Coverage Report

Coverage Report - org.owasp.dependencycheck.data.update.task.DownloadTask

Classes in this File

Line Coverage

Branch Coverage

Complexity

DownloadTask

52%

51/97

22%

10/44

3.583

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.data.update.task;
 
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.net.URL;
 import java.util.concurrent.Callable;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Future;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import java.util.zip.GZIPInputStream;
 import org.apache.commons.io.FileUtils;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.update.NvdCveInfo;
 import org.owasp.dependencycheck.data.update.exception.UpdateException;
 import org.owasp.dependencycheck.utils.DownloadFailedException;
 import org.owasp.dependencycheck.utils.Downloader;
 import org.owasp.dependencycheck.utils.Settings;
 
 /**
  * A callable object to download two files.
  *
  * @author Jeremy Long
  */
 public class DownloadTask implements Callable<Future<ProcessTask>> {
 
     /**
      * The Logger.
      */
     private static final Logger LOGGER = Logger.getLogger(DownloadTask.class.getName());
 
     /**
      * Simple constructor for the callable download task.
      *
      * @param nvdCveInfo the NVD CVE info
      * @param processor the processor service to submit the downloaded files to
      * @param cveDB the CVE DB to use to store the vulnerability data
      * @param settings a reference to the global settings object; this is necessary so that when the thread is started
      * the dependencies have a correct reference to the global settings.
      * @throws UpdateException thrown if temporary files could not be created
      */
     public DownloadTask(NvdCveInfo nvdCveInfo, ExecutorService processor, CveDB cveDB, Settings settings) throws UpdateException {
         this.nvdCveInfo = nvdCveInfo;
         this.processorService = processor;
         this.cveDB = cveDB;
         this.settings = settings;
 
         final File file1;
         final File file2;
 
         try {
             file1 = File.createTempFile("cve" + nvdCveInfo.getId() + "_", ".xml", Settings.getTempDirectory());
             file2 = File.createTempFile("cve_1_2_" + nvdCveInfo.getId() + "_", ".xml", Settings.getTempDirectory());
         } catch (IOException ex) {
             throw new UpdateException("Unable to create temporary files", ex);
         }
         this.first = file1;
         this.second = file2;
 
     }
     /**
      * The CVE DB to use when processing the files.
      */
     private CveDB cveDB;
     /**
      * The processor service to pass the results of the download to.
      */
     private ExecutorService processorService;
     /**
      * The NVD CVE Meta Data.
      */
     private NvdCveInfo nvdCveInfo;
     /**
      * A reference to the global settings object.
      */
     private Settings settings;
 
     /**
      * Get the value of nvdCveInfo.
      *
      * @return the value of nvdCveInfo
      */
     public NvdCveInfo getNvdCveInfo() {
         return nvdCveInfo;
     }
 
     /**
      * Set the value of nvdCveInfo.
      *
      * @param nvdCveInfo new value of nvdCveInfo
      */
     public void setNvdCveInfo(NvdCveInfo nvdCveInfo) {
         this.nvdCveInfo = nvdCveInfo;
     }
     /**
      * a file.
      */
     private File first;
 
     /**
      * Get the value of first.
      *
      * @return the value of first
      */
     public File getFirst() {
         return first;
     }
 
     /**
      * Set the value of first.
      *
      * @param first new value of first
      */
     public void setFirst(File first) {
         this.first = first;
     }
     /**
      * a file.
      */
     private File second;
 
     /**
      * Get the value of second.
      *
      * @return the value of second
      */
     public File getSecond() {
         return second;
     }
 
     /**
      * Set the value of second.
      *
      * @param second new value of second
      */
     public void setSecond(File second) {
         this.second = second;
     }
     /**
      * A placeholder for an exception.
      */
     private Exception exception = null;
 
     /**
      * Get the value of exception.
      *
      * @return the value of exception
      */
     public Exception getException() {
         return exception;
     }
 
     /**
      * returns whether or not an exception occurred during download.
      *
      * @return whether or not an exception occurred during download
      */
     public boolean hasException() {
         return exception != null;
     }
 
