Coverage Report

Coverage Report - org.owasp.dependencycheck.data.update.task.ProcessTask

Classes in this File

Line Coverage

Branch Coverage

Complexity

ProcessTask

0/49

N/A

3.5

 /*
  * This file is part of dependency-check-core.
  *
  * Dependency-check-core is free software: you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the Free
  * Software Foundation, either version 3 of the License, or (at your option) any
  * later version.
  *
  * Dependency-check-core is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  * details.
  *
  * You should have received a copy of the GNU General Public License along with
  * dependency-check-core. If not, see http://www.gnu.org/licenses/.
  *
  * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.data.update.task;
 
 import org.owasp.dependencycheck.data.update.xml.NvdCve20Handler;
 import org.owasp.dependencycheck.data.update.xml.NvdCve12Handler;
 import org.owasp.dependencycheck.data.update.exception.UpdateException;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.sql.SQLException;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.Callable;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.parsers.SAXParser;
 import javax.xml.parsers.SAXParserFactory;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 import org.owasp.dependencycheck.data.update.StandardUpdate;
 import org.owasp.dependencycheck.dependency.VulnerableSoftware;
 import org.xml.sax.SAXException;
 
 /**
  * A callable task that will process a given set of NVD CVE xml files and update
  * the Cve Database accordingly.
  *
  * @author Jeremy Long <jeremy.long@owasp.org>
  */
 public class ProcessTask implements Callable<ProcessTask> {
 
     /**
      * A field to store any update exceptions that occur during the "call".
      */
     private UpdateException exception = null;
 
     /**
      * Get the value of exception.
      *
      * @return the value of exception
      */
     public UpdateException getException() {
         return exception;
     }
 
     /**
      * Set the value of exception.
      *
      * @param exception new value of exception
      */
     public void setException(UpdateException exception) {
         this.exception = exception;
     }
     /**
      * A reference to the CveDB.
      */
     private final CveDB cveDB;
     /**
      * A reference to the callable download task.
      */
     private final CallableDownloadTask filePair;
     /**
      * A reference to the properties.
      */
     private final DatabaseProperties properties;
 
     /**
      * Constructs a new ProcessTask used to process an NVD CVE update.
      *
      * @param cveDB the data store object
      * @param filePair the download task that contains the URL references to
      * download
      */
     public ProcessTask(final CveDB cveDB, final CallableDownloadTask filePair) {
         this.cveDB = cveDB;
         this.filePair = filePair;
         this.properties = cveDB.getDatabaseProperties();
     }
 
     /**
      * Implements the callable interface.
      *
      * @return this object
      * @throws Exception thrown if there is an exception; note that any
      * UpdateExceptions are simply added to the tasks exception collection
      */
     @Override
     public ProcessTask call() throws Exception {
         try {
             processFiles();
         } catch (UpdateException ex) {
             this.exception = ex;
         }
         return this;
     }
 
     /**
      * Imports the NVD CVE XML File into the Lucene Index.
      *
      * @param file the file containing the NVD CVE XML
      * @param oldVersion contains the file containing the NVD CVE XML 1.2
      * @throws ParserConfigurationException is thrown if there is a parser
      * configuration exception
      * @throws SAXException is thrown if there is a SAXException
      * @throws IOException is thrown if there is a IO Exception
      * @throws SQLException is thrown if there is a SQL exception
      * @throws DatabaseException is thrown if there is a database exception
      * @throws ClassNotFoundException thrown if the h2 database driver cannot be
      * loaded
      */
     protected void importXML(File file, File oldVersion) throws ParserConfigurationException,
             SAXException, IOException, SQLException, DatabaseException, ClassNotFoundException {
 
         final SAXParserFactory factory = SAXParserFactory.newInstance();
         final SAXParser saxParser = factory.newSAXParser();
 
         final NvdCve12Handler cve12Handler = new NvdCve12Handler();
         saxParser.parse(oldVersion, cve12Handler);
         final Map<String, List<VulnerableSoftware>> prevVersionVulnMap = cve12Handler.getVulnerabilities();
 
         final NvdCve20Handler cve20Handler = new NvdCve20Handler();
         cve20Handler.setCveDB(cveDB);
         cve20Handler.setPrevVersionVulnMap(prevVersionVulnMap);
         saxParser.parse(file, cve20Handler);
     }
 
