Coverage Report

Coverage Report - org.owasp.dependencycheck.utils.Downloader

Classes in this File

Line Coverage

Branch Coverage

Complexity

Downloader

8/123

1/42

9.6

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.utils;
 
 import java.io.BufferedOutputStream;
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.HttpURLConnection;
 import java.net.URISyntaxException;
 import java.net.URL;
 import java.security.InvalidAlgorithmParameterException;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import java.util.zip.GZIPInputStream;
 import java.util.zip.InflaterInputStream;
 
 /**
  * A utility to download files from the Internet.
  *
  * @author Jeremy Long <jeremy.long@owasp.org>
  */
 public final class Downloader {
 
     /**
      * The logger.
      */
     private static final Logger LOGGER = Logger.getLogger(Downloader.class.getName());
 
     /**
      * Private constructor for utility class.
      */
     private Downloader() {
     }
 
     /**
      * Retrieves a file from a given URL and saves it to the outputPath.
      *
      * @param url the URL of the file to download
      * @param outputPath the path to the save the file to
      * @throws DownloadFailedException is thrown if there is an error downloading the file
      */
     public static void fetchFile(URL url, File outputPath) throws DownloadFailedException {
         fetchFile(url, outputPath, true);
     }
 
     /**
      * Retrieves a file from a given URL and saves it to the outputPath.
      *
      * @param url the URL of the file to download
      * @param outputPath the path to the save the file to
      * @param useProxy whether to use the configured proxy when downloading files
      * @throws DownloadFailedException is thrown if there is an error downloading the file
      */
     public static void fetchFile(URL url, File outputPath, boolean useProxy) throws DownloadFailedException {
         if ("file".equalsIgnoreCase(url.getProtocol())) {
             File file;
             try {
                 file = new File(url.toURI());
             } catch (URISyntaxException ex) {
                 final String msg = String.format("Download failed, unable to locate '%s'", url.toString());
                 throw new DownloadFailedException(msg);
             }
             if (file.exists()) {
                 try {
                     org.apache.commons.io.FileUtils.copyFile(file, outputPath);
                 } catch (IOException ex) {
                     final String msg = String.format("Download failed, unable to copy '%s' to '%s'", url.toString(), outputPath.getAbsolutePath());
                     throw new DownloadFailedException(msg);
                 }
             } else {
                 final String msg = String.format("Download failed, file ('%s') does not exist", url.toString());
                 throw new DownloadFailedException(msg);
             }
         } else {
             HttpURLConnection conn = null;
             try {
                 conn = URLConnectionFactory.createHttpURLConnection(url, useProxy);
                 conn.setRequestProperty("Accept-Encoding", "gzip, deflate");
                 conn.connect();
                 int status = conn.getResponseCode();
                 if (status != HttpURLConnection.HTTP_OK) {
                     if (status == HttpURLConnection.HTTP_MOVED_TEMP
                             || status == HttpURLConnection.HTTP_MOVED_PERM
                             || status == HttpURLConnection.HTTP_SEE_OTHER) {
                         final String location = conn.getHeaderField("Location");
                         try {
                             conn.disconnect();
                         } finally {
                             conn = null;
                         }
                         LOGGER.fine(String.format("Download is being redirected from %s to %s", url.toString(), location));
                         conn = URLConnectionFactory.createHttpURLConnection(new URL(location), useProxy);
                         conn.setRequestProperty("Accept-Encoding", "gzip, deflate");
                         conn.connect();
                         status = conn.getResponseCode();
                     }
                 }
                 if (status != 200) {
                     try {
                         conn.disconnect();
                     } finally {
                         conn = null;
                     }
                     final String msg = String.format("Error downloading file %s; received response code %s.", url.toString(), status);
                     throw new DownloadFailedException(msg);
 
                 }
             } catch (IOException ex) {
                 try {
                     if (conn != null) {
                         conn.disconnect();
                     }
                 } finally {
                     conn = null;
                 }
                 final String msg = String.format("Error downloading file %s; unable to connect.", url.toString());
                 throw new DownloadFailedException(msg, ex);
             }
 
             final String encoding = conn.getContentEncoding();
             BufferedOutputStream writer = null;
             InputStream reader = null;
             try {
                 if (encoding != null && "gzip".equalsIgnoreCase(encoding)) {
                     reader = new GZIPInputStream(conn.getInputStream());
                 } else if (encoding != null && "deflate".equalsIgnoreCase(encoding)) {
                     reader = new InflaterInputStream(conn.getInputStream());
                 } else {
                     reader = conn.getInputStream();
                 }
 
