Coverage Report

Coverage Report - org.owasp.dependencycheck.data.update.NvdCveUpdater

Classes in this File

Line Coverage

Branch Coverage

Complexity

NvdCveUpdater

0/132

0/50

12.25

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.data.update;
 
 import java.net.MalformedURLException;
 import java.util.Calendar;
 import java.util.Date;
 import java.util.HashSet;
 import java.util.Set;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 import java.util.concurrent.Future;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
 import static org.owasp.dependencycheck.data.nvdcve.DatabaseProperties.MODIFIED;
 import org.owasp.dependencycheck.data.update.exception.InvalidDataException;
 import org.owasp.dependencycheck.data.update.exception.UpdateException;
 import org.owasp.dependencycheck.data.update.nvd.DownloadTask;
 import org.owasp.dependencycheck.data.update.nvd.NvdCveInfo;
 import org.owasp.dependencycheck.data.update.nvd.ProcessTask;
 import org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve;
 import org.owasp.dependencycheck.utils.DateUtil;
 import org.owasp.dependencycheck.utils.DownloadFailedException;
 import org.owasp.dependencycheck.utils.InvalidSettingException;
 import org.owasp.dependencycheck.utils.Settings;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 /**
  * Class responsible for updating the NVD CVE data.
  *
  * @author Jeremy Long
  */
 public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
 
     /**
      * The logger
      */
     private static final Logger LOGGER = LoggerFactory.getLogger(NvdCveUpdater.class);
     /**
      * The max thread pool size to use when downloading files.
      */
     public static final int MAX_THREAD_POOL_SIZE = Settings.getInt(Settings.KEYS.MAX_DOWNLOAD_THREAD_POOL_SIZE, 3);
 
     /**
      * <p>
      * Downloads the latest NVD CVE XML file from the web and imports it into the current CVE Database.</p>
      *
      * @throws UpdateException is thrown if there is an error updating the database
      */
     @Override
     public void update() throws UpdateException {
         try {
             openDataStores();
             final UpdateableNvdCve updateable = getUpdatesNeeded();
             if (updateable.isUpdateNeeded()) {
                 performUpdate(updateable);
             }
         } catch (MalformedURLException ex) {
             LOGGER.warn(
                     "NVD CVE properties files contain an invalid URL, unable to update the data to use the most current data.");
             LOGGER.debug("", ex);
         } catch (DownloadFailedException ex) {
             LOGGER.warn(
                     "Unable to download the NVD CVE data; the results may not include the most recent CPE/CVEs from the NVD.");
             if (Settings.getString(Settings.KEYS.PROXY_SERVER) == null) {
                 LOGGER.info(
                         "If you are behind a proxy you may need to configure dependency-check to use the proxy.");
             }
             LOGGER.debug("", ex);
         } finally {
             closeDataStores();
         }
     }
 
     /**
      * Downloads the latest NVD CVE XML file from the web and imports it into the current CVE Database.
      *
      * @param updateable a collection of NVD CVE data file references that need to be downloaded and processed to update the
      * database
      * @throws UpdateException is thrown if there is an error updating the database
      */
     public void performUpdate(UpdateableNvdCve updateable) throws UpdateException {
         int maxUpdates = 0;
         try {
             for (NvdCveInfo cve : updateable) {
                 if (cve.getNeedsUpdate()) {
                     maxUpdates += 1;
                 }
             }
             if (maxUpdates <= 0) {
                 return;
             }
             if (maxUpdates > 3) {
                 LOGGER.info(
                         "NVD CVE requires several updates; this could take a couple of minutes.");
             }
             if (maxUpdates > 0) {
                 openDataStores();
             }
 
             final int poolSize = (MAX_THREAD_POOL_SIZE < maxUpdates) ? MAX_THREAD_POOL_SIZE : maxUpdates;
 
             final ExecutorService downloadExecutors = Executors.newFixedThreadPool(poolSize);
             final ExecutorService processExecutor = Executors.newSingleThreadExecutor();
             final Set<Future<Future<ProcessTask>>> downloadFutures = new HashSet<Future<Future<ProcessTask>>>(maxUpdates);
             for (NvdCveInfo cve : updateable) {
                 if (cve.getNeedsUpdate()) {
                     final DownloadTask call = new DownloadTask(cve, processExecutor, getCveDB(), Settings.getInstance());
                     downloadFutures.add(downloadExecutors.submit(call));
                 }
             }
             downloadExecutors.shutdown();
 
