Coverage Report

Coverage Report - org.owasp.dependencycheck.data.update.DatabaseUpdater

Classes in this File

0/43

0/12

 /*
  * This file is part of dependency-check-core.
  *
  * Dependency-check-core is free software: you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the Free
  * Software Foundation, either version 3 of the License, or (at your option) any
  * later version.
  *
  * Dependency-check-core is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  * details.
  *
  * You should have received a copy of the GNU General Public License along with
  * dependency-check-core. If not, see http://www.gnu.org/licenses/.
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.data.update;
 
 import java.io.File;
 import java.io.IOException;
 import org.owasp.dependencycheck.data.CachedWebDataSource;
 import java.net.MalformedURLException;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import org.owasp.dependencycheck.concurrency.DirectoryLockException;
 import org.owasp.dependencycheck.concurrency.DirectorySpinLock;
 import org.owasp.dependencycheck.concurrency.InvalidDirectoryException;
 import org.owasp.dependencycheck.data.UpdateException;
 import org.owasp.dependencycheck.utils.DownloadFailedException;
 import org.owasp.dependencycheck.utils.FileUtils;
 import org.owasp.dependencycheck.utils.Settings;
 
 /**
  * Class responsible for updating the CPE and NVDCVE data stores.
  *
  * @author Jeremy Long (jeremy.long@owasp.org)
  */
 public class DatabaseUpdater implements CachedWebDataSource {
 
     /**
      * <p>Downloads the latest NVD CVE XML file from the web and imports it into
      * the current CVE Database.</p>
      *
      * @throws UpdateException is thrown if there is an error updating the
      * database
      */
     @Override
     public void update() throws UpdateException {
         final File dataDir = Settings.getFile(Settings.KEYS.DATA_DIRECTORY);
         DirectorySpinLock lock = null;
         try {
             lock = new DirectorySpinLock(dataDir);
         } catch (InvalidDirectoryException ex) {
             throw new UpdateException("Unable to obtain lock on the data directory", ex);
         } catch (DirectoryLockException ex) {
             throw new UpdateException("Unable to obtain exclusive lock on the data directory", ex);
         }
 
         try {
             lock.obtainSharedLock();
             final UpdateTask task = UpdateTaskFactory.getUpdateTask();
 
 
             if (task.isUpdateNeeded()) {
                 lock.release();
                 lock.obtainExclusiveLock();
                 if (task.shouldDeleteAndRecreate()) {
                     try {
                         deleteExistingData();
                     } catch (IOException ex) {
                         Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING, "Unable to delete the existing data directory");
                         Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, null, ex);
                     }
                 }
                 task.update();
             }
         } catch (DirectoryLockException ex) {
             Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING,
                     "Unable to obtain lock on data directory, unable to update the data to use the most current data.");
             Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, null, ex);
         } catch (MalformedURLException ex) {
             Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING,
                     "NVD CVE properties files contain an invalid URL, unable to update the data to use the most current data.");
             Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, null, ex);
         } catch (DownloadFailedException ex) {
             Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING,
                     "Unable to download the NVD CVE data, unable to update the data to use the most current data.");
             Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, null, ex);
         } finally {
             if (lock != null) {
                 lock.release();
             }
         }
     }
 