                 writer = new BufferedOutputStream(new FileOutputStream(outputPath));
                 final byte[] buffer = new byte[4096];
                 int bytesRead;
                 while ((bytesRead = reader.read(buffer)) > 0) {
                     writer.write(buffer, 0, bytesRead);
                 }
             } catch (IOException ex) {
                 analyzeException(ex);
                 final String msg = String.format("Error saving '%s' to file '%s'%nConnection Timeout: %d%nEncoding: %s%n",
                         url.toString(), outputPath.getAbsolutePath(), conn.getConnectTimeout(), encoding);
                 throw new DownloadFailedException(msg, ex);
             } catch (Throwable ex) {
                 final String msg = String.format("Unexpected exception saving '%s' to file '%s'%nConnection Timeout: %d%nEncoding: %s%n",
                         url.toString(), outputPath.getAbsolutePath(), conn.getConnectTimeout(), encoding);
                 throw new DownloadFailedException(msg, ex);
             } finally {
                 if (writer != null) {
                     try {
                         writer.close();
                     } catch (IOException ex) {
                         LOGGER.log(Level.FINEST, "Error closing the writer in Downloader.", ex);
                     }
                 }
                 if (reader != null) {
                     try {
                         reader.close();
                     } catch (IOException ex) {
                         LOGGER.log(Level.FINEST, "Error closing the reader in Downloader.", ex);
                     }
                 }
                 try {
                     conn.disconnect();
                 } finally {
                     conn = null;
                 }
             }
         }
     }
 
     /**
      * Makes an HTTP Head request to retrieve the last modified date of the given URL. If the file:// protocol is specified, then
      * the lastTimestamp of the file is returned.
      *
      * @param url the URL to retrieve the timestamp from
      * @return an epoch timestamp
      * @throws DownloadFailedException is thrown if an exception occurs making the HTTP request
      */
     public static long getLastModified(URL url) throws DownloadFailedException {
         long timestamp = 0;
         //TODO add the FTP protocol?
         if ("file".equalsIgnoreCase(url.getProtocol())) {
             File lastModifiedFile;
             try {
                 lastModifiedFile = new File(url.toURI());
             } catch (URISyntaxException ex) {
                 final String msg = String.format("Unable to locate '%s'", url.toString());
                 throw new DownloadFailedException(msg);
             }
             timestamp = lastModifiedFile.lastModified();
         } else {
             HttpURLConnection conn = null;
             try {
                 conn = URLConnectionFactory.createHttpURLConnection(url);
                 conn.setRequestMethod("HEAD");
                 conn.connect();
                 final int t = conn.getResponseCode();
                 if (t >= 200 && t < 300) {
                     timestamp = conn.getLastModified();
                 } else {
                     throw new DownloadFailedException("HEAD request returned a non-200 status code");
                 }
             } catch (URLConnectionFailureException ex) {
                 throw new DownloadFailedException("Error creating URL Connection for HTTP HEAD request.", ex);
             } catch (IOException ex) {
                 analyzeException(ex);
                 throw new DownloadFailedException("Error making HTTP HEAD request.", ex);
             } finally {
                 if (conn != null) {
                     try {
                         conn.disconnect();
                     } finally {
                         conn = null;
                     }
                 }
             }
         }
         return timestamp;
     }
 
