Skip to content

Commit

Permalink
changed CveDB to a singeton
Browse files Browse the repository at this point in the history
  • Loading branch information
@jeremylong
jeremylong committed Mar 7, 2017
1 parent 5ed5764 commit 679df93
Show file tree
Hide file tree
Showing 26 changed files with 352 additions and 728 deletions.
9 changes: 3 additions & 6 deletions dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -944,16 +944,13 @@ public void execute() throws BuildException {
DatabaseProperties prop = null;
CveDB cve = null;
try {
cve = new CveDB();
cve.open();
cve = CveDB.getInstance();
prop = cve.getDatabaseProperties();
} catch (DatabaseException ex) {
//TODO shouldn't this be a fatal exception
log("Unable to retrieve DB Properties", ex, Project.MSG_DEBUG);
} finally {
if (cve != null) {
cve.close();
}
}

final ReportGenerator reporter = new ReportGenerator(getProjectName(), engine.getDependencies(), engine.getAnalyzers(), prop);
reporter.generateReports(reportOutputDirectory, reportFormat);

Expand Down
11 changes: 2 additions & 9 deletions dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -284,15 +284,8 @@ private int runScan(String reportDirectory, String outputFormat, String applicat
final List<Dependency> dependencies = engine.getDependencies();
DatabaseProperties prop = null;
CveDB cve = null;
try {
cve = new CveDB();
cve.open();
prop = cve.getDatabaseProperties();
} finally {
if (cve != null) {
cve.close();
}
}
cve = CveDB.getInstance();
prop = cve.getDatabaseProperties();
final ReportGenerator report = new ReportGenerator(applicationName, dependencies, engine.getAnalyzers(), prop);
try {
report.generateReports(reportDirectory, outputFormat);
Expand Down
2 changes: 1 addition & 1 deletion dependency-check-core/src/main/java/org/owasp/dependencycheck/AnalysisTask.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
*
* @author Stefan Neuhaus
*/
class AnalysisTask implements Callable<Void> {
public class AnalysisTask implements Callable<Void> {

/**
* Instance of the logger.
Expand Down
44 changes: 21 additions & 23 deletions dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ public class Engine implements FileFilter {
/**
* A Map of analyzers grouped by Analysis phase.
*/
private final Map<AnalysisPhase, List<Analyzer>> analyzers = new EnumMap<AnalysisPhase, List<Analyzer>>(AnalysisPhase.class);
private final Map<AnalysisPhase, List<Analyzer>> analyzers = new EnumMap<>(AnalysisPhase.class);

/**
* A Map of analyzers grouped by Analysis phase.
Expand Down Expand Up @@ -126,6 +126,11 @@ protected final void initializeEngine() throws DatabaseException {
* Properly cleans up resources allocated during analysis.
*/
public void cleanup() {
try {
CveDB.getInstance().closeDatabase();
} catch (DatabaseException ex) {
LOGGER.trace("Error closing the database", ex);
}
ConnectionFactory.cleanup();
}

Expand All @@ -140,7 +145,7 @@ private void loadAnalyzers() {
for (AnalysisPhase phase : AnalysisPhase.values()) {
analyzers.put(phase, new ArrayList<Analyzer>());
}

final AnalyzerService service = new AnalyzerService(serviceClassLoader);
final List<Analyzer> iterator = service.getAnalyzers();
for (Analyzer a : iterator) {
Expand Down Expand Up @@ -213,7 +218,7 @@ public List<Dependency> scan(String[] paths) {
* @since v1.4.4
*/
public List<Dependency> scan(String[] paths, String projectReference) {
final List<Dependency> deps = new ArrayList<Dependency>();
final List<Dependency> deps = new ArrayList<>();
for (String path : paths) {
final List<Dependency> d = scan(path, projectReference);
if (d != null) {
Expand Down Expand Up @@ -384,7 +389,7 @@ protected List<Dependency> scanDirectory(File dir) {
*/
protected List<Dependency> scanDirectory(File dir, String projectReference) {
final File[] files = dir.listFiles();
final List<Dependency> deps = new ArrayList<Dependency>();
final List<Dependency> deps = new ArrayList<>();
if (files != null) {
for (File f : files) {
if (f.isDirectory()) {
Expand Down Expand Up @@ -504,15 +509,15 @@ public void analyzeDependencies() throws ExceptionCollection {
} catch (DatabaseException ex) {
throwFatalExceptionCollection("Unable to connect to the dependency-check database.", ex, exceptions);
}

