From 7b82df493fc258331924d5d450040cd12f05ac3b Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sun, 10 Dec 2023 05:51:05 -0500
Subject: [PATCH] fix: use BIT for Oracle DB instead of Boolean (#6264)

---
 .../dependencycheck/data/nvdcve/CveDB.java    | 25 +++++++++++++++----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
index 06dcf832a57..6d2734226e2 100644
--- a/core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
+++ b/core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
@@ -978,10 +978,19 @@ private int updateOrInsertVulnerability(DefCveItem cve, String description) {
                 callUpdate.setNull(4, java.sql.Types.DOUBLE);
                 callUpdate.setNull(5, java.sql.Types.DOUBLE);
                 callUpdate.setNull(6, java.sql.Types.VARCHAR);
-                callUpdate.setNull(7, java.sql.Types.BOOLEAN);
-                callUpdate.setNull(8, java.sql.Types.BOOLEAN);
-                callUpdate.setNull(9, java.sql.Types.BOOLEAN);
-                callUpdate.setNull(10, java.sql.Types.BOOLEAN);
+                //TODO this is may also be an issue for MS SQL, if an issue is created we'll just need
+                // to create an isMsSQL flag. See todo below in setUpdateColum
+                if (isOracle) {
+                    callUpdate.setNull(7, java.sql.Types.BIT);
+                    callUpdate.setNull(8, java.sql.Types.BIT);
+                    callUpdate.setNull(9, java.sql.Types.BIT);
+                    callUpdate.setNull(10, java.sql.Types.BIT);
+                } else {
+                    callUpdate.setNull(7, java.sql.Types.BOOLEAN);
+                    callUpdate.setNull(8, java.sql.Types.BOOLEAN);
+                    callUpdate.setNull(9, java.sql.Types.BOOLEAN);
+                    callUpdate.setNull(10, java.sql.Types.BOOLEAN);
+                }
                 callUpdate.setNull(11, java.sql.Types.DOUBLE);
                 callUpdate.setNull(12, java.sql.Types.VARCHAR);
                 callUpdate.setNull(13, java.sql.Types.VARCHAR);
@@ -1649,7 +1658,13 @@ private void setUpdateColumn(PreparedStatement ps, int i, String value) throws S
 
     private void setUpdateColumn(PreparedStatement ps, int i, Boolean value) throws SQLException {
         if (value == null) {
-            ps.setNull(i, java.sql.Types.BOOLEAN);
+            //TODO this is may also be an issue for MS SQL, if an issue is created we'll just need
+            // to create an isMsSQL flag. See todo above in updateOrInsertVulnerability.
+            if (isOracle) {
+                ps.setNull(i, java.sql.Types.BIT);
+            } else {
+                ps.setNull(i, java.sql.Types.BOOLEAN);
+            }
         } else {
             ps.setBoolean(i, value);
         }