     @Override
     public Future<ProcessTask> call() throws Exception {
         try {
             Settings.setInstance(settings);
             final URL url1 = new URL(nvdCveInfo.getUrl());
             final URL url2 = new URL(nvdCveInfo.getOldSchemaVersionUrl());
             String msg = String.format("Download Started for NVD CVE - %s", nvdCveInfo.getId());
             LOGGER.log(Level.INFO, msg);
             try {
                 Downloader.fetchFile(url1, first);
                 Downloader.fetchFile(url2, second);
             } catch (DownloadFailedException ex) {
                 msg = String.format("Download Failed for NVD CVE - %s%nSome CVEs may not be reported.", nvdCveInfo.getId());
                 LOGGER.log(Level.WARNING, msg);
                 if (Settings.getString(Settings.KEYS.PROXY_SERVER) == null) {
                     LOGGER.log(Level.INFO,
                             "If you are behind a proxy you may need to configure dependency-check to use the proxy.");
                 }
                 LOGGER.log(Level.FINE, null, ex);
                 return null;
             }
             if (url1.toExternalForm().endsWith(".xml.gz")) {
                 extractGzip(first);
             }
             if (url2.toExternalForm().endsWith(".xml.gz")) {
                 extractGzip(second);
             }
 
             msg = String.format("Download Complete for NVD CVE - %s", nvdCveInfo.getId());
             LOGGER.log(Level.INFO, msg);
             if (this.processorService == null) {
                 return null;
             }
             final ProcessTask task = new ProcessTask(cveDB, this, settings);
             return this.processorService.submit(task);
 
         } catch (Throwable ex) {
             final String msg = String.format("An exception occurred downloading NVD CVE - %s%nSome CVEs may not be reported.", nvdCveInfo.getId());
             LOGGER.log(Level.WARNING, msg);
             LOGGER.log(Level.FINE, "Download Task Failed", ex);
         } finally {
             Settings.cleanup(false);
         }
         return null;
     }
 
     /**
      * Attempts to delete the files that were downloaded.
      */
     public void cleanup() {
         boolean deleted = false;
         try {
             if (first != null && first.exists()) {
                 deleted = first.delete();
             }
         } finally {
             if (first != null && (first.exists() || !deleted)) {
                 first.deleteOnExit();
             }
         }
         try {
             deleted = false;
             if (second != null && second.exists()) {
                 deleted = second.delete();
             }
         } finally {
             if (second != null && (second.exists() || !deleted)) {
                 second.deleteOnExit();
             }
         }
     }
 
     /**
      * Extracts the file contained in a gzip archive. The extracted file is placed in the exact same path as the file
      * specified.
      *
      * @param file the archive file
      * @throws FileNotFoundException thrown if the file does not exist
      * @throws IOException thrown if there is an error extracting the file.
      */
     private void extractGzip(File file) throws FileNotFoundException, IOException {
         final String originalPath = file.getPath();
         final File gzip = new File(originalPath + ".gz");
         if (gzip.isFile() && !gzip.delete()) {
             gzip.deleteOnExit();
         }
         if (!file.renameTo(gzip)) {
             throw new IOException("Unable to rename '" + file.getPath() + "'");
         }
         final File newfile = new File(originalPath);
 
         final byte[] buffer = new byte[4096];
 
         GZIPInputStream cin = null;
         FileOutputStream out = null;
         try {
             cin = new GZIPInputStream(new FileInputStream(gzip));
             out = new FileOutputStream(newfile);
 