     /**
      * Processes the NVD CVE XML file and imports the data into the DB.
      *
      * @throws UpdateException thrown if there is an error loading the data into
      * the database
      */
     private void processFiles() throws UpdateException {
         String msg = String.format("Processing Started for NVD CVE - %s", filePair.getNvdCveInfo().getId());
         Logger.getLogger(StandardUpdate.class.getName()).log(Level.INFO, msg);
         try {
             importXML(filePair.getFirst(), filePair.getSecond());
             cveDB.commit();
             properties.save(filePair.getNvdCveInfo());
         } catch (FileNotFoundException ex) {
             throw new UpdateException(ex);
         } catch (ParserConfigurationException ex) {
             throw new UpdateException(ex);
         } catch (SAXException ex) {
             throw new UpdateException(ex);
         } catch (IOException ex) {
             throw new UpdateException(ex);
         } catch (SQLException ex) {
             throw new UpdateException(ex);
         } catch (DatabaseException ex) {
             throw new UpdateException(ex);
         } catch (ClassNotFoundException ex) {
             throw new UpdateException(ex);
         } finally {
             filePair.cleanup();
         }
         msg = String.format("Processing Complete for NVD CVE - %s", filePair.getNvdCveInfo().getId());
         Logger.getLogger(StandardUpdate.class.getName()).log(Level.INFO, msg);
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Dependency-check-core is free software: you can redistribute it and/or modify it
5		* under the terms of the GNU General Public License as published by the Free
6		* Software Foundation, either version 3 of the License, or (at your option) any
7		* later version.
8		*
9		* Dependency-check-core is distributed in the hope that it will be useful, but
10		* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11		* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
12		* details.
13		*
14		* You should have received a copy of the GNU General Public License along with
15		* dependency-check-core. If not, see http://www.gnu.org/licenses/.
16		*
17		* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
18		*/
19		package org.owasp.dependencycheck.data.update.task;
20
21		import org.owasp.dependencycheck.data.update.xml.NvdCve20Handler;
22		import org.owasp.dependencycheck.data.update.xml.NvdCve12Handler;
23		import org.owasp.dependencycheck.data.update.exception.UpdateException;
24		import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
25		import java.io.File;
26		import java.io.FileNotFoundException;
27		import java.io.IOException;
28		import java.sql.SQLException;
29		import java.util.List;
30		import java.util.Map;
31		import java.util.concurrent.Callable;
32		import java.util.logging.Level;
33		import java.util.logging.Logger;
34		import javax.xml.parsers.ParserConfigurationException;
35		import javax.xml.parsers.SAXParser;
36		import javax.xml.parsers.SAXParserFactory;
37		import org.owasp.dependencycheck.data.nvdcve.CveDB;
38		import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
39		import org.owasp.dependencycheck.data.update.StandardUpdate;
40		import org.owasp.dependencycheck.dependency.VulnerableSoftware;
41		import org.xml.sax.SAXException;
42
43		/**
44		* A callable task that will process a given set of NVD CVE xml files and update
45		* the Cve Database accordingly.
46		*
47		* @author Jeremy Long <jeremy.long@owasp.org>
48		*/
49	0	public class ProcessTask implements Callable<ProcessTask> {
50
51		/**
52		* A field to store any update exceptions that occur during the "call".
53		*/
54	0	private UpdateException exception = null;
55
56		/**
57		* Get the value of exception.
58		*
59		* @return the value of exception
60		*/
61		public UpdateException getException() {
62	0	return exception;
63		}
64
65		/**
66		* Set the value of exception.
67		*
68		* @param exception new value of exception
69		*/
70		public void setException(UpdateException exception) {
