Coverage Report

Coverage Report - org.owasp.dependencycheck.data.update.nvd.DownloadTask

Classes in this File

Line Coverage

Branch Coverage

Complexity

DownloadTask

50%

40/79

31%

15/48

4.7

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.data.update.nvd;
 
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
 import java.util.concurrent.Callable;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Future;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.update.exception.UpdateException;
 import org.owasp.dependencycheck.utils.DownloadFailedException;
 import org.owasp.dependencycheck.utils.Downloader;
 import org.owasp.dependencycheck.utils.ExtractionUtil;
 import org.owasp.dependencycheck.utils.Settings;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 /**
  * A callable object to download two files.
  *
  * @author Jeremy Long
  */
 public class DownloadTask implements Callable<Future<ProcessTask>> {
 
     /**
      * The Logger.
      */
     private static final Logger LOGGER = LoggerFactory.getLogger(DownloadTask.class);
 
     /**
      * Simple constructor for the callable download task.
      *
      * @param nvdCveInfo the NVD CVE info
      * @param processor the processor service to submit the downloaded files to
      * @param cveDB the CVE DB to use to store the vulnerability data
      * @param settings a reference to the global settings object; this is
      * necessary so that when the thread is started the dependencies have a
      * correct reference to the global settings.
      * @throws UpdateException thrown if temporary files could not be created
      */
     public DownloadTask(NvdCveInfo nvdCveInfo, ExecutorService processor, CveDB cveDB, Settings settings) throws UpdateException {
         this.nvdCveInfo = nvdCveInfo;
         this.processorService = processor;
         this.cveDB = cveDB;
         this.settings = settings;
 
         final File file1;
         final File file2;
 
         try {
             file1 = File.createTempFile("cve" + nvdCveInfo.getId() + '_', ".xml", Settings.getTempDirectory());
             file2 = File.createTempFile("cve_1_2_" + nvdCveInfo.getId() + '_', ".xml", Settings.getTempDirectory());
         } catch (IOException ex) {
             throw new UpdateException("Unable to create temporary files", ex);
         }
         this.first = file1;
         this.second = file2;
 
     }
     /**
      * The CVE DB to use when processing the files.
      */
     private final CveDB cveDB;
     /**
      * The processor service to pass the results of the download to.
      */
     private final ExecutorService processorService;
     /**
      * The NVD CVE Meta Data.
      */
     private NvdCveInfo nvdCveInfo;
     /**
      * A reference to the global settings object.
      */
     private final Settings settings;
 
     /**
      * Get the value of nvdCveInfo.
      *
      * @return the value of nvdCveInfo
      */
     public NvdCveInfo getNvdCveInfo() {
         return nvdCveInfo;
     }
 
     /**
      * Set the value of nvdCveInfo.
      *
      * @param nvdCveInfo new value of nvdCveInfo
      */
     public void setNvdCveInfo(NvdCveInfo nvdCveInfo) {
         this.nvdCveInfo = nvdCveInfo;
     }
     /**
      * a file.
      */
     private File first;
 
     /**
      * Get the value of first.
      *
      * @return the value of first
      */
     public File getFirst() {
         return first;
     }
 
     /**
      * Set the value of first.
      *
      * @param first new value of first
      */
     public void setFirst(File first) {
         this.first = first;
     }
     /**
      * a file.
      */
     private File second;
 
     /**
      * Get the value of second.
      *
      * @return the value of second
      */
     public File getSecond() {
         return second;
     }
 
     /**
      * Set the value of second.
      *
      * @param second new value of second
      */
     public void setSecond(File second) {
         this.second = second;
     }
 
     @Override
     public Future<ProcessTask> call() throws Exception {
         try {
             Settings.setInstance(settings);
             final URL url1 = new URL(nvdCveInfo.getUrl());
             final URL url2 = new URL(nvdCveInfo.getOldSchemaVersionUrl());
             LOGGER.info("Download Started for NVD CVE - {}", nvdCveInfo.getId());
             final long startDownload = System.currentTimeMillis();
             try {
                 Downloader.fetchFile(url1, first);
                 Downloader.fetchFile(url2, second);
             } catch (DownloadFailedException ex) {
                 LOGGER.warn("Download Failed for NVD CVE - {}\nSome CVEs may not be reported.", nvdCveInfo.getId());
                 if (Settings.getString(Settings.KEYS.PROXY_SERVER) == null) {
                     LOGGER.info(
                             "If you are behind a proxy you may need to configure dependency-check to use the proxy.");
                 }
                 LOGGER.debug("", ex);
                 return null;
             }
             if (url1.toExternalForm().endsWith(".xml.gz") && !isXml(first)) {
                 ExtractionUtil.extractGzip(first);
             }
             if (url2.toExternalForm().endsWith(".xml.gz") && !isXml(second)) {
                 ExtractionUtil.extractGzip(second);
             }
 