             int len;
             while ((len = cin.read(buffer)) > 0) {
                 out.write(buffer, 0, len);
             }
         } finally {
             if (cin != null) {
                 try {
                     cin.close();
                 } catch (IOException ex) {
                     LOGGER.log(Level.FINEST, "ignore", ex);
                 }
             }
             if (out != null) {
                 try {
                     out.close();
                 } catch (IOException ex) {
                     LOGGER.log(Level.FINEST, "ignore", ex);
                 }
             }
             if (gzip.isFile()) {
                 FileUtils.deleteQuietly(gzip);
             }
         }
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.data.update.task;
19
20		import java.io.File;
21		import java.io.FileInputStream;
22		import java.io.FileNotFoundException;
23		import java.io.FileOutputStream;
24		import java.io.IOException;
25		import java.net.URL;
26		import java.util.concurrent.Callable;
27		import java.util.concurrent.ExecutorService;
28		import java.util.concurrent.Future;
29		import java.util.logging.Level;
30		import java.util.logging.Logger;
31		import java.util.zip.GZIPInputStream;
32		import org.apache.commons.io.FileUtils;
33		import org.owasp.dependencycheck.data.nvdcve.CveDB;
34		import org.owasp.dependencycheck.data.update.NvdCveInfo;
35		import org.owasp.dependencycheck.data.update.exception.UpdateException;
36		import org.owasp.dependencycheck.utils.DownloadFailedException;
37		import org.owasp.dependencycheck.utils.Downloader;
38		import org.owasp.dependencycheck.utils.Settings;
39
40		/**
41		* A callable object to download two files.
42		*
43		* @author Jeremy Long
44		*/
45	0	public class DownloadTask implements Callable<Future<ProcessTask>> {
46
47		/**
48		* The Logger.
49		*/
50	1	private static final Logger LOGGER = Logger.getLogger(DownloadTask.class.getName());
51
52		/**
53		* Simple constructor for the callable download task.
54		*
55		* @param nvdCveInfo the NVD CVE info
56		* @param processor the processor service to submit the downloaded files to
57		* @param cveDB the CVE DB to use to store the vulnerability data
58		* @param settings a reference to the global settings object; this is necessary so that when the thread is started
59		* the dependencies have a correct reference to the global settings.
60		* @throws UpdateException thrown if temporary files could not be created
61		*/
62	1	public DownloadTask(NvdCveInfo nvdCveInfo, ExecutorService processor, CveDB cveDB, Settings settings) throws UpdateException {
63	1	this.nvdCveInfo = nvdCveInfo;
64	1	this.processorService = processor;
65	1	this.cveDB = cveDB;
66	1	this.settings = settings;
67
68		final File file1;
69		final File file2;
70
71		try {
72	1	file1 = File.createTempFile("cve" + nvdCveInfo.getId() + "_", ".xml", Settings.getTempDirectory());
73	1	file2 = File.createTempFile("cve_1_2_" + nvdCveInfo.getId() + "_", ".xml", Settings.getTempDirectory());
74	0	} catch (IOException ex) {
75	0	throw new UpdateException("Unable to create temporary files", ex);
76	1	}
77	1	this.first = file1;
78	1	this.second = file2;
79
80	1	}
81		/**
82		* The CVE DB to use when processing the files.
83		*/
84		private CveDB cveDB;
85		/**
86		* The processor service to pass the results of the download to.
87		*/
88		private ExecutorService processorService;
89		/**
90		* The NVD CVE Meta Data.
91		*/
92		private NvdCveInfo nvdCveInfo;
93		/**
94		* A reference to the global settings object.
95		*/
96		private Settings settings;
97
98		/**
99		* Get the value of nvdCveInfo.
100		*
101		* @return the value of nvdCveInfo
102		*/
103		public NvdCveInfo getNvdCveInfo() {
104	0	return nvdCveInfo;
105		}
106
107		/**
108		* Set the value of nvdCveInfo.
109		*
110		* @param nvdCveInfo new value of nvdCveInfo
111		*/
112		public void setNvdCveInfo(NvdCveInfo nvdCveInfo) {
113	0	this.nvdCveInfo = nvdCveInfo;
114	0	}
115		/**
116		* a file.
117		*/
118		private File first;
119
120		/**
121		* Get the value of first.
122		*
123		* @return the value of first
124		*/
125		public File getFirst() {
126	0	return first;
127		}
128
129		/**
130		* Set the value of first.
131		*
132		* @param first new value of first
133		*/
134		public void setFirst(File first) {
135	0	this.first = first;
136	0	}
137		/**
138		* a file.
139		*/
140		private File second;
141
142		/**
143		* Get the value of second.
144		*
145		* @return the value of second
146		*/
147		public File getSecond() {
148	0	return second;
149		}
150
151		/**
