Merge branch 'master' into swift_support

2026-01-18 01:27:11 +01:00 · 2016-08-12 16:35:12 -04:00
parent 2fa8507d69 8cd377b99f
commit 0164feffcc
53 changed files with 1778 additions and 536 deletions
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineIntegrationTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineIntegrationTest.java
@@ -17,12 +17,19 @@
 */
 package org.owasp.dependencycheck;

+import java.io.IOException;
+import java.util.logging.Level;
+import java.util.logging.Logger;
 import static org.junit.Assert.assertTrue;

 import org.junit.Test;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
+import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
+import org.owasp.dependencycheck.exception.ExceptionCollection;
+import org.owasp.dependencycheck.exception.ReportException;
 import org.owasp.dependencycheck.reporting.ReportGenerator;
+import org.owasp.dependencycheck.utils.InvalidSettingException;
 import org.owasp.dependencycheck.utils.Settings;

 /**
@@ -34,10 +41,14 @@ public class EngineIntegrationTest extends BaseDBTestCase {
    /**
     * Test running the entire engine.
     *
-     * @throws Exception is thrown when an exception occurs.
+     * @throws java.io.IOException
+     * @throws org.owasp.dependencycheck.utils.InvalidSettingException
+     * @throws org.owasp.dependencycheck.data.nvdcve.DatabaseException
+     * @throws org.owasp.dependencycheck.exception.ReportException
+     * @throws org.owasp.dependencycheck.exception.ExceptionCollection
     */
    @Test
-    public void testEngine() throws Exception {
+    public void testEngine() throws IOException, InvalidSettingException, DatabaseException, ReportException, ExceptionCollection {
        String testClasses = "target/test-classes";
        boolean autoUpdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE);
        Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
@@ -45,7 +56,23 @@ public class EngineIntegrationTest extends BaseDBTestCase {
        Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
        instance.scan(testClasses);
        assertTrue(instance.getDependencies().size() > 0);
-        instance.analyzeDependencies();
+        try {
+            instance.analyzeDependencies();
+        } catch (ExceptionCollection ex) {
+            if (ex.getExceptions().size()==1 &&
+                    (ex.getExceptions().get(0).getMessage().contains("bundle-audit") ||
+                    ex.getExceptions().get(0).getMessage().contains("AssemblyAnalyzer"))) {
+                //this is fine to ignore
+            } else if (ex.getExceptions().size()==2 &&
+                    ((ex.getExceptions().get(0).getMessage().contains("bundle-audit") &&
+                    ex.getExceptions().get(1).getMessage().contains("AssemblyAnalyzer")) ||
+                    (ex.getExceptions().get(1).getMessage().contains("bundle-audit") &&
+                    ex.getExceptions().get(0).getMessage().contains("AssemblyAnalyzer")))) {
+                //this is fine to ignore
+            } else {
+                throw ex;
+            }
+        }
        CveDB cveDB = new CveDB();
        cveDB.open();
        DatabaseProperties dbProp = cveDB.getDatabaseProperties();
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java
@@ -26,6 +26,7 @@ import java.io.File;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
+import java.util.logging.Level;

 import org.junit.After;
 import org.junit.Assume;
@@ -40,6 +41,7 @@ import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.dependency.Evidence;
 import org.owasp.dependencycheck.dependency.Identifier;
 import org.owasp.dependencycheck.dependency.Vulnerability;
+import org.owasp.dependencycheck.exception.ExceptionCollection;
 import org.owasp.dependencycheck.utils.Settings;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -175,6 +177,7 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
     * Test Ruby dependencies and their paths.
     *
     * @throws AnalysisException is thrown when an exception occurs.
+     * @throws DatabaseException thrown when an exception occurs
     */
    @Test
    public void testDependenciesPath() throws AnalysisException, DatabaseException {
@@ -186,6 +189,8 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
        } catch (NullPointerException ex) {
            LOGGER.error("NPE", ex);
            throw ex;
+        } catch (ExceptionCollection ex) {
+            Assume.assumeNoException("Exception setting up RubyBundleAuditAnalyzer; bundle audit may not be installed, or property \"analyzer.bundle.audit.path\" may not be set.", ex);
        }
        List<Dependency> dependencies = engine.getDependencies();
        LOGGER.info(dependencies.size() + " dependencies found.");