     /**
      * Deletes the existing data directories.
      *
      * @throws IOException thrown if the directory cannot be deleted
      */
     protected void deleteExistingData() throws IOException {
         File data = Settings.getFile(Settings.KEYS.CVE_DATA_DIRECTORY);
         if (data.exists()) {
             FileUtils.delete(data);
         }
         data = Settings.getFile(Settings.KEYS.CPE_DATA_DIRECTORY);
         if (data.exists()) {
             FileUtils.delete(data);
         }
         data = DataStoreMetaInfo.getPropertiesFile();
         if (data.exists()) {
             FileUtils.delete(data);
         }
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Dependency-check-core is free software: you can redistribute it and/or modify it
5		* under the terms of the GNU General Public License as published by the Free
6		* Software Foundation, either version 3 of the License, or (at your option) any
7		* later version.
8		*
9		* Dependency-check-core is distributed in the hope that it will be useful, but
10		* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11		* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
12		* details.
13		*
14		* You should have received a copy of the GNU General Public License along with
15		* dependency-check-core. If not, see http://www.gnu.org/licenses/.
16		*
17		* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
18		*/
19		package org.owasp.dependencycheck.data.update;
20
21		import java.io.File;
22		import java.io.IOException;
23		import org.owasp.dependencycheck.data.CachedWebDataSource;
24		import java.net.MalformedURLException;
25		import java.util.logging.Level;
26		import java.util.logging.Logger;
27		import org.owasp.dependencycheck.concurrency.DirectoryLockException;
28		import org.owasp.dependencycheck.concurrency.DirectorySpinLock;
29		import org.owasp.dependencycheck.concurrency.InvalidDirectoryException;
30		import org.owasp.dependencycheck.data.UpdateException;
31		import org.owasp.dependencycheck.utils.DownloadFailedException;
32		import org.owasp.dependencycheck.utils.FileUtils;
33		import org.owasp.dependencycheck.utils.Settings;
34
35		/**
36		* Class responsible for updating the CPE and NVDCVE data stores.
37		*
38		* @author Jeremy Long (jeremy.long@owasp.org)
39		*/
40	0	public class DatabaseUpdater implements CachedWebDataSource {
41
42		/**
43		* <p>Downloads the latest NVD CVE XML file from the web and imports it into
44		* the current CVE Database.</p>
45		*
46		* @throws UpdateException is thrown if there is an error updating the
47		* database
48		*/
49		@Override
50		public void update() throws UpdateException {
51	0	final File dataDir = Settings.getFile(Settings.KEYS.DATA_DIRECTORY);
52	0	DirectorySpinLock lock = null;
53		try {
54	0	lock = new DirectorySpinLock(dataDir);
55	0	} catch (InvalidDirectoryException ex) {
56	0	throw new UpdateException("Unable to obtain lock on the data directory", ex);
57	0	} catch (DirectoryLockException ex) {
58	0	throw new UpdateException("Unable to obtain exclusive lock on the data directory", ex);
59	0	}
60
61		try {
62	0	lock.obtainSharedLock();
63	0	final UpdateTask task = UpdateTaskFactory.getUpdateTask();
64
65
66	0	if (task.isUpdateNeeded()) {
67	0	lock.release();
68	0	lock.obtainExclusiveLock();
69	0	if (task.shouldDeleteAndRecreate()) {
70		try {
71	0	deleteExistingData();
72	0	} catch (IOException ex) {
73	0	Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING, "Unable to delete the existing data directory");
74	0	Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, null, ex);
75	0	}
76		}
77	0	task.update();
78		}
79	0	} catch (DirectoryLockException ex) {
80	0	Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING,
81		"Unable to obtain lock on data directory, unable to update the data to use the most current data.");
82	0	Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, null, ex);
83	0	} catch (MalformedURLException ex) {
84	0	Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING,
85		"NVD CVE properties files contain an invalid URL, unable to update the data to use the most current data.");
86	0	Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, null, ex);
87	0	} catch (DownloadFailedException ex) {
88	0	Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING,
89		"Unable to download the NVD CVE data, unable to update the data to use the most current data.");
90	0	Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, null, ex);
91		} finally {
92	0	if (lock != null) {
93	0	lock.release();
94		}
95		}
96	0	}
97
98		/**
99		* Deletes the existing data directories.
100		*
101		* @throws IOException thrown if the directory cannot be deleted
102		*/
103		protected void deleteExistingData() throws IOException {
104	0	File data = Settings.getFile(Settings.KEYS.CVE_DATA_DIRECTORY);
105	0	if (data.exists()) {
106	0	FileUtils.delete(data);
107		}
108	0	data = Settings.getFile(Settings.KEYS.CPE_DATA_DIRECTORY);
109	0	if (data.exists()) {
110	0	FileUtils.delete(data);
111		}
112	0	data = DataStoreMetaInfo.getPropertiesFile();
113	0	if (data.exists()) {
114	0	FileUtils.delete(data);
115		}
116	0	}
117		}