mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-18 09:37:38 +01:00
changes to resolve issues with multiple connections to the embedded H2 database
This commit is contained in:
Jeremy Long
@@ -48,35 +48,34 @@ public class EngineIT extends BaseDBTestCase {
|
||||
@Test
|
||||
public void testEngine() throws IOException, InvalidSettingException, DatabaseException, ReportException, ExceptionCollection {
|
||||
String testClasses = "target/test-classes";
|
||||
boolean autoUpdate = getSettings().getBoolean(Settings.KEYS.AUTO_UPDATE);
|
||||
getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, false);
|
||||
Engine instance = new Engine(getSettings());
|
||||
getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
|
||||
instance.scan(testClasses);
|
||||
assertTrue(instance.getDependencies().length > 0);
|
||||
try {
|
||||
instance.analyzeDependencies();
|
||||
} catch (ExceptionCollection ex) {
|
||||
Set<String> allowedMessages = new HashSet<>();
|
||||
allowedMessages.add("bundle-audit");
|
||||
allowedMessages.add("AssemblyAnalyzer");
|
||||
//allowedMessages.add("Unable to connect to");
|
||||
for (Throwable t : ex.getExceptions()) {
|
||||
boolean isOk = false;
|
||||
if (t.getMessage() != null) {
|
||||
for (String msg : allowedMessages) {
|
||||
if (t.getMessage().contains(msg)) {
|
||||
isOk = true;
|
||||
break;
|
||||
try (Engine instance = new Engine(getSettings())) {
|
||||
instance.scan(testClasses);
|
||||
assertTrue(instance.getDependencies().length > 0);
|
||||
try {
|
||||
instance.analyzeDependencies();
|
||||
} catch (ExceptionCollection ex) {
|
||||
Set<String> allowedMessages = new HashSet<>();
|
||||
allowedMessages.add("bundle-audit");
|
||||
allowedMessages.add("AssemblyAnalyzer");
|
||||
//allowedMessages.add("Unable to connect to");
|
||||
for (Throwable t : ex.getExceptions()) {
|
||||
boolean isOk = false;
|
||||
if (t.getMessage() != null) {
|
||||
for (String msg : allowedMessages) {
|
||||
if (t.getMessage().contains(msg)) {
|
||||
isOk = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!isOk) {
|
||||
throw ex;
|
||||
if (!isOk) {
|
||||
throw ex;
|
||||
}
|
||||
}
|
||||
}
|
||||
instance.writeReports("dependency-check sample", new File("./target/"), "ALL");
|
||||
instance.close();
|
||||
}
|
||||
instance.writeReports("dependency-check sample", new File("./target/"), "ALL");
|
||||
instance.close();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -54,46 +54,49 @@ public class EngineTest extends BaseDBTestCase {
|
||||
*/
|
||||
@Test
|
||||
public void testScanFile() throws DatabaseException {
|
||||
Engine instance = new Engine(getSettings());
|
||||
instance.addFileTypeAnalyzer(new JarAnalyzer());
|
||||
File file = BaseTest.getResourceAsFile(this, "dwr.jar");
|
||||
Dependency dwr = instance.scanFile(file);
|
||||
file = BaseTest.getResourceAsFile(this, "org.mortbay.jmx.jar");
|
||||
instance.scanFile(file);
|
||||
assertEquals(2, instance.getDependencies().length);
|
||||
try (Engine instance = new Engine(getSettings())) {
|
||||
instance.addFileTypeAnalyzer(new JarAnalyzer());
|
||||
File file = BaseTest.getResourceAsFile(this, "dwr.jar");
|
||||
Dependency dwr = instance.scanFile(file);
|
||||
file = BaseTest.getResourceAsFile(this, "org.mortbay.jmx.jar");
|
||||
instance.scanFile(file);
|
||||
assertEquals(2, instance.getDependencies().length);
|
||||
|
||||
file = BaseTest.getResourceAsFile(this, "dwr.jar");
|
||||
Dependency secondDwr = instance.scanFile(file);
|
||||
file = BaseTest.getResourceAsFile(this, "dwr.jar");
