Handle OWASP temp folder creation (#884)

* Handle OWASP temp folder creation
SAP · Sep 26, 2022 · 1c64b0d · 1c64b0d
1 parent d066638
commit 1c64b0d
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 1 deletion.
diff --git a/.../com/sap/oss/phosphor/fosstars/data/artifact/VulnerabilitiesFromOwaspDependencyCheck.java b/.../com/sap/oss/phosphor/fosstars/data/artifact/VulnerabilitiesFromOwaspDependencyCheck.java
@@ -2,6 +2,7 @@
 
 import static com.sap.oss.phosphor.fosstars.model.Subject.cast;
 import static com.sap.oss.phosphor.fosstars.model.feature.oss.OssFeatures.VULNERABILITIES_IN_ARTIFACT;
+import static com.sap.oss.phosphor.fosstars.model.other.Utils.delete;
 import static com.sap.oss.phosphor.fosstars.model.other.Utils.setOf;
 
 import com.sap.oss.phosphor.fosstars.data.DataProvider;
@@ -78,6 +79,16 @@ public class VulnerabilitiesFromOwaspDependencyCheck implements DataProvider {
    */
   private static final String REPORT_DIR = String.format("%s/reports", DEFAULT_DOWNLOAD_DIRECTORY);
 
+  /**
+   * The directory to save OWASP Dependency-Check temporary files.
+   */
+  private static final String TEMP_DIR = String.format("%s/tmp", DEFAULT_DOWNLOAD_DIRECTORY);
+
+  /**
+   * The directory to save OWASP Dependency-Check DB file.
+   */
+  private static final String DB_DIR = String.format("%s/db", DEFAULT_DOWNLOAD_DIRECTORY);
+
   /**
    * The Dependency-Check report file type.
    */
@@ -100,6 +111,8 @@ public class VulnerabilitiesFromOwaspDependencyCheck implements DataProvider {
   public VulnerabilitiesFromOwaspDependencyCheck() {
     settings = new Settings();
     settings.setString(Settings.KEYS.DATA_DIRECTORY, DEFAULT_DOWNLOAD_DIRECTORY);
+    settings.setString(Settings.KEYS.TEMP_DIRECTORY, TEMP_DIR);
+    settings.setString(Settings.KEYS.H2_DATA_DIRECTORY, DB_DIR);
   }
 
   /**
@@ -245,6 +258,8 @@ Optional<OwaspDependencyCheckEntry> scan(MavenArtifact artifact) throws IOExcept
       try (Engine engine = new Engine(settings)) {
         analyze(engine, filePath.get().toFile(), exceptionCollection);
         return process(engine, filePath.get().toFile().getName(), exceptionCollection);
+      } finally {
+        delete(TEMP_DIR, JAR_DIR, REPORT_DIR);
       }
     }
     return Optional.empty();

diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesSnyk.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesSnyk.java
@@ -103,4 +103,4 @@ private boolean hasSnykPolicy(LocalRepository repository) throws IOException {
     List<Path> snykPolicyFilePaths = repository.files(SNYK_FILE_PREDICATE);
     return !snykPolicyFilePaths.isEmpty();
   }
-}
+}
diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/other/Utils.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/other/Utils.java
@@ -3,6 +3,8 @@
 import com.sap.oss.phosphor.fosstars.model.Feature;
 import com.sap.oss.phosphor.fosstars.model.Value;
 import com.sap.oss.phosphor.fosstars.model.value.UnknownValue;
+import java.io.File;
+import java.io.IOException;
 import java.text.DateFormat;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
@@ -15,6 +17,7 @@
 import java.util.Objects;
 import java.util.Optional;
 import java.util.Set;
+import org.apache.commons.io.FileUtils;
 
 public class Utils {
 
@@ -185,4 +188,16 @@ public static Date date(String string) {
         "Couldn't parse date '%s'", string));
   }
 
+
+  /**
+   * Force delete list of folders.
+   *
+   * @param paths list of directory paths tp delete.
+   * @throws IOException If something goes wrong.
+   */
+  public static void delete(String... paths) throws IOException {
+    for (String path : paths) {
+      FileUtils.forceDeleteOnExit(new File(path));
+    }
+  }
 }
-Original file line number
+Diff line change
@@ Expand Up @@
         List<Path> snykPolicyFilePaths = repository.files(SNYK_FILE_PREDICATE);
         return !snykPolicyFilePaths.isEmpty();
       }
-    }
+    }