152		* Set the value of second.
153		*
154		* @param second new value of second
155		*/
156		public void setSecond(File second) {
157	0	this.second = second;
158	0	}
159		/**
160		* A placeholder for an exception.
161		*/
162	1	private Exception exception = null;
163
164		/**
165		* Get the value of exception.
166		*
167		* @return the value of exception
168		*/
169		public Exception getException() {
170	0	return exception;
171		}
172
173		/**
174		* returns whether or not an exception occurred during download.
175		*
176		* @return whether or not an exception occurred during download
177		*/
178		public boolean hasException() {
179	0	return exception != null;
180		}
181
182		@Override
183		public Future<ProcessTask> call() throws Exception {
184		try {
185	1	Settings.setInstance(settings);
186	1	final URL url1 = new URL(nvdCveInfo.getUrl());
187	1	final URL url2 = new URL(nvdCveInfo.getOldSchemaVersionUrl());
188	1	String msg = String.format("Download Started for NVD CVE - %s", nvdCveInfo.getId());
189	1	LOGGER.log(Level.INFO, msg);
190		try {
191	1	Downloader.fetchFile(url1, first);
192	1	Downloader.fetchFile(url2, second);
193	0	} catch (DownloadFailedException ex) {
194	0	msg = String.format("Download Failed for NVD CVE - %s%nSome CVEs may not be reported.", nvdCveInfo.getId());
195	0	LOGGER.log(Level.WARNING, msg);
196	0	if (Settings.getString(Settings.KEYS.PROXY_SERVER) == null) {
197	0	LOGGER.log(Level.INFO,
198		"If you are behind a proxy you may need to configure dependency-check to use the proxy.");
199		}
200	0	LOGGER.log(Level.FINE, null, ex);
201	0	return null;
202	1	}
203	1	if (url1.toExternalForm().endsWith(".xml.gz")) {
204	1	extractGzip(first);
205		}
206	1	if (url2.toExternalForm().endsWith(".xml.gz")) {
207	1	extractGzip(second);
208		}
209
210	1	msg = String.format("Download Complete for NVD CVE - %s", nvdCveInfo.getId());
211	1	LOGGER.log(Level.INFO, msg);
212	1	if (this.processorService == null) {
213	1	return null;
214		}
215	0	final ProcessTask task = new ProcessTask(cveDB, this, settings);
216	0	return this.processorService.submit(task);
217
218	0	} catch (Throwable ex) {
219	0	final String msg = String.format("An exception occurred downloading NVD CVE - %s%nSome CVEs may not be reported.", nvdCveInfo.getId());
220	0	LOGGER.log(Level.WARNING, msg);
221	0	LOGGER.log(Level.FINE, "Download Task Failed", ex);
222		} finally {
223	1	Settings.cleanup(false);
224	0	}
225	0	return null;
226		}
227
228		/**
229		* Attempts to delete the files that were downloaded.
230		*/
231		public void cleanup() {
232	0	boolean deleted = false;
233		try {
234	0	if (first != null && first.exists()) {
235	0	deleted = first.delete();
236		}
237		} finally {
238	0	if (first != null && (first.exists() \|\| !deleted)) {
239	0	first.deleteOnExit();
240		}
241		}
242		try {
243	0	deleted = false;
244	0	if (second != null && second.exists()) {
245	0	deleted = second.delete();
246		}
247		} finally {
248	0	if (second != null && (second.exists() \|\| !deleted)) {
249	0	second.deleteOnExit();
250		}
251		}
252	0	}
253
254		/**
255		* Extracts the file contained in a gzip archive. The extracted file is placed in the exact same path as the file
256		* specified.
257		*
258		* @param file the archive file
259		* @throws FileNotFoundException thrown if the file does not exist
260		* @throws IOException thrown if there is an error extracting the file.
261		*/
262		private void extractGzip(File file) throws FileNotFoundException, IOException {
263	2	final String originalPath = file.getPath();
264	2	final File gzip = new File(originalPath + ".gz");
265	2	if (gzip.isFile() && !gzip.delete()) {
266	0	gzip.deleteOnExit();
267		}
268	2	if (!file.renameTo(gzip)) {
269	0	throw new IOException("Unable to rename '" + file.getPath() + "'");
270		}
271	2	final File newfile = new File(originalPath);
272
273	2	final byte[] buffer = new byte[4096];
274
275	2	GZIPInputStream cin = null;
276	2	FileOutputStream out = null;
277		try {
278	2	cin = new GZIPInputStream(new FileInputStream(gzip));
279	2	out = new FileOutputStream(newfile);
280
281		int len;
282	669	while ((len = cin.read(buffer)) > 0) {
283	667	out.write(buffer, 0, len);
284		}
285		} finally {
286	2	if (cin != null) {
287		try {
288	2	cin.close();
289	0	} catch (IOException ex) {
290	0	LOGGER.log(Level.FINEST, "ignore", ex);
291	2	}
292		}
293	2	if (out != null) {
294		try {
295	2	out.close();
296	0	} catch (IOException ex) {
297	0	LOGGER.log(Level.FINEST, "ignore", ex);
298	2	}
299		}
300	2	if (gzip.isFile()) {
301	2	FileUtils.deleteQuietly(gzip);
302		}
303		}
304	2	}
305		}