Coverage Report

Coverage Report - org.owasp.dependencycheck.data.nvdcve.ConnectionFactory

Classes in this File

Line Coverage

Branch Coverage

Complexity

ConnectionFactory

38%

68/177

26%

11/42

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2014 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.data.nvdcve;
 
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
 import java.sql.CallableStatement;
 import java.sql.Connection;
 import java.sql.Driver;
 import java.sql.DriverManager;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Statement;
 import org.apache.commons.io.IOUtils;
 import org.owasp.dependencycheck.utils.DBUtils;
 import org.owasp.dependencycheck.utils.DependencyVersion;
 import org.owasp.dependencycheck.utils.DependencyVersionUtil;
 import org.owasp.dependencycheck.utils.Settings;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 /**
  * Loads the configured database driver and returns the database connection. If the embedded H2 database is used obtaining a
  * connection will ensure the database file exists and that the appropriate table structure has been created.
  *
  * @author Jeremy Long
  */
 public final class ConnectionFactory {
 
     /**
      * The Logger.
      */
     private static final Logger LOGGER = LoggerFactory.getLogger(ConnectionFactory.class);
     /**
      * The version of the current DB Schema.
      */
     public static final String DB_SCHEMA_VERSION = Settings.getString(Settings.KEYS.DB_VERSION);
     /**
      * Resource location for SQL file used to create the database schema.
      */
     public static final String DB_STRUCTURE_RESOURCE = "data/initialize.sql";
     /**
      * Resource location for SQL file used to create the database schema.
      */
     public static final String DB_STRUCTURE_UPDATE_RESOURCE = "data/upgrade_%s.sql";
     /**
      * The URL that discusses upgrading non-H2 databases.
      */
     public static final String UPGRADE_HELP_URL = "http://jeremylong.github.io/DependencyCheck/data/upgrade.html";
     /**
      * The database driver used to connect to the database.
      */
     private static Driver driver = null;
     /**
      * The database connection string.
      */
     private static String connectionString = null;
     /**
      * The username to connect to the database.
      */
     private static String userName = null;
     /**
      * The password for the database.
      */
     private static String password = null;
 
     /**
      * Private constructor for this factory class; no instance is ever needed.
      */
     private ConnectionFactory() {
     }
 
     /**
      * Initializes the connection factory. Ensuring that the appropriate drivers are loaded and that a connection can be made
      * successfully.
      *
      * @throws DatabaseException thrown if we are unable to connect to the database
      */
     public static synchronized void initialize() throws DatabaseException {
         //this only needs to be called once.
         if (connectionString != null) {
             return;
         }
         Connection conn = null;
         try {
             //load the driver if necessary
             final String driverName = Settings.getString(Settings.KEYS.DB_DRIVER_NAME, "");
             if (!driverName.isEmpty()) { //likely need to load the correct driver
                 LOGGER.debug("Loading driver: {}", driverName);
                 final String driverPath = Settings.getString(Settings.KEYS.DB_DRIVER_PATH, "");
                 try {
                     if (!driverPath.isEmpty()) {
                         LOGGER.debug("Loading driver from: {}", driverPath);
                         driver = DriverLoader.load(driverName, driverPath);
                     } else {
                         driver = DriverLoader.load(driverName);
                     }
                 } catch (DriverLoadException ex) {
                     LOGGER.debug("Unable to load database driver", ex);
                     throw new DatabaseException("Unable to load database driver");
                 }
             }
             userName = Settings.getString(Settings.KEYS.DB_USER, "dcuser");
             //yes, yes - hard-coded password - only if there isn't one in the properties file.
             password = Settings.getString(Settings.KEYS.DB_PASSWORD, "DC-Pass1337!");
             try {
                 connectionString = Settings.getConnectionString(
                         Settings.KEYS.DB_CONNECTION_STRING,
                         Settings.KEYS.DB_FILE_NAME);
             } catch (IOException ex) {
                 LOGGER.debug(
                         "Unable to retrieve the database connection string", ex);
                 throw new DatabaseException("Unable to retrieve the database connection string");
             }
             boolean shouldCreateSchema = false;
             try {
                 if (connectionString.startsWith("jdbc:h2:file:")) { //H2
                     shouldCreateSchema = !h2DataFileExists();
                     LOGGER.debug("Need to create DB Structure: {}", shouldCreateSchema);
                 }
             } catch (IOException ioex) {
                 LOGGER.debug("Unable to verify database exists", ioex);
                 throw new DatabaseException("Unable to verify database exists");
             }
             LOGGER.debug("Loading database connection");
             LOGGER.debug("Connection String: {}", connectionString);
             LOGGER.debug("Database User: {}", userName);
 