             LOGGER.info("Download Complete for NVD CVE - {}  ({} ms)", nvdCveInfo.getId(),
                     System.currentTimeMillis() - startDownload);
             if (this.processorService == null) {
                 return null;
             }
             final ProcessTask task = new ProcessTask(cveDB, this, settings);
             return this.processorService.submit(task);
 
         } catch (Throwable ex) {
             LOGGER.warn("An exception occurred downloading NVD CVE - {}\nSome CVEs may not be reported.", nvdCveInfo.getId());
             LOGGER.debug("Download Task Failed", ex);
         } finally {
             Settings.cleanup(false);
         }
         return null;
     }
 
     /**
      * Attempts to delete the files that were downloaded.
      */
     public void cleanup() {
         if (first != null && first.exists() && first.delete()) {
             LOGGER.debug("Failed to delete first temporary file {}", second.toString());
             first.deleteOnExit();
         }
         if (second != null && second.exists() && !second.delete()) {
             LOGGER.debug("Failed to delete second temporary file {}", second.toString());
             second.deleteOnExit();
         }
     }
 
     /**
      * Checks the file header to see if it is an XML file.
      *
      * @param file the file to check
      * @return true if the file is XML
      */
     public static boolean isXml(File file) {
         if (file == null || !file.isFile()) {
             return false;
         }
         InputStream is = null;
         try {
             is = new FileInputStream(file);
 
