClassNotFoundException ex) {
             throw new UpdateException(ex);
         } finally {
             filePair.cleanup();
         }
         LOGGER.info("Processing Complete for NVD CVE - {}  ({} ms)", filePair.getNvdCveInfo().getId(),
                 System.currentTimeMillis() - startProcessing);
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.data.update.nvd;
19
20		import java.io.File;
21		import java.io.FileNotFoundException;
22		import java.io.IOException;
23		import java.sql.SQLException;
24		import java.util.List;
25		import java.util.Map;
26		import java.util.concurrent.Callable;
27		import javax.xml.parsers.ParserConfigurationException;
28		import javax.xml.parsers.SAXParser;
29		import org.owasp.dependencycheck.data.nvdcve.CveDB;
30		import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
31		import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
32		import org.owasp.dependencycheck.data.update.exception.UpdateException;
33		import org.owasp.dependencycheck.dependency.VulnerableSoftware;
34		import org.owasp.dependencycheck.utils.Settings;
35		import org.owasp.dependencycheck.utils.XmlUtils;
36		import org.slf4j.Logger;
37		import org.slf4j.LoggerFactory;
38		import org.xml.sax.SAXException;
39
40		/**
41		* A callable task that will process a given set of NVD CVE xml files and update
42		* the Cve Database accordingly.
43		*
44		* @author Jeremy Long
45		*/
46	0	public class ProcessTask implements Callable<ProcessTask> {
47
48		/**
49		* The logger.
50		*/
51	0	private static final Logger LOGGER = LoggerFactory.getLogger(ProcessTask.class);
52		/**
53		* A field to store any update exceptions that occur during the "call".
54		*/
55	0	private UpdateException exception = null;
56
57		/**
58		* Get the value of exception.
59		*
60		* @return the value of exception
61		*/
62		public UpdateException getException() {
63	0	return exception;
64		}
65
66		/**
67		* Set the value of exception.
68		*
69		* @param exception new value of exception
70		*/
71		public void setException(UpdateException exception) {
72	0	this.exception = exception;
73	0	}
74		/**
75		* A reference to the CveDB.
76		*/
77		private final CveDB cveDB;
78		/**
79		* A reference to the callable download task.
80		*/
81		private final DownloadTask filePair;
82		/**
83		* A reference to the properties.
84		*/
85		private final DatabaseProperties properties;
86		/**
87		* A reference to the global settings object.
88		*/
89		private final Settings settings;
90
91		/**
92		* Constructs a new ProcessTask used to process an NVD CVE update.
93		*
94		* @param cveDB the data store object
95		* @param filePair the download task that contains the URL references to
96		* download
97		* @param settings a reference to the global settings object; this is
98		* necessary so that when the thread is started the dependencies have a
99		* correct reference to the global settings.
100		*/
101	0	public ProcessTask(final CveDB cveDB, final DownloadTask filePair, Settings settings) {
102	0	this.cveDB = cveDB;
103	0	this.filePair = filePair;
104	0	this.properties = cveDB.getDatabaseProperties();
105	0	this.settings = settings;
106	0	}
107
108		/**
109		* Implements the callable interface.
110		*
111		* @return this object
112		* @throws Exception thrown if there is an exception; note that any
113		* UpdateExceptions are simply added to the tasks exception collection
114		*/
115		@Override
116		public ProcessTask call() throws Exception {
117		try {
118	0	Settings.setInstance(settings);
119	0	processFiles();
120	0	} catch (UpdateException ex) {
121	0	this.exception = ex;
122		} finally {
123	0	Settings.cleanup(false);
124	0	}
125	0	return this;
126		}
127
128		/**
129		* Imports the NVD CVE XML File into the Lucene Index.
130		*
131		* @param file the file containing the NVD CVE XML
132		* @param oldVersion contains the file containing the NVD CVE XML 1.2
133		* @throws ParserConfigurationException is thrown if there is a parser
134		* configuration exception
135		* @throws SAXException is thrown if there is a SAXException
136		* @throws IOException is thrown if there is a IO Exception
137		* @throws SQLException is thrown if there is a SQL exception
138		* @throws DatabaseException is thrown if there is a database exception
139		* @throws ClassNotFoundException thrown if the h2 database driver cannot be
140		* loaded
141		*/
142		protected void importXML(File file, File oldVersion) throws ParserConfigurationException,
143		SAXException, IOException, SQLException, DatabaseException, ClassNotFoundException {
144
145	0	final SAXParser saxParser = XmlUtils.buildSecureSaxParser();
146
147	0	final NvdCve12Handler cve12Handler = new NvdCve12Handler();
148	0	saxParser.parse(oldVersion, cve12Handler);
149	0	final Map<String, List<VulnerableSoftware>> prevVersionVulnMap = cve12Handler.getVulnerabilities();
150
151	0	final NvdCve20Handler cve20Handler = new NvdCve20Handler();
152	0	cve20Handler.setCveDB(cveDB);
153	0	cve20Handler.setPrevVersionVulnMap(prevVersionVulnMap);
154	0	saxParser.parse(file, cve20Handler);
155	0	}
156
157		/**
158		* Processes the NVD CVE XML file and imports the data into the DB.
159		*
160		* @throws UpdateException thrown if there is an error loading the data into
161		* the database
162		*/
163		private void processFiles() throws UpdateException {
164	0	LOGGER.info("Processing Started for NVD CVE - {}", filePair.getNvdCveInfo().getId());
165	0	final long startProcessing = System.currentTimeMillis();
166		try {
167	0	importXML(filePair.getFirst(), filePair.getSecond());
168	0	cveDB.commit();
169	0	properties.save(filePair.getNvdCveInfo());
170	0	} catch (FileNotFoundException ex) {
171	0	throw new UpdateException(ex);
172	0	} catch (ParserConfigurationException ex) {
173	0	throw new UpdateException(ex);
174	0	} catch (SAXException ex) {
175	0	throw new UpdateException(ex);
176	0	} catch (IOException ex) {
177	0	throw new UpdateException(ex);
178	0	} catch (SQLException ex) {
179	0	throw new UpdateException(ex);
180	0	} catch (DatabaseException ex) {
181	0	throw new UpdateException(ex);
182	0	} catch (ClassNotFoundException ex) {
183	0	throw new UpdateException(ex);
184		} finally {
185	0	filePair.cleanup();
186	0	}
187	0	LOGGER.info("Processing Complete for NVD CVE - {} ({} ms)", filePair.getNvdCveInfo().getId(),
188	0	System.currentTimeMillis() - startProcessing);
189	0	}
190		}