1 /*
2 * This file is part of dependency-check-ant.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 * Copyright (c) 2015 Jeremy Long. All Rights Reserved.
17 */
18 package org.owasp.dependencycheck.taskdefs;
19
20 import org.apache.tools.ant.BuildException;
21 import org.owasp.dependencycheck.Engine;
22 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
23 import org.owasp.dependencycheck.utils.Settings;
24 import org.slf4j.impl.StaticLoggerBinder;
25
26 /**
27 * An Ant task definition to execute dependency-check update. This will download the latest data from the National Vulnerability
28 * Database (NVD) and store a copy in the local database.
29 *
30 * @author Jeremy Long
31 */
32 public class Update extends Purge {
33
34 /**
35 * Construct a new UpdateTask.
36 */
37 public Update() {
38 super();
39 // Call this before Dependency Check Core starts logging anything - this way, all SLF4J messages from
40 // core end up coming through this tasks logger
41 StaticLoggerBinder.getSingleton().setTask(this);
42 }
43
44 /**
45 * The Proxy Server.
46 */
47 private String proxyServer;
48
49 /**
50 * Get the value of proxyServer.
51 *
52 * @return the value of proxyServer
53 */
54 public String getProxyServer() {
55 return proxyServer;
56 }
57
58 /**
59 * Set the value of proxyServer.
60 *
61 * @param server new value of proxyServer
62 */
63 public void setProxyServer(String server) {
64 this.proxyServer = server;
65 }
66
67 /**
68 * The Proxy Port.
69 */
70 private String proxyPort;
71
72 /**
73 * Get the value of proxyPort.
74 *
75 * @return the value of proxyPort
76 */
77 public String getProxyPort() {
78 return proxyPort;
79 }
80
81 /**
82 * Set the value of proxyPort.
83 *
84 * @param proxyPort new value of proxyPort
85 */
86 public void setProxyPort(String proxyPort) {
87 this.proxyPort = proxyPort;
88 }
89 /**
90 * The Proxy username.
91 */
92 private String proxyUsername;
93
94 /**
95 * Get the value of proxyUsername.
96 *
97 * @return the value of proxyUsername
98 */
99 public String getProxyUsername() {
100 return proxyUsername;
101 }
102
103 /**
104 * Set the value of proxyUsername.
105 *
106 * @param proxyUsername new value of proxyUsername
107 */
108 public void setProxyUsername(String proxyUsername) {
109 this.proxyUsername = proxyUsername;
110 }
111 /**
112 * The Proxy password.
113 */
114 private String proxyPassword;
115
116 /**
117 * Get the value of proxyPassword.
118 *
119 * @return the value of proxyPassword
120 */
121 public String getProxyPassword() {
122 return proxyPassword;
123 }
124
125 /**
126 * Set the value of proxyPassword.
127 *
128 * @param proxyPassword new value of proxyPassword
129 */
130 public void setProxyPassword(String proxyPassword) {
131 this.proxyPassword = proxyPassword;
132 }
133 /**
134 * The Connection Timeout.
135 */
136 private String connectionTimeout;
137
138 /**
139 * Get the value of connectionTimeout.
140 *
141 * @return the value of connectionTimeout
142 */
143 public String getConnectionTimeout() {
144 return connectionTimeout;
145 }
146
147 /**
148 * Set the value of connectionTimeout.
149 *
150 * @param connectionTimeout new value of connectionTimeout
151 */
152 public void setConnectionTimeout(String connectionTimeout) {
153 this.connectionTimeout = connectionTimeout;
154 }
155 /**
156 * The database driver name; such as org.h2.Driver.
157 */
158 private String databaseDriverName;
159
160 /**
161 * Get the value of databaseDriverName.
162 *
163 * @return the value of databaseDriverName
164 */
165 public String getDatabaseDriverName() {
166 return databaseDriverName;
167 }
168
169 /**
170 * Set the value of databaseDriverName.
171 *
172 * @param databaseDriverName new value of databaseDriverName
173 */
174 public void setDatabaseDriverName(String databaseDriverName) {
175 this.databaseDriverName = databaseDriverName;
176 }
177
178 /**
179 * The path to the database driver JAR file if it is not on the class path.