LOGGER.debug("\n----------------------------------------------------\nBEGIN ANALYSIS\n----------------------------------------------------");
LOGGER.info("Analysis Started");
final long analysisStart = System.currentTimeMillis();

// analysis phases
for (AnalysisPhase phase : AnalysisPhase.values()) {
final List<Analyzer> analyzerList = analyzers.get(phase);

for (final Analyzer analyzer : analyzerList) {
final long analyzerStart = System.currentTimeMillis();
try {
Expand All @@ -521,10 +526,10 @@ public void analyzeDependencies() throws ExceptionCollection {
exceptions.add(ex);
continue;
}

if (analyzer.isEnabled()) {
executeAnalysisTasks(analyzer, exceptions);

final long analyzerDurationMillis = System.currentTimeMillis() - analyzerStart;
final long analyzerDurationSeconds = TimeUnit.MILLISECONDS.toSeconds(analyzerDurationMillis);
LOGGER.info("Finished {} ({} seconds)", analyzer.getName(), analyzerDurationSeconds);
Expand All @@ -535,12 +540,12 @@ public void analyzeDependencies() throws ExceptionCollection {
}
for (AnalysisPhase phase : AnalysisPhase.values()) {
final List<Analyzer> analyzerList = analyzers.get(phase);

for (Analyzer a : analyzerList) {
closeAnalyzer(a);
}
}

LOGGER.debug("\n----------------------------------------------------\nEND ANALYSIS\n----------------------------------------------------");
final long analysisDurationSeconds = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis() - analysisStart);
LOGGER.info("Analysis Complete ({} seconds)", analysisDurationSeconds);
Expand All @@ -561,7 +566,7 @@ protected void executeAnalysisTasks(Analyzer analyzer, List<Throwable> exception
LOGGER.debug("Starting {}", analyzer.getName());
final List<AnalysisTask> analysisTasks = getAnalysisTasks(analyzer, exceptions);
final ExecutorService executorService = getExecutorService(analyzer);

try {
final List<Future<Void>> results = executorService.invokeAll(analysisTasks, 10, TimeUnit.MINUTES);

Expand Down Expand Up @@ -610,7 +615,7 @@ protected ExecutorService getExecutorService(Analyzer analyzer) {
if (analyzer.supportsParallelProcessing()) {
// just a fair trade-off that should be reasonable for all analyzer types
final int maximumNumberOfThreads = 4 * Runtime.getRuntime().availableProcessors();

LOGGER.debug("Parallel processing with up to {} threads: {}.", maximumNumberOfThreads, analyzer.getName());
return Executors.newFixedThreadPool(maximumNumberOfThreads);
} else {
Expand Down Expand Up @@ -692,7 +697,7 @@ public void doUpdates() throws UpdateException {
* @return a list of Analyzers
*/
public List<Analyzer> getAnalyzers() {
final List<Analyzer> ret = new ArrayList<Analyzer>();
final List<Analyzer> ret = new ArrayList<>();
for (AnalysisPhase phase : AnalysisPhase.values()) {
final List<Analyzer> analyzerList = analyzers.get(phase);
ret.addAll(analyzerList);
Expand Down Expand Up @@ -749,16 +754,9 @@ protected void addFileTypeAnalyzer(FileTypeAnalyzer fta) {
* database
*/
private void ensureDataExists() throws NoDataException, DatabaseException {
final CveDB cve = new CveDB();
try {
cve.open();
if (!cve.dataExists()) {
throw new NoDataException("No documents exist");
}
} catch (DatabaseException ex) {
throw new NoDataException(ex.getMessage(), ex);
} finally {
cve.close();
final CveDB cve = CveDB.getInstance();
if (!cve.dataExists()) {
throw new NoDataException("No documents exist");
}
}