             try {
                 conn = DriverManager.getConnection(connectionString, userName, password);
             } catch (SQLException ex) {
                 if (ex.getMessage().contains("java.net.UnknownHostException") && connectionString.contains("AUTO_SERVER=TRUE;")) {
                     connectionString = connectionString.replace("AUTO_SERVER=TRUE;", "");
                     try {
                         conn = DriverManager.getConnection(connectionString, userName, password);
                         Settings.setString(Settings.KEYS.DB_CONNECTION_STRING, connectionString);
                         LOGGER.debug(
                                 "Unable to start the database in server mode; reverting to single user mode");
                     } catch (SQLException sqlex) {
                         LOGGER.debug("Unable to connect to the database", ex);
                         throw new DatabaseException("Unable to connect to the database");
                     }
                 } else {
                     LOGGER.debug("Unable to connect to the database", ex);
                     throw new DatabaseException("Unable to connect to the database");
                 }
             }
 
             if (shouldCreateSchema) {
                 try {
                     createTables(conn);
                 } catch (DatabaseException dex) {
                     LOGGER.debug("", dex);
                     throw new DatabaseException("Unable to create the database structure");
                 }
             }
             try {
                 ensureSchemaVersion(conn);
             } catch (DatabaseException dex) {
                 LOGGER.debug("", dex);
                 throw new DatabaseException("Database schema does not match this version of dependency-check", dex);
             }
         } finally {
             if (conn != null) {
                 try {
                     conn.close();
                 } catch (SQLException ex) {
                     LOGGER.debug("An error occurred closing the connection", ex);
                 }
             }
         }
     }
 
     /**
      * Cleans up resources and unloads any registered database drivers. This needs to be called to ensure the driver is
      * unregistered prior to the finalize method being called as during shutdown the class loader used to load the driver may be
      * unloaded prior to the driver being de-registered.
      */
     public static synchronized void cleanup() {
         if (driver != null) {
             try {
                 DriverManager.deregisterDriver(driver);
             } catch (SQLException ex) {
                 LOGGER.debug("An error occurred unloading the database driver", ex);
             } catch (Throwable unexpected) {
                 LOGGER.debug(
                         "An unexpected throwable occurred unloading the database driver", unexpected);
             }
             driver = null;
         }
         connectionString = null;
         userName = null;
         password = null;
     }
 
     /**
      * Constructs a new database connection object per the database configuration.
      *
      * @return a database connection object
      * @throws DatabaseException thrown if there is an exception loading the database connection
      */
     public static Connection getConnection() throws DatabaseException {
         initialize();
         Connection conn = null;
         try {
             conn = DriverManager.getConnection(connectionString, userName, password);
         } catch (SQLException ex) {
             LOGGER.debug("", ex);
             throw new DatabaseException("Unable to connect to the database");
         }
         return conn;
     }
 
     /**
      * Determines if the H2 database file exists. If it does not exist then the data structure will need to be created.
      *
      * @return true if the H2 database file does not exist; otherwise false
      * @throws IOException thrown if the data directory does not exist and cannot be created
      */
     private static boolean h2DataFileExists() throws IOException {
         final File dir = Settings.getDataDirectory();
         final String fileName = Settings.getString(Settings.KEYS.DB_FILE_NAME);
         final File file = new File(dir, fileName);
         return file.exists();
     }
 
     /**
      * Creates the database structure (tables and indexes) to store the CVE data.
      *
      * @param conn the database connection
      * @throws DatabaseException thrown if there is a Database Exception
      */
     private static void createTables(Connection conn) throws DatabaseException {
         LOGGER.debug("Creating database structure");
         InputStream is = null;
         try {
             is = ConnectionFactory.class.getClassLoader().getResourceAsStream(DB_STRUCTURE_RESOURCE);
             final String dbStructure = IOUtils.toString(is, "UTF-8");
 