             //next, move the future future processTasks to just future processTasks
             final Set<Future<ProcessTask>> processFutures = new HashSet<Future<ProcessTask>>(maxUpdates);
             for (Future<Future<ProcessTask>> future : downloadFutures) {
                 Future<ProcessTask> task = null;
                 try {
                     task = future.get();
                 } catch (InterruptedException ex) {
                     downloadExecutors.shutdownNow();
                     processExecutor.shutdownNow();
 
                     LOGGER.debug("Thread was interrupted during download", ex);
                     throw new UpdateException("The download was interrupted", ex);
                 } catch (ExecutionException ex) {
                     downloadExecutors.shutdownNow();
                     processExecutor.shutdownNow();
 
                     LOGGER.debug("Thread was interrupted during download execution", ex);
                     throw new UpdateException("The execution of the download was interrupted", ex);
                 }
                 if (task == null) {
                     downloadExecutors.shutdownNow();
                     processExecutor.shutdownNow();
                     LOGGER.debug("Thread was interrupted during download");
                     throw new UpdateException("The download was interrupted; unable to complete the update");
                 } else {
                     processFutures.add(task);
                 }
             }
 
             for (Future<ProcessTask> future : processFutures) {
                 try {
                     final ProcessTask task = future.get();
                     if (task.getException() != null) {
                         throw task.getException();
                     }
                 } catch (InterruptedException ex) {
                     processExecutor.shutdownNow();
                     LOGGER.debug("Thread was interrupted during processing", ex);
                     throw new UpdateException(ex);
                 } catch (ExecutionException ex) {
                     processExecutor.shutdownNow();
                     LOGGER.debug("Execution Exception during process", ex);
                     throw new UpdateException(ex);
                 } finally {
                     processExecutor.shutdown();
                 }
             }
 
             if (maxUpdates >= 1) { //ensure the modified file date gets written (we may not have actually updated it)
                 getProperties().save(updateable.get(MODIFIED));
                 LOGGER.info("Begin database maintenance.");
                 getCveDB().cleanupDatabase();
                 LOGGER.info("End database maintenance.");
             }
         } finally {
             closeDataStores();
         }
     }
 
     /**
      * Determines if the index needs to be updated. This is done by fetching the NVD CVE meta data and checking the last update
      * date. If the data needs to be refreshed this method will return the NvdCveUrl for the files that need to be updated.
      *
      * @return the collection of files that need to be updated
      * @throws MalformedURLException is thrown if the URL for the NVD CVE Meta data is incorrect
      * @throws DownloadFailedException is thrown if there is an error. downloading the NVD CVE download data file
      * @throws UpdateException Is thrown if there is an issue with the last updated properties file
      */
     protected final UpdateableNvdCve getUpdatesNeeded() throws MalformedURLException, DownloadFailedException, UpdateException {
         UpdateableNvdCve updates = null;
         try {
             updates = retrieveCurrentTimestampsFromWeb();
         } catch (InvalidDataException ex) {
             final String msg = "Unable to retrieve valid timestamp from nvd cve downloads page";
             LOGGER.debug(msg, ex);
             throw new DownloadFailedException(msg, ex);
         } catch (InvalidSettingException ex) {
             LOGGER.debug("Invalid setting found when retrieving timestamps", ex);
             throw new DownloadFailedException("Invalid settings", ex);
         }
 
