Coverage Report - org.owasp.dependencycheck.data.update.DatabaseUpdater
 
Classes in this File Line Coverage Branch Coverage Complexity
DatabaseUpdater
0%
0/43
0%
0/12
8
 
 1  
 /*
 2  
  * This file is part of dependency-check-core.
 3  
  *
 4  
  * Dependency-check-core is free software: you can redistribute it and/or modify it
 5  
  * under the terms of the GNU General Public License as published by the Free
 6  
  * Software Foundation, either version 3 of the License, or (at your option) any
 7  
  * later version.
 8  
  *
 9  
  * Dependency-check-core is distributed in the hope that it will be useful, but
 10  
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 11  
  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
 12  
  * details.
 13  
  *
 14  
  * You should have received a copy of the GNU General Public License along with
 15  
  * dependency-check-core. If not, see http://www.gnu.org/licenses/.
 16  
  *
 17  
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
 18  
  */
 19  
 package org.owasp.dependencycheck.data.update;
 20  
 
 21  
 import java.io.File;
 22  
 import java.io.IOException;
 23  
 import org.owasp.dependencycheck.data.CachedWebDataSource;
 24  
 import java.net.MalformedURLException;
 25  
 import java.util.logging.Level;
 26  
 import java.util.logging.Logger;
 27  
 import org.owasp.dependencycheck.concurrency.DirectoryLockException;
 28  
 import org.owasp.dependencycheck.concurrency.DirectorySpinLock;
 29  
 import org.owasp.dependencycheck.concurrency.InvalidDirectoryException;
 30  
 import org.owasp.dependencycheck.data.UpdateException;
 31  
 import org.owasp.dependencycheck.utils.DownloadFailedException;
 32  
 import org.owasp.dependencycheck.utils.FileUtils;
 33  
 import org.owasp.dependencycheck.utils.Settings;
 34  
 
 35  
 /**
 36  
  * Class responsible for updating the CPE and NVDCVE data stores.
 37  
  *
 38  
  * @author Jeremy Long (jeremy.long@owasp.org)
 39  
  */
 40  0
 public class DatabaseUpdater implements CachedWebDataSource {
 41  
 
 42  
     /**
 43  
      * <p>Downloads the latest NVD CVE XML file from the web and imports it into
 44  
      * the current CVE Database.</p>
 45  
      *
 46  
      * @throws UpdateException is thrown if there is an error updating the
 47  
      * database
 48  
      */
 49  
     @Override
 50  
     public void update() throws UpdateException {
 51  0
         final File dataDir = Settings.getFile(Settings.KEYS.DATA_DIRECTORY);
 52  0
         DirectorySpinLock lock = null;
 53  
         try {
 54  0
             lock = new DirectorySpinLock(dataDir);
 55  0
         } catch (InvalidDirectoryException ex) {
 56  0
             throw new UpdateException("Unable to obtain lock on the data directory", ex);
 57  0
         } catch (DirectoryLockException ex) {
 58  0
             throw new UpdateException("Unable to obtain exclusive lock on the data directory", ex);
 59  0
         }
 60  
 
 61  
         try {
 62  0
             lock.obtainSharedLock();
 63  0
             final UpdateTask task = UpdateTaskFactory.getUpdateTask();
 64  
 
 65  
 
 66  0
             if (task.isUpdateNeeded()) {
 67  0
                 lock.release();
 68  0
                 lock.obtainExclusiveLock();
 69  0
                 if (task.shouldDeleteAndRecreate()) {
 70  
                     try {
 71  0
                         deleteExistingData();
 72  0
                     } catch (IOException ex) {
 73  0
                         Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING, "Unable to delete the existing data directory");
 74  0
                         Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, null, ex);
 75  0
                     }
 76  
                 }
 77  0
                 task.update();
 78  
             }
 79  0
         } catch (DirectoryLockException ex) {
 80  0
             Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING,
 81  
                     "Unable to obtain lock on data directory, unable to update the data to use the most current data.");
 82  0
             Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, null, ex);
 83  0
         } catch (MalformedURLException ex) {
 84  0
             Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING,
 85  
                     "NVD CVE properties files contain an invalid URL, unable to update the data to use the most current data.");
 86  0
             Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, null, ex);
 87  0
         } catch (DownloadFailedException ex) {
 88  0
             Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING,
 89  
                     "Unable to download the NVD CVE data, unable to update the data to use the most current data.");
 90  0
             Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, null, ex);
 91  
         } finally {
 92  0
             if (lock != null) {
 93  0
                 lock.release();
 94  
             }
 95  
         }
 96  0
     }
 97  
 
 98  
     /**
 99  
      * Deletes the existing data directories.
 100  
      *
 101  
      * @throws IOException thrown if the directory cannot be deleted
 102  
      */
 103  
     protected void deleteExistingData() throws IOException {
 104  0
         File data = Settings.getFile(Settings.KEYS.CVE_DATA_DIRECTORY);
 105  0
         if (data.exists()) {
 106  0
             FileUtils.delete(data);
 107  
         }
 108  0
         data = Settings.getFile(Settings.KEYS.CPE_DATA_DIRECTORY);
 109  0
         if (data.exists()) {
 110  0
             FileUtils.delete(data);
 111  
         }
 112  0
         data = DataStoreMetaInfo.getPropertiesFile();
 113  0
         if (data.exists()) {
 114  0
             FileUtils.delete(data);
 115  
         }
 116  0
     }
 117  
 }