             Statement statement = null;
             try {
                 statement = conn.createStatement();
                 statement.execute(dbStructure);
             } catch (SQLException ex) {
                 LOGGER.debug("", ex);
                 throw new DatabaseException("Unable to create database statement", ex);
             } finally {
                 DBUtils.closeStatement(statement);
             }
         } catch (IOException ex) {
             throw new DatabaseException("Unable to create database schema", ex);
         } finally {
             IOUtils.closeQuietly(is);
         }
     }
 
     /**
      * Updates the database schema by loading the upgrade script for the version specified. The intended use is that if the
      * current schema version is 2.9 then we would call updateSchema(conn, "2.9"). This would load the upgrade_2.9.sql file and
      * execute it against the database. The upgrade script must update the 'version' in the properties table.
      *
      * @param conn the database connection object
      * @param appExpectedVersion the schema version that the application expects
      * @param currentDbVersion the current schema version of the database
      * @throws DatabaseException thrown if there is an exception upgrading the database schema
      */
     private static void updateSchema(Connection conn, DependencyVersion appExpectedVersion, DependencyVersion currentDbVersion)
             throws DatabaseException {
 
         final String databaseProductName;
         try {
             databaseProductName = conn.getMetaData().getDatabaseProductName();
         } catch (SQLException ex) {
             throw new DatabaseException("Unable to get the database product name");
         }
         if ("h2".equalsIgnoreCase(databaseProductName)) {
             LOGGER.debug("Updating database structure");
             InputStream is = null;
             String updateFile = null;
             try {
                 updateFile = String.format(DB_STRUCTURE_UPDATE_RESOURCE, currentDbVersion.toString());
                 is = ConnectionFactory.class.getClassLoader().getResourceAsStream(updateFile);
                 if (is == null) {
                     throw new DatabaseException(String.format("Unable to load update file '%s'", updateFile));
                 }
                 final String dbStructureUpdate = IOUtils.toString(is, "UTF-8");
 
                 Statement statement = null;
                 try {
                     statement = conn.createStatement();
                     final boolean success = statement.execute(dbStructureUpdate);
                     if (!success && statement.getUpdateCount() <= 0) {
                         throw new DatabaseException(String.format("Unable to upgrade the database schema to %s",
                                 currentDbVersion.toString()));
                     }
                 } catch (SQLException ex) {
                     LOGGER.debug("", ex);
                     throw new DatabaseException("Unable to update database schema", ex);
                 } finally {
                     DBUtils.closeStatement(statement);
                 }
             } catch (IOException ex) {
                 final String msg = String.format("Upgrade SQL file does not exist: %s", updateFile);
                 throw new DatabaseException(msg, ex);
             } finally {
                 IOUtils.closeQuietly(is);
             }
         } else {
             final int e0 = Integer.parseInt(appExpectedVersion.getVersionParts().get(0));
             final int c0 = Integer.parseInt(currentDbVersion.getVersionParts().get(0));
             final int e1 = Integer.parseInt(appExpectedVersion.getVersionParts().get(1));
             final int c1 = Integer.parseInt(currentDbVersion.getVersionParts().get(1));
             if (e0 == c0 && e1 < c1) {
                 LOGGER.warn("A new version of dependency-check is available; consider upgrading");
                 Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
             } else if (e0 == c0 && e1 == c1) {
                 //do nothing - not sure how we got here, but just incase...
             } else {
                 LOGGER.error("The database schema must be upgraded to use this version of dependency-check. Please see {} for more information.",
                         UPGRADE_HELP_URL);
                 throw new DatabaseException("Database schema is out of date");
             }
         }
     }
 
     /**
      * Counter to ensure that calls to ensureSchemaVersion does not end up in an endless loop.
      */
     private static int callDepth = 0;
 