         if (updates == null) {
             throw new DownloadFailedException("Unable to retrieve the timestamps of the currently published NVD CVE data");
         }
         if (!getProperties().isEmpty()) {
             try {
                 final long lastUpdated = Long.parseLong(getProperties().getProperty(DatabaseProperties.LAST_UPDATED, "0"));
                 final Date now = new Date();
                 final int days = Settings.getInt(Settings.KEYS.CVE_MODIFIED_VALID_FOR_DAYS, 7);
                 if (lastUpdated == updates.getTimeStamp(MODIFIED)) {
                     updates.clear(); //we don't need to update anything.
                 } else if (DateUtil.withinDateRange(lastUpdated, now.getTime(), days)) {
                     for (NvdCveInfo entry : updates) {
                         if (MODIFIED.equals(entry.getId())) {
                             entry.setNeedsUpdate(true);
                         } else {
                             entry.setNeedsUpdate(false);
                         }
                     }
                 } else { //we figure out which of the several XML files need to be downloaded.
                     for (NvdCveInfo entry : updates) {
                         if (MODIFIED.equals(entry.getId())) {
                             entry.setNeedsUpdate(true);
                         } else {
                             long currentTimestamp = 0;
                             try {
                                 currentTimestamp = Long.parseLong(getProperties().getProperty(DatabaseProperties.LAST_UPDATED_BASE
                                         + entry.getId(), "0"));
                             } catch (NumberFormatException ex) {
                                 LOGGER.debug("Error parsing '{}' '{}' from nvdcve.lastupdated",
                                         DatabaseProperties.LAST_UPDATED_BASE, entry.getId(), ex);
                             }
                             if (currentTimestamp == entry.getTimestamp()) {
                                 entry.setNeedsUpdate(false);
                             }
                         }
                     }
                 }
             } catch (NumberFormatException ex) {
                 LOGGER.warn("An invalid schema version or timestamp exists in the data.properties file.");
                 LOGGER.debug("", ex);
             }
         }
         return updates;
     }
 
     /**
      * Retrieves the timestamps from the NVD CVE meta data file.
      *
      * @return the timestamp from the currently published nvdcve downloads page
      * @throws MalformedURLException thrown if the URL for the NVD CCE Meta data is incorrect.
      * @throws DownloadFailedException thrown if there is an error downloading the nvd cve meta data file
      * @throws InvalidDataException thrown if there is an exception parsing the timestamps
      * @throws InvalidSettingException thrown if the settings are invalid
      */
     private UpdateableNvdCve retrieveCurrentTimestampsFromWeb()
             throws MalformedURLException, DownloadFailedException, InvalidDataException, InvalidSettingException {
 
         final UpdateableNvdCve updates = new UpdateableNvdCve();
         updates.add(MODIFIED, Settings.getString(Settings.KEYS.CVE_MODIFIED_20_URL),
                 Settings.getString(Settings.KEYS.CVE_MODIFIED_12_URL),
                 false);
 
         final int start = Settings.getInt(Settings.KEYS.CVE_START_YEAR);
         final int end = Calendar.getInstance().get(Calendar.YEAR);
         final String baseUrl20 = Settings.getString(Settings.KEYS.CVE_SCHEMA_2_0);
         final String baseUrl12 = Settings.getString(Settings.KEYS.CVE_SCHEMA_1_2);
         for (int i = start; i <= end; i++) {
             updates.add(Integer.toString(i), String.format(baseUrl20, i),
                     String.format(baseUrl12, i),
                     true);
         }
         return updates;
     }
 