180 */
181 private String databaseDriverPath;
182
183 /**
184 * Get the value of databaseDriverPath.
185 *
186 * @return the value of databaseDriverPath
187 */
188 public String getDatabaseDriverPath() {
189 return databaseDriverPath;
190 }
191
192 /**
193 * Set the value of databaseDriverPath.
194 *
195 * @param databaseDriverPath new value of databaseDriverPath
196 */
197 public void setDatabaseDriverPath(String databaseDriverPath) {
198 this.databaseDriverPath = databaseDriverPath;
199 }
200 /**
201 * The database connection string.
202 */
203 private String connectionString;
204
205 /**
206 * Get the value of connectionString.
207 *
208 * @return the value of connectionString
209 */
210 public String getConnectionString() {
211 return connectionString;
212 }
213
214 /**
215 * Set the value of connectionString.
216 *
217 * @param connectionString new value of connectionString
218 */
219 public void setConnectionString(String connectionString) {
220 this.connectionString = connectionString;
221 }
222 /**
223 * The user name for connecting to the database.
224 */
225 private String databaseUser;
226
227 /**
228 * Get the value of databaseUser.
229 *
230 * @return the value of databaseUser
231 */
232 public String getDatabaseUser() {
233 return databaseUser;
234 }
235
236 /**
237 * Set the value of databaseUser.
238 *
239 * @param databaseUser new value of databaseUser
240 */
241 public void setDatabaseUser(String databaseUser) {
242 this.databaseUser = databaseUser;
243 }
244
245 /**
246 * The password to use when connecting to the database.
247 */
248 private String databasePassword;
249
250 /**
251 * Get the value of databasePassword.
252 *
253 * @return the value of databasePassword
254 */
255 public String getDatabasePassword() {
256 return databasePassword;
257 }
258
259 /**
260 * Set the value of databasePassword.
261 *
262 * @param databasePassword new value of databasePassword
263 */
264 public void setDatabasePassword(String databasePassword) {
265 this.databasePassword = databasePassword;
266 }
267
268 /**
269 * The url for the modified NVD CVE (1.2 schema).
270 */
271 private String cveUrl12Modified;
272
273 /**
274 * Get the value of cveUrl12Modified.
275 *
276 * @return the value of cveUrl12Modified
277 */
278 public String getCveUrl12Modified() {
279 return cveUrl12Modified;
280 }
281
282 /**
283 * Set the value of cveUrl12Modified.
284 *
285 * @param cveUrl12Modified new value of cveUrl12Modified
286 */
287 public void setCveUrl12Modified(String cveUrl12Modified) {
288 this.cveUrl12Modified = cveUrl12Modified;
289 }
290
291 /**
292 * The url for the modified NVD CVE (2.0 schema).
293 */
294 private String cveUrl20Modified;
295
296 /**
297 * Get the value of cveUrl20Modified.
298 *
299 * @return the value of cveUrl20Modified
300 */
301 public String getCveUrl20Modified() {
302 return cveUrl20Modified;
303 }
304
305 /**
306 * Set the value of cveUrl20Modified.
307 *
308 * @param cveUrl20Modified new value of cveUrl20Modified
309 */
310 public void setCveUrl20Modified(String cveUrl20Modified) {
311 this.cveUrl20Modified = cveUrl20Modified;
312 }
313
314 /**
315 * Base Data Mirror URL for CVE 1.2.
316 */
317 private String cveUrl12Base;
318
319 /**
320 * Get the value of cveUrl12Base.
321 *
322 * @return the value of cveUrl12Base
323 */
324 public String getCveUrl12Base() {
325 return cveUrl12Base;
326 }
327
328 /**
329 * Set the value of cveUrl12Base.
330 *
331 * @param cveUrl12Base new value of cveUrl12Base
332 */
333 public void setCveUrl12Base(String cveUrl12Base) {
334 this.cveUrl12Base = cveUrl12Base;
335 }
336
337 /**
338 * Data Mirror URL for CVE 2.0.