     /**
      * Uses the provided connection to check the specified schema version within the database.
      *
      * @param conn the database connection object
      * @throws DatabaseException thrown if the schema version is not compatible with this version of dependency-check
      */
     private static void ensureSchemaVersion(Connection conn) throws DatabaseException {
         ResultSet rs = null;
         CallableStatement cs = null;
         try {
             //TODO convert this to use DatabaseProperties
             cs = conn.prepareCall("SELECT value FROM properties WHERE id = 'version'");
             rs = cs.executeQuery();
             if (rs.next()) {
                 final DependencyVersion appDbVersion = DependencyVersionUtil.parseVersion(DB_SCHEMA_VERSION);
                 final DependencyVersion db = DependencyVersionUtil.parseVersion(rs.getString(1));
                 if (appDbVersion.compareTo(db) > 0) {
                     LOGGER.debug("Current Schema: {}", DB_SCHEMA_VERSION);
                     LOGGER.debug("DB Schema: {}", rs.getString(1));
                     updateSchema(conn, appDbVersion, db);
                     if (++callDepth < 10) {
                         ensureSchemaVersion(conn);
                     }
                 }
             } else {
                 throw new DatabaseException("Database schema is missing");
             }
         } catch (SQLException ex) {
             LOGGER.debug("", ex);
             throw new DatabaseException("Unable to check the database schema version");
         } finally {
             DBUtils.closeResultSet(rs);
             DBUtils.closeStatement(cs);
         }
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.data.nvdcve;
19
20		import java.io.File;
21		import java.io.IOException;
22		import java.io.InputStream;
23		import java.sql.CallableStatement;
24		import java.sql.Connection;
25		import java.sql.Driver;
26		import java.sql.DriverManager;
27		import java.sql.ResultSet;
28		import java.sql.SQLException;
29		import java.sql.Statement;
30		import org.apache.commons.io.IOUtils;
31		import org.owasp.dependencycheck.utils.DBUtils;
32		import org.owasp.dependencycheck.utils.DependencyVersion;
33		import org.owasp.dependencycheck.utils.DependencyVersionUtil;
34		import org.owasp.dependencycheck.utils.Settings;
35		import org.slf4j.Logger;
36		import org.slf4j.LoggerFactory;
37
38		/**
39		* Loads the configured database driver and returns the database connection. If the embedded H2 database is used obtaining a
40		* connection will ensure the database file exists and that the appropriate table structure has been created.
41		*
42		* @author Jeremy Long
43		*/
44		public final class ConnectionFactory {
45
46		/**
47		* The Logger.
48		*/
49	2	private static final Logger LOGGER = LoggerFactory.getLogger(ConnectionFactory.class);
50		/**
51		* The version of the current DB Schema.
52		*/
53	2	public static final String DB_SCHEMA_VERSION = Settings.getString(Settings.KEYS.DB_VERSION);
54		/**
55		* Resource location for SQL file used to create the database schema.
56		*/
57		public static final String DB_STRUCTURE_RESOURCE = "data/initialize.sql";
58		/**
59		* Resource location for SQL file used to create the database schema.
60		*/
61		public static final String DB_STRUCTURE_UPDATE_RESOURCE = "data/upgrade_%s.sql";
62		/**
63		* The URL that discusses upgrading non-H2 databases.
64		*/
65		public static final String UPGRADE_HELP_URL = "http://jeremylong.github.io/DependencyCheck/data/upgrade.html";
66		/**
67		* The database driver used to connect to the database.
68		*/
69	2	private static Driver driver = null;
70		/**
71		* The database connection string.
72		*/
73	2	private static String connectionString = null;
74		/**
75		* The username to connect to the database.
76		*/
77	2	private static String userName = null;
78		/**
79		* The password for the database.
80		*/
81	2	private static String password = null;
82
83		/**
84		* Private constructor for this factory class; no instance is ever needed.