71	0	this.exception = exception;
72	0	}
73		/**
74		* A reference to the CveDB.
75		*/
76		private final CveDB cveDB;
77		/**
78		* A reference to the callable download task.
79		*/
80		private final CallableDownloadTask filePair;
81		/**
82		* A reference to the properties.
83		*/
84		private final DatabaseProperties properties;
85
86		/**
87		* Constructs a new ProcessTask used to process an NVD CVE update.
88		*
89		* @param cveDB the data store object
90		* @param filePair the download task that contains the URL references to
91		* download
92		*/
93	0	public ProcessTask(final CveDB cveDB, final CallableDownloadTask filePair) {
94	0	this.cveDB = cveDB;
95	0	this.filePair = filePair;
96	0	this.properties = cveDB.getDatabaseProperties();
97	0	}
98
99		/**
100		* Implements the callable interface.
101		*
102		* @return this object
103		* @throws Exception thrown if there is an exception; note that any
104		* UpdateExceptions are simply added to the tasks exception collection
105		*/
106		@Override
107		public ProcessTask call() throws Exception {
108		try {
109	0	processFiles();
110	0	} catch (UpdateException ex) {
111	0	this.exception = ex;
112	0	}
113	0	return this;
114		}
115
116		/**
117		* Imports the NVD CVE XML File into the Lucene Index.
118		*
119		* @param file the file containing the NVD CVE XML
120		* @param oldVersion contains the file containing the NVD CVE XML 1.2
121		* @throws ParserConfigurationException is thrown if there is a parser
122		* configuration exception
123		* @throws SAXException is thrown if there is a SAXException
124		* @throws IOException is thrown if there is a IO Exception
125		* @throws SQLException is thrown if there is a SQL exception
126		* @throws DatabaseException is thrown if there is a database exception
127		* @throws ClassNotFoundException thrown if the h2 database driver cannot be
128		* loaded
129		*/
130		protected void importXML(File file, File oldVersion) throws ParserConfigurationException,
131		SAXException, IOException, SQLException, DatabaseException, ClassNotFoundException {
132
133	0	final SAXParserFactory factory = SAXParserFactory.newInstance();
134	0	final SAXParser saxParser = factory.newSAXParser();
135
136	0	final NvdCve12Handler cve12Handler = new NvdCve12Handler();
137	0	saxParser.parse(oldVersion, cve12Handler);
138	0	final Map<String, List<VulnerableSoftware>> prevVersionVulnMap = cve12Handler.getVulnerabilities();
139
140	0	final NvdCve20Handler cve20Handler = new NvdCve20Handler();
141	0	cve20Handler.setCveDB(cveDB);
142	0	cve20Handler.setPrevVersionVulnMap(prevVersionVulnMap);
143	0	saxParser.parse(file, cve20Handler);
144	0	}
145
146		/**
147		* Processes the NVD CVE XML file and imports the data into the DB.
148		*
149		* @throws UpdateException thrown if there is an error loading the data into
150		* the database
151		*/
152		private void processFiles() throws UpdateException {
153	0	String msg = String.format("Processing Started for NVD CVE - %s", filePair.getNvdCveInfo().getId());
154	0	Logger.getLogger(StandardUpdate.class.getName()).log(Level.INFO, msg);
155		try {
156	0	importXML(filePair.getFirst(), filePair.getSecond());
157	0	cveDB.commit();
158	0	properties.save(filePair.getNvdCveInfo());
159	0	} catch (FileNotFoundException ex) {
160	0	throw new UpdateException(ex);
161	0	} catch (ParserConfigurationException ex) {
162	0	throw new UpdateException(ex);
163	0	} catch (SAXException ex) {
164	0	throw new UpdateException(ex);
165	0	} catch (IOException ex) {
166	0	throw new UpdateException(ex);
167	0	} catch (SQLException ex) {
168	0	throw new UpdateException(ex);
169	0	} catch (DatabaseException ex) {
170	0	throw new UpdateException(ex);
171	0	} catch (ClassNotFoundException ex) {
172	0	throw new UpdateException(ex);
173		} finally {
174	0	filePair.cleanup();
175	0	}
176	0	msg = String.format("Processing Complete for NVD CVE - %s", filePair.getNvdCveInfo().getId());
177	0	Logger.getLogger(StandardUpdate.class.getName()).log(Level.INFO, msg);
178	0	}
179		}