Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

External database configuration should not require specification of a Database Driver class #6937

Closed
aikebah opened this issue Aug 31, 2024 · 0 comments · Fixed by #6938
Closed

External database configuration should not require specification of a Database Driver class #6937

aikebah opened this issue Aug 31, 2024 · 0 comments · Fixed by #6938
Assignees
@aikebah
Labels
enhancement
Milestone
11.0.0

Comments

@aikebah
Copy link
Collaborator

aikebah commented Aug 31, 2024

Is your feature request related to a problem? Please describe.
In order to specify an external non-H2 database it is currently required to specify the dbDriver as the initial configuration already sets it to the H2 driver.

With JDBC 4.0 (introduced by Java 6) loading the dbDriver explicitly is no longer required, a proper connection-url suffices as long as the dbDriver is on the classpath.

When currently configuring the maven plugin with only an external connectionUrl, user and password the result is an error as the connection-url for postgres is not supported by the H2 driver which still gets activated as the driver to use because of this default configuration.

Describe the solution you'd like
We should assume that by now every dbDriver will be compliant with at least the ServiceLoader paradigm introduced by JDBC v4 in the JDBC specification. As JDBC4 does not require explicit driver loading before use it should suffice to specify the connectionString (and user credentials) in order to use an external database other than H2.

In addition to not requiring explicit driver class specification the software should not manually register and deregister the driver (legacy JDBC 3 behavior) by default for JDBC4 database drivers.

The existing explicit driver registration itself should remain an option for users that for some reason cannot put the databasedriver on the classpath (as in that case JDBC 4 ServiceLoader will not be able to auto-discover the driver and explicit loading with a custom classloader would be required) or wants to use an external database for which the drivers are not compliant with the JDBC 4 ServiceLoader mechanism.

Enabling JDBCv4 ServiceLoader based auto-configuration requires the dbDriver to be unset by default and only set when explicitly configured by the user.

Describe alternatives you've considered
Leave the configuration as is and always require specification of the driver classname in addition to the connection-url which means DependencyCheck will always use the legacy method of JDBC driver explicit registration.

Additional context

Extract from the mvn verify -Ppostgres -X output on a trial-project:

[DEBUG] Properties updated via merge:

<...>
data.connection_string='jdbc:h2:file:%s;AUTOCOMMIT=ON;CACHE_SIZE=65536;RETENTION_TIME=1000;MAX_COMPACT_TIME=10000;'
<...>
data.user='dcuser'
<...>
data.file_name='odc.mv.db'
<...>
data.driver_name='org.h2.Driver'
<...>
data.password='********'
<...>
analyzer.nugetconf.enabled='true'

[DEBUG] Setting: odc.maven.local.repo='/Users/aikebah/.m2/repository'
[DEBUG] Setting: suppression.file='["filter.xml"]'
[DEBUG] Setting: updater.versioncheck.enabled='true'
[DEBUG] Setting: junit.fail.on.cvss='0.0'
[DEBUG] Setting: analyzer.central.enabled='true'
[DEBUG] Setting: analyzer.artifactory.parallel.analysis='true'
[DEBUG] Setting: data.connection_string='jdbc:postgresql://localhost:5432/dependencycheck'
[DEBUG] Setting: data.user='dcuser'
[DEBUG] Setting: data.password='********'
[DEBUG] Setting: nvd.api.key='********'
<...>
[DEBUG] Scanning fileSet: /Users/aikebah/Projects/DCTrial/src/main/resources
[DEBUG] Scanning fileSet: /Users/aikebah/Projects/DCTrial/src/main/filters
[DEBUG] Scanning fileSet: /Users/aikebah/Projects/DCTrial/src/main/webapp
[DEBUG] Scanning fileSet: /Users/aikebah/Projects/DCTrial
[DEBUG] Loading driver 'org.h2.Driver'
[DEBUG] Loading database connection
[DEBUG] Connection String: jdbc:postgresql://localhost:5432/dependencycheck
[DEBUG] Database User: dcuser
[DEBUG] Database product: postgresql
[DEBUG] DC Schema: 5.5
<...>
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:10.0.3:check (default) on project dctrial: Execution default of goal org.owasp:dependency-check-maven:10.0.3:check failed: Connection factory returned null from createConnection -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.owasp:dependency-check-maven:10.0.3:check (default) on project dctrial: Execution default of goal org.owasp:dependency-check-maven:10.0.3:check failed: Connection factory returned null from createConnection
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aikebah aikebah

Labels
enhancement
Projects
None yet
Milestone
11.0.0
1 participant
@aikebah