Added a workaround for long loading of vulnerabilities page

2026-01-16 00:34:18 +01:00 · 2016-08-25 23:58:39 +02:00
parent 5edf9f0781
commit 47b0c3b021
2 changed files with 24 additions and 3 deletions
--- a/app/services/OdcService.scala
+++ b/app/services/OdcService.scala
@@ -1,15 +1,18 @@
 package services

 import java.lang.{Boolean => JBoolean}
-import java.util.{Map => JMap}
+import java.sql.{Array => _, _}
+import java.util.{Properties, Map => JMap}

 import _root_.org.owasp.dependencycheck.data.nvdcve.CveDB
 import _root_.org.owasp.dependencycheck.dependency.VulnerableSoftware
 import _root_.org.owasp.dependencycheck.utils.{DependencyVersion, DependencyVersionUtil, Settings}
 import com.github.nscala_time.time.Imports._
 import com.google.inject.Inject
-import models.odc.{Vulnerabilities, OdcProperty}
+import com.mockrunner.mock.jdbc.MockConnection
 import models.odc.tables._
+import models.odc.{OdcProperty, Vulnerabilities}
+import play.api.Logger
 import play.api.db.slick.{DatabaseConfigProvider, HasDatabaseConfigProvider}
 import play.db.NamedDatabase

@@ -116,10 +119,24 @@ class OdcService @Inject()(@NamedDatabase("odc") protected val dbConfigProvider:

 private[services] object CveDbHelper {

+  class DummyDriver extends Driver{
+    override def acceptsURL(url: String): Boolean = {url.startsWith("jdbc:dummy:")}
+    override def jdbcCompliant(): Boolean = false
+    override def connect(url: String, info: Properties): Connection = new MockConnection()
+    override def getParentLogger = throw new SQLFeatureNotSupportedException()
+    override def getPropertyInfo(url: String, info: Properties): Array[DriverPropertyInfo] = {Array()}
+    override def getMinorVersion: Int = 1
+    override def getMajorVersion: Int = 1
+  }
+
+  org.apache.geronimo.jdbc.DelegatingDriver.registerDriver(new DummyDriver())

  def matchSofware(vulnerableSoftware: Map[String, Boolean], vendor: String, product: String, identifiedVersion: DependencyVersion) = {
    if(Settings.getInstance() == null){
      Settings.initialize()// Initiallize ODC environment on first use; Needed for each thread.
+      Settings.setString(Settings.KEYS.DB_CONNECTION_STRING, "jdbc:dummy:")
+      // Workaround: At first initialization, it will complain that the DB is empty. On next initializations, it will not complain.
+      try{new CveDB()}catch {case e: Throwable => Logger.info("A workaround-related exception, safe to ignore", e)}
    }
    val cd = new CveDB()
    import scala.collection.JavaConversions._
--- a/build.sbt
+++ b/build.sbt
@@ -75,7 +75,7 @@ libraryDependencies += "net.codingwell" %% "scala-guice" % "4.0.0"

 libraryDependencies += "com.iheart" %% "ficus" % "1.2.3"

-libraryDependencies += "org.owasp" % "dependency-check-core" % "1.3.0"
+libraryDependencies += "org.owasp" % "dependency-check-core" % "1.4.2"

 libraryDependencies += "com.typesafe.play" %% "play-mailer" % "3.0.1"

@@ -85,6 +85,10 @@ libraryDependencies += "org.apache.httpcomponents" % "httpclient" % "4.3.6" // e

 libraryDependencies += "commons-collections" % "commons-collections" % "3.2.2" // evict the vulnerable version

+libraryDependencies += "org.apache.geronimo.modules" % "geronimo-jdbc" % "2.0.2"
+
+libraryDependencies += "com.mockrunner" % "mockrunner-jdbc" % "1.1.1"
+
 routesImport += "binders.QueryBinders._"

 // Uncomment to use Akka