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.data.update;
19
20		import java.net.MalformedURLException;
21		import java.util.Calendar;
22		import java.util.Date;
23		import java.util.HashSet;
24		import java.util.Set;
25		import java.util.concurrent.ExecutionException;
26		import java.util.concurrent.ExecutorService;
27		import java.util.concurrent.Executors;
28		import java.util.concurrent.Future;
29		import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
30		import static org.owasp.dependencycheck.data.nvdcve.DatabaseProperties.MODIFIED;
31		import org.owasp.dependencycheck.data.update.exception.InvalidDataException;
32		import org.owasp.dependencycheck.data.update.exception.UpdateException;
33		import org.owasp.dependencycheck.data.update.nvd.DownloadTask;
34		import org.owasp.dependencycheck.data.update.nvd.NvdCveInfo;
35		import org.owasp.dependencycheck.data.update.nvd.ProcessTask;
36		import org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve;
37		import org.owasp.dependencycheck.utils.DateUtil;
38		import org.owasp.dependencycheck.utils.DownloadFailedException;
39		import org.owasp.dependencycheck.utils.InvalidSettingException;
40		import org.owasp.dependencycheck.utils.Settings;
41		import org.slf4j.Logger;
42		import org.slf4j.LoggerFactory;
43
44		/**
45		* Class responsible for updating the NVD CVE data.
46		*
47		* @author Jeremy Long
48		*/
49	0	public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
50
51		/**
52		* The logger
53		*/
54	0	private static final Logger LOGGER = LoggerFactory.getLogger(NvdCveUpdater.class);
55		/**
56		* The max thread pool size to use when downloading files.
57		*/
58	0	public static final int MAX_THREAD_POOL_SIZE = Settings.getInt(Settings.KEYS.MAX_DOWNLOAD_THREAD_POOL_SIZE, 3);
59
60		/**
61		* <p>
62		* Downloads the latest NVD CVE XML file from the web and imports it into the current CVE Database.</p>
63		*
64		* @throws UpdateException is thrown if there is an error updating the database
65		*/
66		@Override
67		public void update() throws UpdateException {
68		try {
69	0	openDataStores();
70	0	final UpdateableNvdCve updateable = getUpdatesNeeded();
71	0	if (updateable.isUpdateNeeded()) {
72	0	performUpdate(updateable);
73		}
74	0	} catch (MalformedURLException ex) {
75	0	LOGGER.warn(
76		"NVD CVE properties files contain an invalid URL, unable to update the data to use the most current data.");
77	0	LOGGER.debug("", ex);
78	0	} catch (DownloadFailedException ex) {
79	0	LOGGER.warn(
80		"Unable to download the NVD CVE data; the results may not include the most recent CPE/CVEs from the NVD.");
81	0	if (Settings.getString(Settings.KEYS.PROXY_SERVER) == null) {
82	0	LOGGER.info(
83		"If you are behind a proxy you may need to configure dependency-check to use the proxy.");
84		}
85	0	LOGGER.debug("", ex);
86		} finally {
87	0	closeDataStores();
88	0	}
89	0	}
90
91		/**
92		* Downloads the latest NVD CVE XML file from the web and imports it into the current CVE Database.
93		*
94		* @param updateable a collection of NVD CVE data file references that need to be downloaded and processed to update the
95		* database
96		* @throws UpdateException is thrown if there is an error updating the database
97		*/
98		public void performUpdate(UpdateableNvdCve updateable) throws UpdateException {
99	0	int maxUpdates = 0;
100		try {
101	0	for (NvdCveInfo cve : updateable) {
102	0	if (cve.getNeedsUpdate()) {
103	0	maxUpdates += 1;
104		}
105	0	}
106	0	if (maxUpdates <= 0) {
107		return;
108		}
109	0	if (maxUpdates > 3) {
110	0	LOGGER.info(
111		"NVD CVE requires several updates; this could take a couple of minutes.");
112		}
113	0	if (maxUpdates > 0) {
