updated to resolve #2642 (#2799)

core/src/main/java/org/owasp/dependencycheck/Engine.java

@@ -67,8 +67,8 @@
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.jcs.JCS;
 
-import org.owasp.dependencycheck.exception.H2DBLockException;
-import org.owasp.dependencycheck.utils.H2DBLock;
+import org.owasp.dependencycheck.exception.WriteLockException;
+import org.owasp.dependencycheck.utils.WriteLock;
 
 //CSOFF: AvoidStarImport
 import static org.owasp.dependencycheck.analyzer.AnalysisPhase.*;
@@ -918,7 +918,7 @@ public void doUpdates() throws UpdateException, DatabaseException {
      */
     public void doUpdates(boolean remainOpen) throws UpdateException, DatabaseException {
         if (mode.isDatabaseRequired()) {
-            try (H2DBLock dblock = new H2DBLock(getSettings(), ConnectionFactory.isH2Connection(getSettings()))) {
+            try (WriteLock dblock = new WriteLock(getSettings(), ConnectionFactory.isH2Connection(getSettings()))) {
                 //lock is not needed as we already have the lock held
                 openDatabase(false, false);
                 LOGGER.info("Checking for updates");
@@ -949,7 +949,7 @@ public void doUpdates(boolean remainOpen) throws UpdateException, DatabaseExcept
                     //lock is not needed as we already have the lock held
                     openDatabase(true, false);
                 }
-            } catch (H2DBLockException ex) {
+            } catch (WriteLockException ex) {
                 throw new UpdateException("Unable to obtain an exclusive lock on the H2 database to perform updates", ex);
             }
         } else {
@@ -1024,7 +1024,7 @@ public void openDatabase() throws DatabaseException {
      */
     public void openDatabase(boolean readOnly, boolean lockRequired) throws DatabaseException {
         if (mode.isDatabaseRequired() && database == null) {
-            try (H2DBLock dblock = new H2DBLock(getSettings(), lockRequired && ConnectionFactory.isH2Connection(settings))) {
+            try (WriteLock dblock = new WriteLock(getSettings(), lockRequired && ConnectionFactory.isH2Connection(settings))) {
                 if (readOnly
                         && ConnectionFactory.isH2Connection(settings)
                         && settings.getString(Settings.KEYS.DB_CONNECTION_STRING).contains("file:%s")) {
@@ -1048,7 +1048,7 @@ public void openDatabase(boolean readOnly, boolean lockRequired) throws Database
                 }
             } catch (IOException ex) {
                 throw new DatabaseException("Unable to open database in read only mode", ex);
-            } catch (H2DBLockException ex) {
+            } catch (WriteLockException ex) {
                 throw new DatabaseException("Failed to obtain lock - unable to open database", ex);
             }
         }

core/src/main/java/org/owasp/dependencycheck/analyzer/RetireJsAnalyzer.java

@@ -59,6 +59,8 @@
 import org.owasp.dependencycheck.dependency.naming.GenericIdentifier;
 import org.owasp.dependencycheck.dependency.naming.PurlIdentifier;
 import org.owasp.dependencycheck.exception.InitializationException;
+import org.owasp.dependencycheck.exception.WriteLockException;
+import org.owasp.dependencycheck.utils.WriteLock;
 import org.owasp.dependencycheck.utils.search.FileContentSearch;
 
 /**
@@ -198,14 +200,15 @@ protected void prepareFileTypeAnalyzer(Engine engine) throws InitializationExcep
             this.setEnabled(false);
             throw new InitializationException("Failed to initialize the RetireJS repo - data directory could not be created", ex);
         }
-        try (FileInputStream in = new FileInputStream(repoFile)) {
+        try (WriteLock lock = new WriteLock(getSettings(),true,repoFile.getName() + ".lock");
+                FileInputStream in = new FileInputStream(repoFile)) {
             this.jsRepository = new VulnerabilitiesRepositoryLoader().loadFromInputStream(in);
         } catch (JSONException ex) {
             this.setEnabled(false);
             throw new InitializationException("Failed to initialize the RetireJS repo: `" + repoFile.toString()
                     + "` appears to be malformed. Please delete the file or run the dependency-check purge "
                     + "command and re-try running dependency-check.", ex);
-        } catch (IOException ex) {
+        } catch (WriteLockException | IOException ex) {
             this.setEnabled(false);
             throw new InitializationException("Failed to initialize the RetireJS repo", ex);
         }