85		*/
86	0	private ConnectionFactory() {
87	0	}
88
89		/**
90		* Initializes the connection factory. Ensuring that the appropriate drivers are loaded and that a connection can be made
91		* successfully.
92		*
93		* @throws DatabaseException thrown if we are unable to connect to the database
94		*/
95		public static synchronized void initialize() throws DatabaseException {
96		//this only needs to be called once.
97	38	if (connectionString != null) {
98	34	return;
99		}
100	4	Connection conn = null;
101		try {
102		//load the driver if necessary
103	4	final String driverName = Settings.getString(Settings.KEYS.DB_DRIVER_NAME, "");
104	4	if (!driverName.isEmpty()) { //likely need to load the correct driver
105	4	LOGGER.debug("Loading driver: {}", driverName);
106	4	final String driverPath = Settings.getString(Settings.KEYS.DB_DRIVER_PATH, "");
107		try {
108	4	if (!driverPath.isEmpty()) {
109	0	LOGGER.debug("Loading driver from: {}", driverPath);
110	0	driver = DriverLoader.load(driverName, driverPath);
111		} else {
112	4	driver = DriverLoader.load(driverName);
113		}
114	0	} catch (DriverLoadException ex) {
115	0	LOGGER.debug("Unable to load database driver", ex);
116	0	throw new DatabaseException("Unable to load database driver");
117	4	}
118		}
119	4	userName = Settings.getString(Settings.KEYS.DB_USER, "dcuser");
120		//yes, yes - hard-coded password - only if there isn't one in the properties file.
121	4	password = Settings.getString(Settings.KEYS.DB_PASSWORD, "DC-Pass1337!");
122		try {
123	4	connectionString = Settings.getConnectionString(
124		Settings.KEYS.DB_CONNECTION_STRING,
125		Settings.KEYS.DB_FILE_NAME);
126	0	} catch (IOException ex) {
127	0	LOGGER.debug(
128		"Unable to retrieve the database connection string", ex);
129	0	throw new DatabaseException("Unable to retrieve the database connection string");
130	4	}
131	4	boolean shouldCreateSchema = false;
132		try {
133	4	if (connectionString.startsWith("jdbc:h2:file:")) { //H2
134	4	shouldCreateSchema = !h2DataFileExists();
135	4	LOGGER.debug("Need to create DB Structure: {}", shouldCreateSchema);
136		}
137	0	} catch (IOException ioex) {
138	0	LOGGER.debug("Unable to verify database exists", ioex);
139	0	throw new DatabaseException("Unable to verify database exists");
140	4	}
141	4	LOGGER.debug("Loading database connection");
142	4	LOGGER.debug("Connection String: {}", connectionString);
143	4	LOGGER.debug("Database User: {}", userName);
144
145		try {
146	4	conn = DriverManager.getConnection(connectionString, userName, password);
147	0	} catch (SQLException ex) {
148	0	if (ex.getMessage().contains("java.net.UnknownHostException") && connectionString.contains("AUTO_SERVER=TRUE;")) {
149	0	connectionString = connectionString.replace("AUTO_SERVER=TRUE;", "");
150		try {
151	0	conn = DriverManager.getConnection(connectionString, userName, password);
152	0	Settings.setString(Settings.KEYS.DB_CONNECTION_STRING, connectionString);
153	0	LOGGER.debug(
154		"Unable to start the database in server mode; reverting to single user mode");
155	0	} catch (SQLException sqlex) {
156	0	LOGGER.debug("Unable to connect to the database", ex);
157	0	throw new DatabaseException("Unable to connect to the database");
158	0	}
159		} else {
160	0	LOGGER.debug("Unable to connect to the database", ex);
161	0	throw new DatabaseException("Unable to connect to the database");
162		}
163	4	}
164
165	4	if (shouldCreateSchema) {
166		try {
167	0	createTables(conn);
168	0	} catch (DatabaseException dex) {
169	0	LOGGER.debug("", dex);
170	0	throw new DatabaseException("Unable to create the database structure");
171	0	}
172		}
173		try {
174	4	ensureSchemaVersion(conn);
175	0	} catch (DatabaseException dex) {
176	0	LOGGER.debug("", dex);
177	0	throw new DatabaseException("Database schema does not match this version of dependency-check", dex);
178	4	}
179		} finally {
180	4	if (conn != null) {
181		try {
182	4	conn.close();
183	0	} catch (SQLException ex) {
184	0	LOGGER.debug("An error occurred closing the connection", ex);
185	4	}