             final byte[] buf = new byte[5];
             int read = 0;
             try {
                 read = is.read(buf);
             } catch (IOException ex) {
                 return false;
             }
             return read == 5
                     && buf[0] == '<'
                     && (buf[1] == '?')
                     && (buf[2] == 'x' || buf[2] == 'X')
                     && (buf[3] == 'm' || buf[3] == 'M')
                     && (buf[4] == 'l' || buf[4] == 'L');
         } catch (FileNotFoundException ex) {
             return false;
         } finally {
             if (is != null) {
                 try {
                     is.close();
                 } catch (IOException ex) {
                     LOGGER.debug("Error closing stream", ex);
                 }
             }
         }
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.data.update.nvd;
19
20		import java.io.File;
21		import java.io.FileInputStream;
22		import java.io.FileNotFoundException;
23		import java.io.IOException;
24		import java.io.InputStream;
25		import java.net.URL;
26		import java.util.concurrent.Callable;
27		import java.util.concurrent.ExecutorService;
28		import java.util.concurrent.Future;
29		import org.owasp.dependencycheck.data.nvdcve.CveDB;
30		import org.owasp.dependencycheck.data.update.exception.UpdateException;
31		import org.owasp.dependencycheck.utils.DownloadFailedException;
32		import org.owasp.dependencycheck.utils.Downloader;
33		import org.owasp.dependencycheck.utils.ExtractionUtil;
34		import org.owasp.dependencycheck.utils.Settings;
35		import org.slf4j.Logger;
36		import org.slf4j.LoggerFactory;
37
38		/**
39		* A callable object to download two files.
40		*
41		* @author Jeremy Long
42		*/
43	0	public class DownloadTask implements Callable<Future<ProcessTask>> {
44
45		/**
46		* The Logger.
47		*/
48	1	private static final Logger LOGGER = LoggerFactory.getLogger(DownloadTask.class);
49
50		/**
51		* Simple constructor for the callable download task.
52		*
53		* @param nvdCveInfo the NVD CVE info
54		* @param processor the processor service to submit the downloaded files to
55		* @param cveDB the CVE DB to use to store the vulnerability data
56		* @param settings a reference to the global settings object; this is
57		* necessary so that when the thread is started the dependencies have a
58		* correct reference to the global settings.
59		* @throws UpdateException thrown if temporary files could not be created
60		*/
61	1	public DownloadTask(NvdCveInfo nvdCveInfo, ExecutorService processor, CveDB cveDB, Settings settings) throws UpdateException {
62	1	this.nvdCveInfo = nvdCveInfo;
63	1	this.processorService = processor;
64	1	this.cveDB = cveDB;
65	1	this.settings = settings;
66
67		final File file1;
68		final File file2;
69
70		try {
71	1	file1 = File.createTempFile("cve" + nvdCveInfo.getId() + '_', ".xml", Settings.getTempDirectory());
72	1	file2 = File.createTempFile("cve_1_2_" + nvdCveInfo.getId() + '_', ".xml", Settings.getTempDirectory());
73	0	} catch (IOException ex) {
74	0	throw new UpdateException("Unable to create temporary files", ex);
75	1	}
76	1	this.first = file1;
77	1	this.second = file2;
78
79	1	}
80		/**
81		* The CVE DB to use when processing the files.
82		*/
83		private final CveDB cveDB;
84		/**
85		* The processor service to pass the results of the download to.
86		*/
87		private final ExecutorService processorService;
88		/**
89		* The NVD CVE Meta Data.
90		*/
91		private NvdCveInfo nvdCveInfo;
92		/**
93		* A reference to the global settings object.
94		*/
95		private final Settings settings;
96
97		/**
98		* Get the value of nvdCveInfo.
99		*
100		* @return the value of nvdCveInfo
101		*/
102		public NvdCveInfo getNvdCveInfo() {
103	0	return nvdCveInfo;
104		}
105
106		/**
107		* Set the value of nvdCveInfo.
108		*
109		* @param nvdCveInfo new value of nvdCveInfo
110		*/
111		public void setNvdCveInfo(NvdCveInfo nvdCveInfo) {
112	0	this.nvdCveInfo = nvdCveInfo;
113	0	}
114		/**
115		* a file.
116		*/
117		private File first;
118
119		/**
120		* Get the value of first.
121		*
122		* @return the value of first
123		*/
124		public File getFirst() {
125	0	return first;
126		}
127
128		/**
129		* Set the value of first.
130		*
131		* @param first new value of first
132		*/
133		public void setFirst(File first) {
134	0	this.first = first;
135	0	}
136		/**
137		* a file.
138		*/
139		private File second;
140
141		/**
142		* Get the value of second.
143		*
144		* @return the value of second
145		*/
146		public File getSecond() {
147	0	return second;
148		}
149
150		/**
151		* Set the value of second.
152		*
153		* @param second new value of second
154		*/
155		public void setSecond(File second) {
156	0	this.second = second;
157	0	}
158
159		@Override
160		public Future<ProcessTask> call() throws Exception {
161		try {
162	1	Settings.setInstance(settings);
163	1	final URL url1 = new URL(nvdCveInfo.getUrl());
164	1	final URL url2 = new URL(nvdCveInfo.getOldSchemaVersionUrl());
165	1	LOGGER.info("Download Started for NVD CVE - {}", nvdCveInfo.getId());
166	1	final long startDownload = System.currentTimeMillis();
167		try {
168	1	Downloader.fetchFile(url1, first);
169	1	Downloader.fetchFile(url2, second);
170	0	} catch (DownloadFailedException ex) {
171	0	LOGGER.warn("Download Failed for NVD CVE - {}\nSome CVEs may not be reported.", nvdCveInfo.getId());
172	0	if (Settings.getString(Settings.KEYS.PROXY_SERVER) == null) {
173	0	LOGGER.info(
174		"If you are behind a proxy you may need to configure dependency-check to use the proxy.");
175		}
176	0	LOGGER.debug("", ex);
177	0	return null;
178	1	}
179	1	if (url1.toExternalForm().endsWith(".xml.gz") && !isXml(first)) {
180	1	ExtractionUtil.extractGzip(first);
181		}
182	1	if (url2.toExternalForm().endsWith(".xml.gz") && !isXml(second)) {
183	1	ExtractionUtil.extractGzip(second);
184		}
185
186	2	LOGGER.info("Download Complete for NVD CVE - {} ({} ms)", nvdCveInfo.getId(),
187	1	System.currentTimeMillis() - startDownload);
188	1	if (this.processorService == null) {
189	2	return null;
190		}
191	0	final ProcessTask task = new ProcessTask(cveDB, this, settings);
192	0	return this.processorService.submit(task);
193
194	0	} catch (Throwable ex) {
195	0	LOGGER.warn("An exception occurred downloading NVD CVE - {}\nSome CVEs may not be reported.", nvdCveInfo.getId());
196	0	LOGGER.debug("Download Task Failed", ex);
197		} finally {
198	1	Settings.cleanup(false);
199	0	}
200	0	return null;
201		}
202
203		/**
204		* Attempts to delete the files that were downloaded.
205		*/
206		public void cleanup() {
207	0	if (first != null && first.exists() && first.delete()) {
208	0	LOGGER.debug("Failed to delete first temporary file {}", second.toString());
209	0	first.deleteOnExit();
210		}
211	0	if (second != null && second.exists() && !second.delete()) {
212	0	LOGGER.debug("Failed to delete second temporary file {}", second.toString());
213	0	second.deleteOnExit();
214		}
215	0	}
216
217		/**
218		* Checks the file header to see if it is an XML file.
219		*
220		* @param file the file to check
221		* @return true if the file is XML
222		*/
223		public static boolean isXml(File file) {
224	4	if (file == null \|\| !file.isFile()) {
225	0	return false;
226		}
227	4	InputStream is = null;
228		try {
229	4	is = new FileInputStream(file);
230
231	4	final byte[] buf = new byte[5];
232	4	int read = 0;
233		try {
234	4	read = is.read(buf);
235	0	} catch (IOException ex) {
236	0	return false;
237	4	}
238	8	return read == 5
239		&& buf[0] == '<'
240		&& (buf[1] == '?')
241		&& (buf[2] == 'x' \|\| buf[2] == 'X')
242		&& (buf[3] == 'm' \|\| buf[3] == 'M')
243		&& (buf[4] == 'l' \|\| buf[4] == 'L');
244	0	} catch (FileNotFoundException ex) {
245	0	return false;
246		} finally {
247	4	if (is != null) {
248		try {
249	4	is.close();
250	0	} catch (IOException ex) {
251	0	LOGGER.debug("Error closing stream", ex);
252	4	}
253		}
254		}
255		}
256		}