core/src/main/java/org/owasp/dependencycheck/data/update/RetireJSDataSource.java

@@ -25,10 +25,12 @@
 
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.data.update.exception.UpdateException;
+import org.owasp.dependencycheck.exception.WriteLockException;
 import org.owasp.dependencycheck.utils.Downloader;
 import org.owasp.dependencycheck.utils.ResourceNotFoundException;
 import org.owasp.dependencycheck.utils.Settings;
 import org.owasp.dependencycheck.utils.TooManyRequestsException;
+import org.owasp.dependencycheck.utils.WriteLock;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -130,11 +132,11 @@ protected boolean shouldUpdate(File repo) throws NumberFormatException {
      * initialization
      */
     private void initializeRetireJsRepo(Settings settings, URL repoUrl, File repoFile) throws UpdateException {
-        try {
+        try (WriteLock lock = new WriteLock(settings, true, repoFile.getName() + ".lock")) {
             LOGGER.debug("RetireJS Repo URL: {}", repoUrl.toExternalForm());
             final Downloader downloader = new Downloader(settings);
             downloader.fetchFile(repoUrl, repoFile);
-        } catch (IOException | TooManyRequestsException | ResourceNotFoundException ex) {
+        } catch (IOException | TooManyRequestsException | ResourceNotFoundException | WriteLockException ex) {
             throw new UpdateException("Failed to initialize the RetireJS repo", ex);
         }
     }
@@ -148,14 +150,16 @@ public boolean purge(Engine engine) {
             final String filename = repoUrl.getFile().substring(repoUrl.getFile().lastIndexOf("/") + 1);
             final File repo = new File(dataDir, filename);
             if (repo.exists()) {
-                if (repo.delete()) {
-                    LOGGER.info("RetireJS repo removed successfully");
-                } else {
-                    LOGGER.error("Unable to delete '{}'; please delete the file manually", repo.getAbsolutePath());
-                    result = false;
+                try (WriteLock lock = new WriteLock(settings, true, filename + ".lock")) {
+                    if (repo.delete()) {
+                        LOGGER.info("RetireJS repo removed successfully");
+                    } else {
+                        LOGGER.error("Unable to delete '{}'; please delete the file manually", repo.getAbsolutePath());
+                        result = false;
+                    }
                 }
             }
-        } catch (IOException ex) {
+        } catch (WriteLockException | IOException ex) {
             LOGGER.error("Unable to delete the RetireJS repo - invalid configuration");
             result = false;
         }

core/src/main/java/org/owasp/dependencycheck/exception/H2DBLockException.java → core/src/main/java/org/owasp/dependencycheck/exception/WriteLockException.java

@@ -20,50 +20,50 @@
 import javax.annotation.concurrent.ThreadSafe;
 
 /**
- * An exception used when trying to obtain a lock on the H2 database.
+ * An exception used when trying to obtain a lock on a resource.
  *
  * @author Jeremy Long
  */
 @ThreadSafe
-public class H2DBLockException extends Exception {
+public class WriteLockException extends Exception {
 
     /**
      * The serial version UID for serialization.
      */
     private static final long serialVersionUID = 8987298706527142594L;
 
     /**
-     * Creates a new H2DBLockException.
+     * Creates a new WriteLockException.
      */
-    public H2DBLockException() {
+    public WriteLockException() {
         super();
     }
 