|
||||
Dependency secondDwr = instance.scanFile(file);
|
||||
|
||||
assertEquals(2, instance.getDependencies().length);
|
||||
assertEquals(dwr, secondDwr);
|
||||
assertEquals(2, instance.getDependencies().length);
|
||||
assertEquals(dwr, secondDwr);
|
||||
}
|
||||
}
|
||||
|
||||
@Test(expected = ExceptionCollection.class)
|
||||
public void exceptionDuringAnalysisTaskExecutionIsFatal() throws DatabaseException, ExceptionCollection {
|
||||
final ExecutorService executorService = Executors.newFixedThreadPool(3);
|
||||
final Engine instance = new Engine(getSettings());
|
||||
final List<Throwable> exceptions = new ArrayList<>();
|
||||
|
||||
new Expectations() {
|
||||
{
|
||||
analysisTask.call();
|
||||
result = new IllegalStateException("Analysis task execution threw an exception");
|
||||
}
|
||||
};
|
||||
try (Engine instance = new Engine(getSettings())) {
|
||||
final ExecutorService executorService = Executors.newFixedThreadPool(3);
|
||||
final List<Throwable> exceptions = new ArrayList<>();
|
||||
|
||||
final List<AnalysisTask> failingAnalysisTask = new ArrayList<>();
|
||||
failingAnalysisTask.add(analysisTask);
|
||||
new Expectations() {
|
||||
{
|
||||
analysisTask.call();
|
||||
result = new IllegalStateException("Analysis task execution threw an exception");
|
||||
}
|
||||
};
|
||||
|
||||
new Expectations(instance) {
|
||||
{
|
||||
instance.getExecutorService(analyzer);
|
||||
result = executorService;
|
||||
instance.getAnalysisTasks(analyzer, exceptions);
|
||||
result = failingAnalysisTask;
|
||||
}
|
||||
};
|
||||
instance.executeAnalysisTasks(analyzer, exceptions);
|
||||
assertTrue(executorService.isShutdown());
|
||||
final List<AnalysisTask> failingAnalysisTask = new ArrayList<>();
|
||||
failingAnalysisTask.add(analysisTask);
|
||||
|
||||
new Expectations(instance) {
|
||||
{
|
||||
instance.getExecutorService(analyzer);
|
||||
result = executorService;
|
||||
instance.getAnalysisTasks(analyzer, exceptions);
|
||||
result = failingAnalysisTask;
|
||||
}
|
||||
};
|
||||
instance.executeAnalysisTasks(analyzer, exceptions);
|
||||
assertTrue(executorService.isShutdown());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -128,12 +128,11 @@ public class ArchiveAnalyzerIT extends BaseDBTestCase {
|
||||
instance.initialize(getSettings());
|
||||
//trick the analyzer into thinking it is active.
|
||||
instance.accept(new File("test.ear"));
|
||||
try {
|
||||
try (Engine engine = new Engine(getSettings())) {
|
||||
getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, false);
|
||||
getSettings().setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
|
||||
getSettings().setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
|
||||
Engine engine = new Engine(getSettings());
|
||||
|
||||
|
||||
instance.prepare(engine);
|
||||
File file = BaseTest.getResourceAsFile(this, "daytrader-ear-2.1.7.ear");
|
||||
Dependency dependency = new Dependency(file);
|
||||
@@ -141,11 +140,7 @@ public class ArchiveAnalyzerIT extends BaseDBTestCase {
|
||||
int initial_size = engine.getDependencies().length;
|
||||
instance.analyze(dependency, engine);
|
||||
int ending_size = engine.getDependencies().length;
|
||||
|
||||
engine.close();
|
||||
|
||||
assertTrue(initial_size < ending_size);
|
||||
|
||||
} finally {
|
||||
instance.close();
|
||||
}
|
||||
@@ -160,21 +155,17 @@ public class ArchiveAnalyzerIT extends BaseDBTestCase {
|
||||
instance.initialize(getSettings());
|
||||
//trick the analyzer into thinking it is active.
