org.owasp.dependencycheck.data.update.nvd.ProcessTask Maven / Gradle / Ivy

/*
 * This file is part of dependency-check-core.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
 */
package org.owasp.dependencycheck.data.update.nvd;

import java.io.File;
import java.io.IOException;
import java.sql.SQLException;
import java.util.concurrent.Callable;
import javax.annotation.concurrent.ThreadSafe;
import javax.xml.parsers.ParserConfigurationException;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
import org.owasp.dependencycheck.data.update.exception.CorruptedDatastreamException;
import org.owasp.dependencycheck.data.update.exception.UpdateException;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * A callable task that will process a given set of NVD CVE xml files and update
 * the Cve Database accordingly.
 *
 * @author Jeremy Long
 */
@ThreadSafe
public class ProcessTask implements Callable {

    /**
     * The logger.
     */
    private static final Logger LOGGER = LoggerFactory.getLogger(ProcessTask.class);
    /**
     * A field to store any update exceptions that occur during the "call".
     */
    private UpdateException exception = null;
    /**
     * A reference to the CveDB.
     */
    private final CveDB cveDB;
    /**
     * A reference to the callable download task.
     */
    private final DownloadTask downloadTask;
    /**
     * A reference to the properties.
     */
    private final DatabaseProperties properties;
    /**
     * A reference to the global settings object.
     */
    private final Settings settings;

    /**
     * Get the value of exception.
     *
     * @return the value of exception
     */
    public UpdateException getException() {
        return exception;
    }

    /**
     * Set the value of exception.
     *
     * @param exception new value of exception
     */
    public void setException(UpdateException exception) {
        this.exception = exception;
    }

    /**
     * Constructs a new ProcessTask used to process an NVD CVE update.
     *
     * @param cveDB the data store object
     * @param downloadTask the download task that contains the URL references to
     * download
     * @param settings a reference to the global settings object; this is
     * necessary so that when the thread is started the dependencies have a
     * correct reference to the global settings.
     */
    public ProcessTask(final CveDB cveDB, final DownloadTask downloadTask, Settings settings) {
        this.cveDB = cveDB;
        this.downloadTask = downloadTask;
        this.properties = cveDB.getDatabaseProperties();
        this.settings = settings;
    }

    /**
     * Implements the callable interface.
     *
     * @return this object
     * @throws Exception thrown if there is an exception; note that any
     * UpdateExceptions are simply added to the tasks exception collection
     */
    @Override
    public ProcessTask call() throws Exception {
        try {
            processFiles();
        } catch (UpdateException ex) {
            this.exception = ex;
        } finally {
            settings.cleanup(false);
        }
        return this;
    }

    /**
     * Imports the NVD CVE JSON File into the database.
     *
     * @param file the file containing the NVD CVE JSON
     * @throws ParserConfigurationException is thrown if there is a parser
     * configuration exception
     * @throws IOException is thrown if there is a IO Exception
     * @throws SQLException is thrown if there is a SQL exception
     * @throws DatabaseException is thrown if there is a database exception
     * @throws ClassNotFoundException thrown if the h2 database driver cannot be
     * loaded
     * @throws UpdateException thrown if the file could not be found
     * @throws CorruptedDatastreamException thrown if the file was found to be a corrupted download
     */
    protected void importJSON(File file) throws ParserConfigurationException, IOException, SQLException, DatabaseException,
            ClassNotFoundException, UpdateException, CorruptedDatastreamException {

        final NvdCveParser parser = new NvdCveParser(settings, cveDB);
        parser.parse(file);
    }

    /**
     * Processes the NVD CVE XML file and imports the data into the DB.
     *
     * @throws UpdateException thrown if there is an error loading the data into
     * the database
     */
    private void processFiles() throws UpdateException {
        LOGGER.info("Processing Started for NVD CVE - {}", downloadTask.getNvdCveInfo().getId());
        final long startProcessing = System.currentTimeMillis();
        try {
            importJSON(downloadTask.getFile());
            properties.save(downloadTask.getNvdCveInfo());
        } catch (ParserConfigurationException | SQLException | DatabaseException | ClassNotFoundException | IOException ex) {
            throw new UpdateException(ex);
        } catch (CorruptedDatastreamException ex) {
            downloadTask.evictCorruptFileFromCache();
            throw new UpdateException(ex);
        } finally {
            downloadTask.cleanup();
        }
        LOGGER.info("Processing Complete for NVD CVE - {}  ({} ms)", downloadTask.getNvdCveInfo().getId(),
                System.currentTimeMillis() - startProcessing);
    }
}