     /**
-     * Creates a new H2DBLockException.
+     * Creates a new WriteLockException.
      *
      * @param msg a message for the exception.
      */
-    public H2DBLockException(String msg) {
+    public WriteLockException(String msg) {
         super(msg);
     }
 
     /**
-     * Creates a new H2DBLockException.
+     * Creates a new WriteLockException.
      *
      * @param ex the cause of the exception.
      */
-    public H2DBLockException(Throwable ex) {
+    public WriteLockException(Throwable ex) {
         super(ex);
     }
 
     /**
-     * Creates a new H2DBLockException.
+     * Creates a new WriteLockException.
      *
      * @param msg a message for the exception.
      * @param ex the cause of the exception.
      */
-    public H2DBLockException(String msg, Throwable ex) {
+    public WriteLockException(String msg, Throwable ex) {
         super(msg, ex);
     }
 }

core/src/main/java/org/owasp/dependencycheck/utils/H2DBLock.java → core/src/main/java/org/owasp/dependencycheck/utils/WriteLock.java

@@ -25,23 +25,23 @@
 import java.sql.Timestamp;
 import java.util.Date;
 import javax.annotation.concurrent.NotThreadSafe;
-import org.owasp.dependencycheck.exception.H2DBLockException;
+import org.owasp.dependencycheck.exception.WriteLockException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 /**
- * The H2 DB lock file implementation; creates a custom lock file so that only a
- * single instance of dependency-check can update the embedded h2 database.
+ * A lock file implementation; creates a custom lock file so that only a single
+ * instance of dependency-check can update the a given resource.
  *
  * @author Jeremy Long
  */
 @NotThreadSafe
-public class H2DBLock implements AutoCloseable {
+public class WriteLock implements AutoCloseable {
 
     /**
      * The logger.
      */
-    private static final Logger LOGGER = LoggerFactory.getLogger(H2DBLock.class);
+    private static final Logger LOGGER = LoggerFactory.getLogger(WriteLock.class);
     /**
      * How long to sleep waiting for the lock.
      */
@@ -71,56 +71,79 @@ public class H2DBLock implements AutoCloseable {
      */
     private final String magic;
     /**
-     * A flag indicating whether or not an H2 database is being used.
+     * A flag indicating whether or not an resource is lockable.
      */
     private final boolean isLockable;
+    /**
+     * The name of the lock file.
+     */
+    private final String lockFileName;
 
     /**
      * The shutdown hook used to remove the lock file in case of an unexpected
      * shutdown.
      */
-    private H2DBShutdownHook hook = null;
+    private WriteLockShutdownHook hook = null;
 
     /**
-     * Constructs a new H2DB Lock object with the configured settings.
+     * Constructs a new Write Lock object with the configured settings.
      *
      * @param settings the configured settings
-     * @throws H2DBLockException thrown if a lock could not be obtained
+     * @throws WriteLockException thrown if a lock could not be obtained
      */
-    public H2DBLock(Settings settings) throws H2DBLockException {
+    public WriteLock(Settings settings) throws WriteLockException {
         this(settings, true);
     }
 
     /**
-     * Constructs a new H2DB Lock object with the configured settings.
+     * Constructs a new Write Lock object with the configured settings.
+     *
+     * @param settings the configured settings
+     * @param isLockable a flag indicating if a lock can be obtained for the
+     * resource; if false the lock does nothing. This is useful in the case of
+     * ODC where we need to lock for updates against H2 but we do not need to
+     * lock updates for other databases.
+     * @throws WriteLockException thrown if a lock could not be obtained
+     */
+    public WriteLock(Settings settings, boolean isLockable) throws WriteLockException {
+        this(settings, isLockable, "odc.update.lock");
+    }
+
+    /**
+     * Constructs a new Write Lock object with the configured settings.
      *
      * @param settings the configured settings
-     * @param isH2Connection a flag indicating if the lock is for an H2 database
-     * - if false the H2DBLock does nothing
-     * @throws H2DBLockException thrown if a lock could not be obtained
+     * @param isLockable a flag indicating if a lock can be obtained for the
+     * resource; if false the lock does nothing. This is useful in the case of
+     * ODC where we need to lock for updates against H2 but we do not need to
+     * lock updates for other databases.
+     * @param lockFileName the name of the lock file; note the lock file will be
+     * in the ODC data directory.
+     * @throws WriteLockException thrown if a lock could not be obtained
      */
-    public H2DBLock(Settings settings, boolean isH2Connection) throws H2DBLockException {
+    public WriteLock(Settings settings, boolean isLockable, String lockFileName) throws WriteLockException {
         this.settings = settings;
         final byte[] random = new byte[16];
         final SecureRandom gen = new SecureRandom();
         gen.nextBytes(random);
         magic = Checksum.getHex(random);
-        this.isLockable = isH2Connection;
+        this.isLockable = isLockable;
+        this.lockFileName = lockFileName;
         lock();
     }
 
