Coverage Report

Coverage Report - org.owasp.dependencycheck.data.update.NvdCveUpdater

Classes in this File

0/14

0/4

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.data.update;
 
 import java.net.MalformedURLException;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import org.owasp.dependencycheck.data.update.exception.UpdateException;
 import org.owasp.dependencycheck.utils.DownloadFailedException;
 import org.owasp.dependencycheck.utils.Settings;
 
 /**
  * Class responsible for updating the NVD CVE and CPE data stores.
  *
  * @author Jeremy Long <jeremy.long@owasp.org>
  */
 public class NvdCveUpdater implements CachedWebDataSource {
 
     /**
      * The logger
      */
     private static final Logger LOGGER = Logger.getLogger(NvdCveUpdater.class.getName());
 
     /**
      * <p>
      * Downloads the latest NVD CVE XML file from the web and imports it into the current CVE Database.</p>
      *
      * @throws UpdateException is thrown if there is an error updating the database
      */
     @Override
     public void update() throws UpdateException {
         try {
             final StandardUpdate task = new StandardUpdate();
             if (task.isUpdateNeeded()) {
                 task.update();
             }
         } catch (MalformedURLException ex) {
             LOGGER.log(Level.WARNING,
                     "NVD CVE properties files contain an invalid URL, unable to update the data to use the most current data.");
             LOGGER.log(Level.FINE, null, ex);
         } catch (DownloadFailedException ex) {
             LOGGER.log(Level.WARNING,
                     "Unable to download the NVD CVE data; the results may not include the most recent CPE/CVEs from the NVD.");
             if (Settings.getString(Settings.KEYS.PROXY_SERVER) == null) {
                 LOGGER.log(Level.INFO,
                         "If you are behind a proxy you may need to configure dependency-check to use the proxy.");
             }
             LOGGER.log(Level.FINE, null, ex);
         }
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.data.update;
19
20		import java.net.MalformedURLException;
21		import java.util.logging.Level;
22		import java.util.logging.Logger;
23		import org.owasp.dependencycheck.data.update.exception.UpdateException;
24		import org.owasp.dependencycheck.utils.DownloadFailedException;
25		import org.owasp.dependencycheck.utils.Settings;
26
27		/**
28		* Class responsible for updating the NVD CVE and CPE data stores.
29		*
30		* @author Jeremy Long <jeremy.long@owasp.org>
31		*/
32		public class NvdCveUpdater implements CachedWebDataSource {
33
34		/**
35		* The logger
36		*/
37	0	private static final Logger LOGGER = Logger.getLogger(NvdCveUpdater.class.getName());
38
39		/**
40		* <p>
41		* Downloads the latest NVD CVE XML file from the web and imports it into the current CVE Database.</p>
42		*
43		* @throws UpdateException is thrown if there is an error updating the database
44		*/
45		@Override
46		public void update() throws UpdateException {
47		try {
48	0	final StandardUpdate task = new StandardUpdate();
49	0	if (task.isUpdateNeeded()) {
50	0	task.update();
51		}
52	0	} catch (MalformedURLException ex) {
53	0	LOGGER.log(Level.WARNING,
54		"NVD CVE properties files contain an invalid URL, unable to update the data to use the most current data.");
55	0	LOGGER.log(Level.FINE, null, ex);
56	0	} catch (DownloadFailedException ex) {
57	0	LOGGER.log(Level.WARNING,
58		"Unable to download the NVD CVE data; the results may not include the most recent CPE/CVEs from the NVD.");
59	0	if (Settings.getString(Settings.KEYS.PROXY_SERVER) == null) {
60	0	LOGGER.log(Level.INFO,
61		"If you are behind a proxy you may need to configure dependency-check to use the proxy.");
62		}
63	0	LOGGER.log(Level.FINE, null, ex);
64	0	}
65	0	}
66		}