186		}
187		}
188	4	}
189
190		/**
191		* Cleans up resources and unloads any registered database drivers. This needs to be called to ensure the driver is
192		* unregistered prior to the finalize method being called as during shutdown the class loader used to load the driver may be
193		* unloaded prior to the driver being de-registered.
194		*/
195		public static synchronized void cleanup() {
196	2	if (driver != null) {
197		try {
198	2	DriverManager.deregisterDriver(driver);
199	0	} catch (SQLException ex) {
200	0	LOGGER.debug("An error occurred unloading the database driver", ex);
201	0	} catch (Throwable unexpected) {
202	0	LOGGER.debug(
203		"An unexpected throwable occurred unloading the database driver", unexpected);
204	2	}
205	2	driver = null;
206		}
207	2	connectionString = null;
208	2	userName = null;
209	2	password = null;
210	2	}
211
212		/**
213		* Constructs a new database connection object per the database configuration.
214		*
215		* @return a database connection object
216		* @throws DatabaseException thrown if there is an exception loading the database connection
217		*/
218		public static Connection getConnection() throws DatabaseException {
219	28	initialize();
220	28	Connection conn = null;
221		try {
222	28	conn = DriverManager.getConnection(connectionString, userName, password);
223	0	} catch (SQLException ex) {
224	0	LOGGER.debug("", ex);
225	0	throw new DatabaseException("Unable to connect to the database");
226	28	}
227	28	return conn;
228		}
229
230		/**
231		* Determines if the H2 database file exists. If it does not exist then the data structure will need to be created.
232		*
233		* @return true if the H2 database file does not exist; otherwise false
234		* @throws IOException thrown if the data directory does not exist and cannot be created
235		*/
236		private static boolean h2DataFileExists() throws IOException {
237	4	final File dir = Settings.getDataDirectory();
238	4	final String fileName = Settings.getString(Settings.KEYS.DB_FILE_NAME);
239	4	final File file = new File(dir, fileName);
240	4	return file.exists();
241		}
242
243		/**
244		* Creates the database structure (tables and indexes) to store the CVE data.
245		*
246		* @param conn the database connection
247		* @throws DatabaseException thrown if there is a Database Exception
248		*/
249		private static void createTables(Connection conn) throws DatabaseException {
250	0	LOGGER.debug("Creating database structure");
251	0	InputStream is = null;
252		try {
253	0	is = ConnectionFactory.class.getClassLoader().getResourceAsStream(DB_STRUCTURE_RESOURCE);
254	0	final String dbStructure = IOUtils.toString(is, "UTF-8");
255
256	0	Statement statement = null;
257		try {
258	0	statement = conn.createStatement();
259	0	statement.execute(dbStructure);
260	0	} catch (SQLException ex) {
261	0	LOGGER.debug("", ex);
262	0	throw new DatabaseException("Unable to create database statement", ex);
263		} finally {
264	0	DBUtils.closeStatement(statement);
265	0	}
266	0	} catch (IOException ex) {
267	0	throw new DatabaseException("Unable to create database schema", ex);
268		} finally {
269	0	IOUtils.closeQuietly(is);
270	0	}
271	0	}
272
273		/**
274		* Updates the database schema by loading the upgrade script for the version specified. The intended use is that if the
275		* current schema version is 2.9 then we would call updateSchema(conn, "2.9"). This would load the upgrade_2.9.sql file and
276		* execute it against the database. The upgrade script must update the 'version' in the properties table.
277		*
278		* @param conn the database connection object
279		* @param appExpectedVersion the schema version that the application expects
280		* @param currentDbVersion the current schema version of the database
281		* @throws DatabaseException thrown if there is an exception upgrading the database schema
282		*/
283		private static void updateSchema(Connection conn, DependencyVersion appExpectedVersion, DependencyVersion currentDbVersion)
284		throws DatabaseException {
285
286		final String databaseProductName;