     /**
-     * Obtains a lock on the H2 database.
+     * Obtains a lock on the resource.
      *
-     * @throws H2DBLockException thrown if a lock could not be obtained
+     * @throws WriteLockException thrown if a lock could not be obtained
      */
-    public final void lock() throws H2DBLockException {
+    public final void lock() throws WriteLockException {
         if (!isLockable) {
             return;
         }
         try {
             final File dir = settings.getDataDirectory();
-            lockFile = new File(dir, "odc.update.lock");
+            lockFile = new File(dir, lockFileName);
             checkState();
             int ctr = 0;
             do {
@@ -171,15 +194,15 @@ public final void lock() throws H2DBLockException {
                 }
             } while (++ctr < MAX_SLEEP_COUNT && (lock == null || !lock.isValid()));
             if (lock == null || !lock.isValid()) {
-                throw new H2DBLockException("Unable to obtain the update lock, skipping the database update. Skippinig the database update.");
+                throw new WriteLockException("Unable to obtain the update lock, skipping the database update. Skippinig the database update.");
             }
         } catch (IOException ex) {
-            throw new H2DBLockException(ex.getMessage(), ex);
+            throw new WriteLockException(ex.getMessage(), ex);
         }
     }
 
     /**
-     * Releases the lock on the H2 database.
+     * Releases the lock on the resource.
      */
     @Override
     public void close() {
@@ -216,22 +239,22 @@ public void close() {
     }
 
     /**
-     * Checks the state of the custom h2 lock file and under some conditions
+     * Checks the state of the custom write lock file and under some conditions
      * will attempt to remove the lock file.
      *
-     * @throws H2DBLockException thrown if the lock directory does not exist and
-     * cannot be created
+     * @throws WriteLockException thrown if the lock directory does not exist
+     * and cannot be created
      */
-    private void checkState() throws H2DBLockException {
+    private void checkState() throws WriteLockException {
         if (!lockFile.getParentFile().isDirectory() && !lockFile.mkdir()) {
-            throw new H2DBLockException("Unable to create path to data directory.");
+            throw new WriteLockException("Unable to create path to data directory.");
         }
         if (lockFile.isFile()) {
             //TODO - this 30 minute check needs to be configurable.
             if (getFileAge(lockFile) > 30) {
-                LOGGER.debug("An old db update lock file was found: {}", lockFile.getAbsolutePath());
+                LOGGER.debug("An old write lock file was found: {}", lockFile.getAbsolutePath());
                 if (!lockFile.delete()) {
-                    LOGGER.warn("An old db update lock file was found but the system was unable to delete "
+                    LOGGER.warn("An old write lock file was found but the system was unable to delete "
                             + "the file. Consider manually deleting {}", lockFile.getAbsolutePath());
                 }
             } else {
@@ -277,7 +300,7 @@ private double getFileAge(File file) {
      */
     private void addShutdownHook() {
         if (hook == null) {
-            hook = H2DBShutdownHookFactory.getHook(settings);
+            hook = WriteLockShutdownHookFactory.getHook(settings);
             hook.add(this);
 
         }