114	0	openDataStores();
115		}
116
117	0	final int poolSize = (MAX_THREAD_POOL_SIZE < maxUpdates) ? MAX_THREAD_POOL_SIZE : maxUpdates;
118
119	0	final ExecutorService downloadExecutors = Executors.newFixedThreadPool(poolSize);
120	0	final ExecutorService processExecutor = Executors.newSingleThreadExecutor();
121	0	final Set<Future<Future<ProcessTask>>> downloadFutures = new HashSet<Future<Future<ProcessTask>>>(maxUpdates);
122	0	for (NvdCveInfo cve : updateable) {
123	0	if (cve.getNeedsUpdate()) {
124	0	final DownloadTask call = new DownloadTask(cve, processExecutor, getCveDB(), Settings.getInstance());
125	0	downloadFutures.add(downloadExecutors.submit(call));
126		}
127	0	}
128	0	downloadExecutors.shutdown();
129
130		//next, move the future future processTasks to just future processTasks
131	0	final Set<Future<ProcessTask>> processFutures = new HashSet<Future<ProcessTask>>(maxUpdates);
132	0	for (Future<Future<ProcessTask>> future : downloadFutures) {
133	0	Future<ProcessTask> task = null;
134		try {
135	0	task = future.get();
136	0	} catch (InterruptedException ex) {
137	0	downloadExecutors.shutdownNow();
138	0	processExecutor.shutdownNow();
139
140	0	LOGGER.debug("Thread was interrupted during download", ex);
141	0	throw new UpdateException("The download was interrupted", ex);
142	0	} catch (ExecutionException ex) {
143	0	downloadExecutors.shutdownNow();
144	0	processExecutor.shutdownNow();
145
146	0	LOGGER.debug("Thread was interrupted during download execution", ex);
147	0	throw new UpdateException("The execution of the download was interrupted", ex);
148	0	}
149	0	if (task == null) {
150	0	downloadExecutors.shutdownNow();
151	0	processExecutor.shutdownNow();
152	0	LOGGER.debug("Thread was interrupted during download");
153	0	throw new UpdateException("The download was interrupted; unable to complete the update");
154		} else {
155	0	processFutures.add(task);
156		}
157	0	}
158
159	0	for (Future<ProcessTask> future : processFutures) {
160		try {
161	0	final ProcessTask task = future.get();
162	0	if (task.getException() != null) {
163	0	throw task.getException();
164		}
165	0	} catch (InterruptedException ex) {
166	0	processExecutor.shutdownNow();
167	0	LOGGER.debug("Thread was interrupted during processing", ex);
168	0	throw new UpdateException(ex);
169	0	} catch (ExecutionException ex) {
170	0	processExecutor.shutdownNow();
171	0	LOGGER.debug("Execution Exception during process", ex);
172	0	throw new UpdateException(ex);
173		} finally {
174	0	processExecutor.shutdown();
175	0	}
176	0	}
177
178	0	if (maxUpdates >= 1) { //ensure the modified file date gets written (we may not have actually updated it)
179	0	getProperties().save(updateable.get(MODIFIED));
180	0	LOGGER.info("Begin database maintenance.");
181	0	getCveDB().cleanupDatabase();
182	0	LOGGER.info("End database maintenance.");
183		}
184		} finally {
185	0	closeDataStores();
186	0	}
187	0	}
188
189		/**
190		* Determines if the index needs to be updated. This is done by fetching the NVD CVE meta data and checking the last update
191		* date. If the data needs to be refreshed this method will return the NvdCveUrl for the files that need to be updated.
192		*
193		* @return the collection of files that need to be updated
194		* @throws MalformedURLException is thrown if the URL for the NVD CVE Meta data is incorrect
195		* @throws DownloadFailedException is thrown if there is an error. downloading the NVD CVE download data file
196		* @throws UpdateException Is thrown if there is an issue with the last updated properties file
197		*/
198		protected final UpdateableNvdCve getUpdatesNeeded() throws MalformedURLException, DownloadFailedException, UpdateException {