339 */
340 private String cveUrl20Base;
341
342 /**
343 * Get the value of cveUrl20Base.
344 *
345 * @return the value of cveUrl20Base
346 */
347 public String getCveUrl20Base() {
348 return cveUrl20Base;
349 }
350
351 /**
352 * Set the value of cveUrl20Base.
353 *
354 * @param cveUrl20Base new value of cveUrl20Base
355 */
356 public void setCveUrl20Base(String cveUrl20Base) {
357 this.cveUrl20Base = cveUrl20Base;
358 }
359
360 /**
361 * The number of hours to wait before re-checking for updates.
362 */
363 private Integer cveValidForHours;
364
365 /**
366 * Get the value of cveValidForHours.
367 *
368 * @return the value of cveValidForHours
369 */
370 public Integer getCveValidForHours() {
371 return cveValidForHours;
372 }
373
374 /**
375 * Set the value of cveValidForHours.
376 *
377 * @param cveValidForHours new value of cveValidForHours
378 */
379 public void setCveValidForHours(Integer cveValidForHours) {
380 this.cveValidForHours = cveValidForHours;
381 }
382
383 /**
384 * Executes the update by initializing the settings, downloads the NVD XML data, and then processes the data storing it in the
385 * local database.
386 *
387 * @throws BuildException thrown if a connection to the local database cannot be made.
388 */
389 @Override
390 public void execute() throws BuildException {
391 populateSettings();
392 Engine engine = null;
393 try {
394 engine = new Engine(Update.class.getClassLoader());
395 engine.doUpdates();
396 } catch (DatabaseException ex) {
397 throw new BuildException("Unable to connect to the dependency-check database; unable to update the NVD data", ex);
398 } finally {
399 Settings.cleanup(true);
400 if (engine != null) {
401 engine.cleanup();
402 }
403 }
404 }
405
406 /**
407 * Takes the properties supplied and updates the dependency-check settings. Additionally, this sets the system properties
408 * required to change the proxy server, port, and connection timeout.
409 *
410 * @throws BuildException thrown when an invalid setting is configured.
411 */
412 @Override
413 protected void populateSettings() throws BuildException {
414 super.populateSettings();
415 Settings.setStringIfNotEmpty(Settings.KEYS.PROXY_SERVER, proxyServer);
416 Settings.setStringIfNotEmpty(Settings.KEYS.PROXY_PORT, proxyPort);
417 Settings.setStringIfNotEmpty(Settings.KEYS.PROXY_USERNAME, proxyUsername);
418 Settings.setStringIfNotEmpty(Settings.KEYS.PROXY_PASSWORD, proxyPassword);
419 Settings.setStringIfNotEmpty(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout);
420 Settings.setStringIfNotEmpty(Settings.KEYS.DB_DRIVER_NAME, databaseDriverName);
421 Settings.setStringIfNotEmpty(Settings.KEYS.DB_DRIVER_PATH, databaseDriverPath);
422 Settings.setStringIfNotEmpty(Settings.KEYS.DB_CONNECTION_STRING, connectionString);
423 Settings.setStringIfNotEmpty(Settings.KEYS.DB_USER, databaseUser);
424 Settings.setStringIfNotEmpty(Settings.KEYS.DB_PASSWORD, databasePassword);
425 Settings.setStringIfNotEmpty(Settings.KEYS.CVE_MODIFIED_12_URL, cveUrl12Modified);
426 Settings.setStringIfNotEmpty(Settings.KEYS.CVE_MODIFIED_20_URL, cveUrl20Modified);
427 Settings.setStringIfNotEmpty(Settings.KEYS.CVE_SCHEMA_1_2, cveUrl12Base);
428 Settings.setStringIfNotEmpty(Settings.KEYS.CVE_SCHEMA_2_0, cveUrl20Base);
429 if (cveValidForHours != null) {
430 if (cveValidForHours >= 0) {
431 Settings.setInt(Settings.KEYS.CVE_CHECK_VALID_FOR_HOURS, cveValidForHours);
432 } else {
433 throw new BuildException("Invalid setting: `cpeValidForHours` must be 0 or greater");
434 }
435 }
436 }
437 }