Expand Down
11 changes: 3 additions & 8 deletions ...cy-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -844,22 +844,17 @@ private void generateExternalReports(Engine engine, File outDirectory) {
DatabaseProperties prop = null;
CveDB cve = null;
try {
cve = new CveDB();
cve.open();
cve = CveDB.getInstance();
prop = cve.getDatabaseProperties();
} catch (DatabaseException ex) {
//TODO shouldn't this throw an exception or return?
LOGGER.debug("Unable to retrieve DB Properties", ex);
} finally {
if (cve != null) {
cve.close();
}
}
final ReportGenerator r = new ReportGenerator(this.applicationName, engine.getDependencies(), engine.getAnalyzers(), prop);
try {
r.generateReports(outDirectory.getCanonicalPath(), this.reportFormat.name());
} catch (IOException ex) {
LOGGER.error(
"Unexpected exception occurred during analysis; please see the verbose error log for more details.");
LOGGER.error("Unexpected exception occurred during analysis; please see the verbose error log for more details.");
LOGGER.debug("", ex);
} catch (Throwable ex) {
LOGGER.error(
Expand Down
7 changes: 1 addition & 6 deletions dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,8 +163,7 @@ public void initializeAnalyzer() throws InitializationException {
*/
public void open() throws IOException, DatabaseException {
if (!isOpen()) {
cve = new CveDB();
cve.open();
cve = CveDB.getInstance();
cpe = CpeMemoryIndex.getInstance();
try {
final long creationStart = System.currentTimeMillis();
Expand All @@ -187,10 +186,6 @@ public void closeAnalyzer() {
cpe.close();
cpe = null;
}
if (cve != null) {
cve.close();
cve = null;
}
}

public boolean isOpen() {
Expand Down
17 changes: 1 addition & 16 deletions dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,16 +60,14 @@ public class NvdCveAnalyzer extends AbstractAnalyzer {
* loaded
*/
public void open() throws SQLException, IOException, DatabaseException, ClassNotFoundException {
cveDB = new CveDB();
cveDB.open();
cveDB = CveDB.getInstance();
}

/**
* Closes the data source.
*/
@Override
public void closeAnalyzer() {
cveDB.close();
cveDB = null;
}

Expand All @@ -82,19 +80,6 @@ public boolean isOpen() {
return cveDB != null;
}

/**
* Ensures that the CVE Database is closed.
*
* @throws Throwable an exception raised by this method
*/
@Override
protected void finalize() throws Throwable {
super.finalize();
if (isOpen()) {
close();
}
}

/**
* Analyzes a dependency and attempts to determine if there are any CPE
* identifiers for this dependency.
Expand Down
4 changes: 1 addition & 3 deletions ...-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,8 +145,7 @@ private Process launchBundleAudit(File folder) throws AnalysisException {
@Override
public void initializeFileTypeAnalyzer() throws InitializationException {
try {
cvedb = new CveDB();
cvedb.open();
cvedb = CveDB.getInstance();
} catch (DatabaseException ex) {
LOGGER.warn("Exception opening the database");
LOGGER.debug("error", ex);
Expand All @@ -160,7 +159,6 @@ public void initializeFileTypeAnalyzer() throws InitializationException {
} catch (AnalysisException ae) {

setEnabled(false);
cvedb.close();
cvedb = null;
final String msg = String.format("Exception from bundle-audit process: %s. Disabling %s", ae.getCause(), ANALYZER_NAME);
throw new InitializationException(msg, ae);
Expand Down
Loading

0 comments on commit 679df93

Please sign in to comment.