     /**
      * Analyzes the IOException, logs the appropriate information for debugging purposes, and then throws a
      * DownloadFailedException that wraps the IO Exception.
      *
      * @param ex the original exception
      * @throws DownloadFailedException a wrapper exception that contains the original exception as the cause
      */
     protected static void analyzeException(IOException ex) throws DownloadFailedException {
         Throwable cause = ex;
         while (cause != null) {
             if (cause instanceof InvalidAlgorithmParameterException) {
                 final String keystore = System.getProperty("javax.net.ssl.keyStore");
                 final String version = System.getProperty("java.version");
                 final String vendor = System.getProperty("java.vendor");
                 LOGGER.info("Error making HTTPS request - InvalidAlgorithmParameterException");
                 LOGGER.info("There appears to be an issue with the installation of Java and the cacerts."
                         + "See closed issue #177 here: https://github.com/jeremylong/DependencyCheck/issues/177");
                 LOGGER.info(String.format("Java Info:%njavax.net.ssl.keyStore='%s'%njava.version='%s'%njava.vendor='%s'",
                         keystore, version, vendor));
                 throw new DownloadFailedException("Error making HTTPS request. Please see the log for more details.");
             }
             cause = cause.getCause();
         }
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.utils;
19
20		import java.io.BufferedOutputStream;
21		import java.io.File;
22		import java.io.FileOutputStream;
23		import java.io.IOException;
24		import java.io.InputStream;
25		import java.net.HttpURLConnection;
26		import java.net.URISyntaxException;
27		import java.net.URL;
28		import java.security.InvalidAlgorithmParameterException;
29		import java.util.logging.Level;
30		import java.util.logging.Logger;
31		import java.util.zip.GZIPInputStream;
32		import java.util.zip.InflaterInputStream;
33
34		/**
35		* A utility to download files from the Internet.
36		*
37		* @author Jeremy Long <jeremy.long@owasp.org>
38		*/
39		public final class Downloader {
40
41		/**
42		* The logger.
43		*/
44	1	private static final Logger LOGGER = Logger.getLogger(Downloader.class.getName());
45
46		/**
47		* Private constructor for utility class.
48		*/
49	0	private Downloader() {
50	0	}
51
52		/**
53		* Retrieves a file from a given URL and saves it to the outputPath.
54		*
55		* @param url the URL of the file to download
56		* @param outputPath the path to the save the file to
57		* @throws DownloadFailedException is thrown if there is an error downloading the file
58		*/
59		public static void fetchFile(URL url, File outputPath) throws DownloadFailedException {
60	0	fetchFile(url, outputPath, true);
61	0	}
62
63		/**
64		* Retrieves a file from a given URL and saves it to the outputPath.
65		*
66		* @param url the URL of the file to download
67		* @param outputPath the path to the save the file to
68		* @param useProxy whether to use the configured proxy when downloading files
69		* @throws DownloadFailedException is thrown if there is an error downloading the file
70		*/
71		public static void fetchFile(URL url, File outputPath, boolean useProxy) throws DownloadFailedException {
72	0	if ("file".equalsIgnoreCase(url.getProtocol())) {
73		File file;
74		try {
75	0	file = new File(url.toURI());
76	0	} catch (URISyntaxException ex) {
77	0	final String msg = String.format("Download failed, unable to locate '%s'", url.toString());
78	0	throw new DownloadFailedException(msg);
79	0	}
80	0	if (file.exists()) {
81		try {
82	0	org.apache.commons.io.FileUtils.copyFile(file, outputPath);
83	0	} catch (IOException ex) {
84	0	final String msg = String.format("Download failed, unable to copy '%s' to '%s'", url.toString(), outputPath.getAbsolutePath());
85	0	throw new DownloadFailedException(msg);
86	0	}
87		} else {
88	0	final String msg = String.format("Download failed, file ('%s') does not exist", url.toString());
89	0	throw new DownloadFailedException(msg);
90		}
91	0	} else {
92	0	HttpURLConnection conn = null;
93		try {
94	0	conn = URLConnectionFactory.createHttpURLConnection(url, useProxy);
95	0	conn.setRequestProperty("Accept-Encoding", "gzip, deflate");
96	0	conn.connect();
97	0	int status = conn.getResponseCode();
98	0	if (status != HttpURLConnection.HTTP_OK) {
99	0	if (status == HttpURLConnection.HTTP_MOVED_TEMP
100		\|\| status == HttpURLConnection.HTTP_MOVED_PERM
101		\|\| status == HttpURLConnection.HTTP_SEE_OTHER) {
102	0	final String location = conn.getHeaderField("Location");
103		try {
104	0	conn.disconnect();
105		} finally {
106	0	conn = null;
107	0	}
108	0	LOGGER.fine(String.format("Download is being redirected from %s to %s", url.toString(), location));
109	0	conn = URLConnectionFactory.createHttpURLConnection(new URL(location), useProxy);
110	0	conn.setRequestProperty("Accept-Encoding", "gzip, deflate");
111	0	conn.connect();
112	0	status = conn.getResponseCode();
113		}
114		}
115	0	if (status != 200) {
116		try {
117	0	conn.disconnect();
118		} finally {
119	0	conn = null;
120	0	}
121	0	final String msg = String.format("Error downloading file %s; received response code %s.", url.toString(), status);
