diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/artifact/VulnerabilitiesFromOwaspDependencyCheck.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/artifact/VulnerabilitiesFromOwaspDependencyCheck.java index 0206c5586..e4d3ddd45 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/artifact/VulnerabilitiesFromOwaspDependencyCheck.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/artifact/VulnerabilitiesFromOwaspDependencyCheck.java @@ -2,6 +2,7 @@ import static com.sap.oss.phosphor.fosstars.model.Subject.cast; import static com.sap.oss.phosphor.fosstars.model.feature.oss.OssFeatures.VULNERABILITIES_IN_ARTIFACT; +import static com.sap.oss.phosphor.fosstars.model.other.Utils.delete; import static com.sap.oss.phosphor.fosstars.model.other.Utils.setOf; import com.sap.oss.phosphor.fosstars.data.DataProvider; @@ -78,6 +79,16 @@ public class VulnerabilitiesFromOwaspDependencyCheck implements DataProvider { */ private static final String REPORT_DIR = String.format("%s/reports", DEFAULT_DOWNLOAD_DIRECTORY); + /** + * The directory to save OWASP Dependency-Check temporary files. + */ + private static final String TEMP_DIR = String.format("%s/tmp", DEFAULT_DOWNLOAD_DIRECTORY); + + /** + * The directory to save OWASP Dependency-Check DB file. + */ + private static final String DB_DIR = String.format("%s/db", DEFAULT_DOWNLOAD_DIRECTORY); + /** * The Dependency-Check report file type. */ @@ -100,6 +111,8 @@ public class VulnerabilitiesFromOwaspDependencyCheck implements DataProvider { public VulnerabilitiesFromOwaspDependencyCheck() { settings = new Settings(); settings.setString(Settings.KEYS.DATA_DIRECTORY, DEFAULT_DOWNLOAD_DIRECTORY); + settings.setString(Settings.KEYS.TEMP_DIRECTORY, TEMP_DIR); + settings.setString(Settings.KEYS.H2_DATA_DIRECTORY, DB_DIR); } /** @@ -245,6 +258,8 @@ Optional scan(MavenArtifact artifact) throws IOExcept try (Engine engine = new Engine(settings)) { analyze(engine, filePath.get().toFile(), exceptionCollection); return process(engine, filePath.get().toFile().getName(), exceptionCollection); + } finally { + delete(TEMP_DIR, JAR_DIR, REPORT_DIR); } } return Optional.empty(); diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesSnyk.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesSnyk.java index 8f79c5879..98f8fb85d 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesSnyk.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesSnyk.java @@ -103,4 +103,4 @@ private boolean hasSnykPolicy(LocalRepository repository) throws IOException { List snykPolicyFilePaths = repository.files(SNYK_FILE_PREDICATE); return !snykPolicyFilePaths.isEmpty(); } -} \ No newline at end of file +} diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/other/Utils.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/other/Utils.java index 566c4636e..774b09629 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/other/Utils.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/other/Utils.java @@ -3,6 +3,8 @@ import com.sap.oss.phosphor.fosstars.model.Feature; import com.sap.oss.phosphor.fosstars.model.Value; import com.sap.oss.phosphor.fosstars.model.value.UnknownValue; +import java.io.File; +import java.io.IOException; import java.text.DateFormat; import java.text.ParseException; import java.text.SimpleDateFormat; @@ -15,6 +17,7 @@ import java.util.Objects; import java.util.Optional; import java.util.Set; +import org.apache.commons.io.FileUtils; public class Utils { @@ -185,4 +188,16 @@ public static Date date(String string) { "Couldn't parse date '%s'", string)); } + + /** + * Force delete list of folders. + * + * @param paths list of directory paths tp delete. + * @throws IOException If something goes wrong. + */ + public static void delete(String... paths) throws IOException { + for (String path : paths) { + FileUtils.forceDeleteOnExit(new File(path)); + } + } }