force re-download of the retire JS repo if it is missing or empty per #…

…2810

core/src/main/java/org/owasp/dependencycheck/analyzer/RetireJsAnalyzer.java

@@ -178,30 +178,38 @@ public void initialize(Settings settings) {
      */
     @Override
     protected void prepareFileTypeAnalyzer(Engine engine) throws InitializationException {
-        final boolean autoupdate = getSettings().getBoolean(Settings.KEYS.AUTO_UPDATE, true);
-        final boolean forceupdate = getSettings().getBoolean(Settings.KEYS.ANALYZER_RETIREJS_FORCEUPDATE, false);
-        if (!autoupdate && forceupdate) {
-            final RetireJSDataSource ds = new RetireJSDataSource();
-            try {
-                ds.update(engine);
-            } catch (UpdateException ex) {
-                throw new InitializationException("Unable to initialize the Retire JS respository", ex);
-            }
-        }
 
         File repoFile = null;
+        boolean repoEmpty = false;
         try {
             final String configuredUrl = getSettings().getString(Settings.KEYS.ANALYZER_RETIREJS_REPO_JS_URL, RetireJSDataSource.DEFAULT_JS_URL);
             final URL url = new URL(configuredUrl);
             final File filepath = new File(url.getPath());
             repoFile = new File(getSettings().getDataDirectory(), filepath.getName());
+            if ( !repoFile.isFile() || repoFile.length() <= 1L) {
+                LOGGER.warn("Retire JS repository is empty or missing - attempting to force the update");
+                repoEmpty = true;
+                getSettings().setBoolean(Settings.KEYS.ANALYZER_RETIREJS_FORCEUPDATE, true);
+            }
         } catch (FileNotFoundException ex) {
             this.setEnabled(false);
             throw new InitializationException(String.format("RetireJS repo does not exist locally (%s)", repoFile), ex);
         } catch (IOException ex) {
             this.setEnabled(false);
             throw new InitializationException("Failed to initialize the RetireJS", ex);
         }
+
+        final boolean autoupdate = getSettings().getBoolean(Settings.KEYS.AUTO_UPDATE, true);
+        final boolean forceupdate = getSettings().getBoolean(Settings.KEYS.ANALYZER_RETIREJS_FORCEUPDATE, false);
+        if ((!autoupdate && forceupdate) || (autoupdate && repoEmpty)) {
+            final RetireJSDataSource ds = new RetireJSDataSource();
+            try {
+                ds.update(engine);
+            } catch (UpdateException ex) {
+                throw new InitializationException("Unable to initialize the Retire JS respository", ex);
+            }
+        }
+
         //several users are reporting that the retire js repository is getting corrupted.
         try (WriteLock lock = new WriteLock(getSettings(), true, repoFile.getName() + ".lock")) {
             final File temp = getSettings().getTempDirectory();
@@ -275,10 +283,10 @@ public void analyzeDependency(Dependency dependency, Engine engine) throws Analy
                 results = scanner.scanScript(dependency.getActualFile().getAbsolutePath(), fileContent, 0);
             } catch (StackOverflowError ex) {
                 final String msg = String.format("An error occured trying to analyze %s. "
-                                + "To resolve this error please try increasing the Java stack size to "
-                                + "8mb and re-run dependency-check:%n%n"
-                                + "(win) : set JAVA_OPTS=\"-Xss8192k\"%n"
-                                + "(*nix): export JAVA_OPTS=\"-Xss8192k\"%n%n",
+                        + "To resolve this error please try increasing the Java stack size to "
+                        + "8mb and re-run dependency-check:%n%n"
+                        + "(win) : set JAVA_OPTS=\"-Xss8192k\"%n"
+                        + "(*nix): export JAVA_OPTS=\"-Xss8192k\"%n%n",
                         dependency.getDisplayFileName());
                 throw new AnalysisException(msg, ex);
             }

core/src/main/java/org/owasp/dependencycheck/data/update/RetireJSDataSource.java

@@ -83,7 +83,7 @@ public boolean update(Engine engine) throws UpdateException {
             final URL url = new URL(configuredUrl);
             final File filepath = new File(url.getPath());
             final File repoFile = new File(settings.getDataDirectory(), filepath.getName());
-            final boolean proceed = enabled && (autoupdate || forceupdate) && shouldUpdate(repoFile);
+            final boolean proceed = enabled && (forceupdate || (autoupdate && shouldUpdate(repoFile)));
             if (proceed) {
                 LOGGER.debug("Begin RetireJS Update");
                 initializeRetireJsRepo(settings, url, repoFile);