199	0	UpdateableNvdCve updates = null;
200		try {
201	0	updates = retrieveCurrentTimestampsFromWeb();
202	0	} catch (InvalidDataException ex) {
203	0	final String msg = "Unable to retrieve valid timestamp from nvd cve downloads page";
204	0	LOGGER.debug(msg, ex);
205	0	throw new DownloadFailedException(msg, ex);
206	0	} catch (InvalidSettingException ex) {
207	0	LOGGER.debug("Invalid setting found when retrieving timestamps", ex);
208	0	throw new DownloadFailedException("Invalid settings", ex);
209	0	}
210
211	0	if (updates == null) {
212	0	throw new DownloadFailedException("Unable to retrieve the timestamps of the currently published NVD CVE data");
213		}
214	0	if (!getProperties().isEmpty()) {
215		try {
216	0	final long lastUpdated = Long.parseLong(getProperties().getProperty(DatabaseProperties.LAST_UPDATED, "0"));
217	0	final Date now = new Date();
218	0	final int days = Settings.getInt(Settings.KEYS.CVE_MODIFIED_VALID_FOR_DAYS, 7);
219	0	if (lastUpdated == updates.getTimeStamp(MODIFIED)) {
220	0	updates.clear(); //we don't need to update anything.
221	0	} else if (DateUtil.withinDateRange(lastUpdated, now.getTime(), days)) {
222	0	for (NvdCveInfo entry : updates) {
223	0	if (MODIFIED.equals(entry.getId())) {
224	0	entry.setNeedsUpdate(true);
225		} else {
226	0	entry.setNeedsUpdate(false);
227		}
228	0	}
229		} else { //we figure out which of the several XML files need to be downloaded.
230	0	for (NvdCveInfo entry : updates) {
231	0	if (MODIFIED.equals(entry.getId())) {
232	0	entry.setNeedsUpdate(true);
233		} else {
234	0	long currentTimestamp = 0;
235		try {
236	0	currentTimestamp = Long.parseLong(getProperties().getProperty(DatabaseProperties.LAST_UPDATED_BASE
237		+ entry.getId(), "0"));
238	0	} catch (NumberFormatException ex) {
239	0	LOGGER.debug("Error parsing '{}' '{}' from nvdcve.lastupdated",
240		DatabaseProperties.LAST_UPDATED_BASE, entry.getId(), ex);
241	0	}
242	0	if (currentTimestamp == entry.getTimestamp()) {
243	0	entry.setNeedsUpdate(false);
244		}
245		}
246	0	}
247		}
248	0	} catch (NumberFormatException ex) {
249	0	LOGGER.warn("An invalid schema version or timestamp exists in the data.properties file.");
250	0	LOGGER.debug("", ex);
251	0	}
252		}
253	0	return updates;
254		}
255
256		/**
257		* Retrieves the timestamps from the NVD CVE meta data file.
258		*
259		* @return the timestamp from the currently published nvdcve downloads page
260		* @throws MalformedURLException thrown if the URL for the NVD CCE Meta data is incorrect.
261		* @throws DownloadFailedException thrown if there is an error downloading the nvd cve meta data file
262		* @throws InvalidDataException thrown if there is an exception parsing the timestamps
263		* @throws InvalidSettingException thrown if the settings are invalid
264		*/
265		private UpdateableNvdCve retrieveCurrentTimestampsFromWeb()
266		throws MalformedURLException, DownloadFailedException, InvalidDataException, InvalidSettingException {
267
268	0	final UpdateableNvdCve updates = new UpdateableNvdCve();
269	0	updates.add(MODIFIED, Settings.getString(Settings.KEYS.CVE_MODIFIED_20_URL),
270		Settings.getString(Settings.KEYS.CVE_MODIFIED_12_URL),
271		false);
272
273	0	final int start = Settings.getInt(Settings.KEYS.CVE_START_YEAR);
274	0	final int end = Calendar.getInstance().get(Calendar.YEAR);
275	0	final String baseUrl20 = Settings.getString(Settings.KEYS.CVE_SCHEMA_2_0);
276	0	final String baseUrl12 = Settings.getString(Settings.KEYS.CVE_SCHEMA_1_2);
277	0	for (int i = start; i <= end; i++) {
278	0	updates.add(Integer.toString(i), String.format(baseUrl20, i),
279		String.format(baseUrl12, i),
280		true);
281		}
282	0	return updates;
283		}
284
285		}