122	0	throw new DownloadFailedException(msg);
123
124		}
125	0	} catch (IOException ex) {
126		try {
127	0	if (conn != null) {
128	0	conn.disconnect();
129		}
130		} finally {
131	0	conn = null;
132	0	}
133	0	final String msg = String.format("Error downloading file %s; unable to connect.", url.toString());
134	0	throw new DownloadFailedException(msg, ex);
135	0	}
136
137	0	final String encoding = conn.getContentEncoding();
138	0	BufferedOutputStream writer = null;
139	0	InputStream reader = null;
140		try {
141	0	if (encoding != null && "gzip".equalsIgnoreCase(encoding)) {
142	0	reader = new GZIPInputStream(conn.getInputStream());
143	0	} else if (encoding != null && "deflate".equalsIgnoreCase(encoding)) {
144	0	reader = new InflaterInputStream(conn.getInputStream());
145		} else {
146	0	reader = conn.getInputStream();
147		}
148
149	0	writer = new BufferedOutputStream(new FileOutputStream(outputPath));
150	0	final byte[] buffer = new byte[4096];
151		int bytesRead;
152	0	while ((bytesRead = reader.read(buffer)) > 0) {
153	0	writer.write(buffer, 0, bytesRead);
154		}
155	0	} catch (IOException ex) {
156	0	analyzeException(ex);
157	0	final String msg = String.format("Error saving '%s' to file '%s'%nConnection Timeout: %d%nEncoding: %s%n",
158		url.toString(), outputPath.getAbsolutePath(), conn.getConnectTimeout(), encoding);
159	0	throw new DownloadFailedException(msg, ex);
160	0	} catch (Throwable ex) {
161	0	final String msg = String.format("Unexpected exception saving '%s' to file '%s'%nConnection Timeout: %d%nEncoding: %s%n",
162		url.toString(), outputPath.getAbsolutePath(), conn.getConnectTimeout(), encoding);
163	0	throw new DownloadFailedException(msg, ex);
164		} finally {
165	0	if (writer != null) {
166		try {
167	0	writer.close();
168	0	} catch (IOException ex) {
169	0	LOGGER.log(Level.FINEST, "Error closing the writer in Downloader.", ex);
170	0	}
171		}
172	0	if (reader != null) {
173		try {
174	0	reader.close();
175	0	} catch (IOException ex) {
176	0	LOGGER.log(Level.FINEST, "Error closing the reader in Downloader.", ex);
177	0	}
178		}
179		try {
180	0	conn.disconnect();
181		} finally {
182	0	conn = null;
183	0	}
184	0	}
185		}
186	0	}
187
188		/**
189		* Makes an HTTP Head request to retrieve the last modified date of the given URL. If the file:// protocol is specified, then
190		* the lastTimestamp of the file is returned.
191		*
192		* @param url the URL to retrieve the timestamp from
193		* @return an epoch timestamp
194		* @throws DownloadFailedException is thrown if an exception occurs making the HTTP request
195		*/
196		public static long getLastModified(URL url) throws DownloadFailedException {
197	1	long timestamp = 0;
198		//TODO add the FTP protocol?
199	1	if ("file".equalsIgnoreCase(url.getProtocol())) {
200		File lastModifiedFile;
201		try {
202	1	lastModifiedFile = new File(url.toURI());
203	0	} catch (URISyntaxException ex) {
204	0	final String msg = String.format("Unable to locate '%s'", url.toString());
205	0	throw new DownloadFailedException(msg);
206	1	}
207	1	timestamp = lastModifiedFile.lastModified();
208	1	} else {
209	0	HttpURLConnection conn = null;
210		try {
211	0	conn = URLConnectionFactory.createHttpURLConnection(url);
212	0	conn.setRequestMethod("HEAD");
213	0	conn.connect();
214	0	final int t = conn.getResponseCode();
215	0	if (t >= 200 && t < 300) {
216	0	timestamp = conn.getLastModified();
217		} else {
218	0	throw new DownloadFailedException("HEAD request returned a non-200 status code");
219		}
220	0	} catch (URLConnectionFailureException ex) {
221	0	throw new DownloadFailedException("Error creating URL Connection for HTTP HEAD request.", ex);
222	0	} catch (IOException ex) {
223	0	analyzeException(ex);
224	0	throw new DownloadFailedException("Error making HTTP HEAD request.", ex);
225		} finally {
226	0	if (conn != null) {
227		try {
228	0	conn.disconnect();
229		} finally {
230	0	conn = null;
231	0	}
232		}
233		}
234		}
235	1	return timestamp;
236		}
237
238		/**
239		* Analyzes the IOException, logs the appropriate information for debugging purposes, and then throws a
240		* DownloadFailedException that wraps the IO Exception.
241		*
242		* @param ex the original exception
243		* @throws DownloadFailedException a wrapper exception that contains the original exception as the cause
244		*/
245		protected static void analyzeException(IOException ex) throws DownloadFailedException {
246	0	Throwable cause = ex;
247	0	while (cause != null) {
248	0	if (cause instanceof InvalidAlgorithmParameterException) {
249	0	final String keystore = System.getProperty("javax.net.ssl.keyStore");
250	0	final String version = System.getProperty("java.version");
251	0	final String vendor = System.getProperty("java.vendor");
252	0	LOGGER.info("Error making HTTPS request - InvalidAlgorithmParameterException");
253	0	LOGGER.info("There appears to be an issue with the installation of Java and the cacerts."
254		+ "See closed issue #177 here: https://github.com/jeremylong/DependencyCheck/issues/177");
255	0	LOGGER.info(String.format("Java Info:%njavax.net.ssl.keyStore='%s'%njava.version='%s'%njava.vendor='%s'",
256		keystore, version, vendor));
257	0	throw new DownloadFailedException("Error making HTTPS request. Please see the log for more details.");
258		}
259	0	cause = cause.getCause();
260		}
261	0	}
262		}