287		try {
288	0	databaseProductName = conn.getMetaData().getDatabaseProductName();
289	0	} catch (SQLException ex) {
290	0	throw new DatabaseException("Unable to get the database product name");
291	0	}
292	0	if ("h2".equalsIgnoreCase(databaseProductName)) {
293	0	LOGGER.debug("Updating database structure");
294	0	InputStream is = null;
295	0	String updateFile = null;
296		try {
297	0	updateFile = String.format(DB_STRUCTURE_UPDATE_RESOURCE, currentDbVersion.toString());
298	0	is = ConnectionFactory.class.getClassLoader().getResourceAsStream(updateFile);
299	0	if (is == null) {
300	0	throw new DatabaseException(String.format("Unable to load update file '%s'", updateFile));
301		}
302	0	final String dbStructureUpdate = IOUtils.toString(is, "UTF-8");
303
304	0	Statement statement = null;
305		try {
306	0	statement = conn.createStatement();
307	0	final boolean success = statement.execute(dbStructureUpdate);
308	0	if (!success && statement.getUpdateCount() <= 0) {
309	0	throw new DatabaseException(String.format("Unable to upgrade the database schema to %s",
310	0	currentDbVersion.toString()));
311		}
312	0	} catch (SQLException ex) {
313	0	LOGGER.debug("", ex);
314	0	throw new DatabaseException("Unable to update database schema", ex);
315		} finally {
316	0	DBUtils.closeStatement(statement);
317	0	}
318	0	} catch (IOException ex) {
319	0	final String msg = String.format("Upgrade SQL file does not exist: %s", updateFile);
320	0	throw new DatabaseException(msg, ex);
321		} finally {
322	0	IOUtils.closeQuietly(is);
323	0	}
324	0	} else {
325	0	final int e0 = Integer.parseInt(appExpectedVersion.getVersionParts().get(0));
326	0	final int c0 = Integer.parseInt(currentDbVersion.getVersionParts().get(0));
327	0	final int e1 = Integer.parseInt(appExpectedVersion.getVersionParts().get(1));
328	0	final int c1 = Integer.parseInt(currentDbVersion.getVersionParts().get(1));
329	0	if (e0 == c0 && e1 < c1) {
330	0	LOGGER.warn("A new version of dependency-check is available; consider upgrading");
331	0	Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
332	0	} else if (e0 == c0 && e1 == c1) {
333		//do nothing - not sure how we got here, but just incase...
334		} else {
335	0	LOGGER.error("The database schema must be upgraded to use this version of dependency-check. Please see {} for more information.",
336		UPGRADE_HELP_URL);
337	0	throw new DatabaseException("Database schema is out of date");
338		}
339		}
340	0	}
341
342		/**
343		* Counter to ensure that calls to ensureSchemaVersion does not end up in an endless loop.
344		*/
345	2	private static int callDepth = 0;
346
347		/**
348		* Uses the provided connection to check the specified schema version within the database.
349		*
350		* @param conn the database connection object
351		* @throws DatabaseException thrown if the schema version is not compatible with this version of dependency-check
352		*/
353		private static void ensureSchemaVersion(Connection conn) throws DatabaseException {
354	4	ResultSet rs = null;
355	4	CallableStatement cs = null;
356		try {
357		//TODO convert this to use DatabaseProperties
358	4	cs = conn.prepareCall("SELECT value FROM properties WHERE id = 'version'");
359	4	rs = cs.executeQuery();
360	4	if (rs.next()) {
361	4	final DependencyVersion appDbVersion = DependencyVersionUtil.parseVersion(DB_SCHEMA_VERSION);
362	4	final DependencyVersion db = DependencyVersionUtil.parseVersion(rs.getString(1));
363	4	if (appDbVersion.compareTo(db) > 0) {
364	0	LOGGER.debug("Current Schema: {}", DB_SCHEMA_VERSION);
365	0	LOGGER.debug("DB Schema: {}", rs.getString(1));
366	0	updateSchema(conn, appDbVersion, db);
367	0	if (++callDepth < 10) {
368	0	ensureSchemaVersion(conn);
369		}
370		}
371	4	} else {
372	0	throw new DatabaseException("Database schema is missing");
373		}
374	0	} catch (SQLException ex) {
375	0	LOGGER.debug("", ex);
376	0	throw new DatabaseException("Unable to check the database schema version");
377		} finally {
378	4	DBUtils.closeResultSet(rs);
379	4	DBUtils.closeStatement(cs);
380	4	}
381	4	}
382		}