|
||||
instance.accept(new File("test.ear"));
|
||||
try {
|
||||
try (Engine engine = new Engine(getSettings())) {
|
||||
instance.prepare(null);
|
||||
File file = BaseTest.getResourceAsFile(this, "bootable-0.1.0.jar");
|
||||
Dependency dependency = new Dependency(file);
|
||||
getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, false);
|
||||
getSettings().setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
|
||||
getSettings().setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
|
||||
Engine engine = new Engine(getSettings());
|
||||
|
||||
|
||||
int initial_size = engine.getDependencies().length;
|
||||
instance.analyze(dependency, engine);
|
||||
int ending_size = engine.getDependencies().length;
|
||||
|
||||
engine.close();
|
||||
|
||||
assertTrue(initial_size < ending_size);
|
||||
|
||||
} finally {
|
||||
@@ -191,7 +182,7 @@ public class ArchiveAnalyzerIT extends BaseDBTestCase {
|
||||
instance.initialize(getSettings());
|
||||
//trick the analyzer into thinking it is active so that it will prepare
|
||||
instance.accept(new File("test.tar"));
|
||||
try {
|
||||
try (Engine engine = new Engine(getSettings())) {
|
||||
instance.prepare(null);
|
||||
|
||||
//File file = new File(this.getClass().getClassLoader().getResource("file.tar").getPath());
|
||||
@@ -201,15 +192,11 @@ public class ArchiveAnalyzerIT extends BaseDBTestCase {
|
||||
getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, false);
|
||||
getSettings().setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
|
||||
getSettings().setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
|
||||
Engine engine = new Engine(getSettings());
|
||||
|
||||
|
||||
int initial_size = engine.getDependencies().length;
|
||||
instance.analyze(dependency, engine);
|
||||
int ending_size = engine.getDependencies().length;
|
||||
engine.close();
|
||||
|
||||
assertTrue(initial_size < ending_size);
|
||||
|
||||
} finally {
|
||||
instance.close();
|
||||
}
|
||||
@@ -223,7 +210,7 @@ public class ArchiveAnalyzerIT extends BaseDBTestCase {
|
||||
ArchiveAnalyzer instance = new ArchiveAnalyzer();
|
||||
instance.initialize(getSettings());
|
||||
instance.accept(new File("zip")); //ensure analyzer is "enabled"
|
||||
try {
|
||||
try (Engine engine = new Engine(getSettings())) {
|
||||
instance.prepare(null);
|
||||
|
||||
//File file = new File(this.getClass().getClassLoader().getResource("file.tar.gz").getPath());
|
||||
@@ -232,14 +219,12 @@ public class ArchiveAnalyzerIT extends BaseDBTestCase {
|
||||
getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, false);
|
||||
getSettings().setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
|
||||
getSettings().setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
|
||||
Engine engine = new Engine(getSettings());
|
||||
|
||||
|
||||
int initial_size = engine.getDependencies().length;
|
||||
//instance.analyze(dependency, engine);
|
||||
engine.scan(file);
|
||||
engine.analyzeDependencies();
|
||||
int ending_size = engine.getDependencies().length;
|
||||
engine.close();
|
||||
assertTrue(initial_size < ending_size);
|
||||
|
||||
} finally {
|
||||
@@ -255,18 +240,16 @@ public class ArchiveAnalyzerIT extends BaseDBTestCase {
|
||||
ArchiveAnalyzer instance = new ArchiveAnalyzer();
|
||||
instance.initialize(getSettings());
|
||||
instance.accept(new File("zip")); //ensure analyzer is "enabled"
|
||||
try {
|
||||
try (Engine engine = new Engine(getSettings())){
|
||||
instance.prepare(null);
|
||||
File file = BaseTest.getResourceAsFile(this, "file.tar.bz2");
|
||||
getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, false);
|
||||
getSettings().setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
|
||||
getSettings().setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
|
||||
Engine engine = new Engine(getSettings());
|
||||
int initial_size = engine.getDependencies().length;
|
||||
engine.scan(file);
|
||||
engine.analyzeDependencies();
|
||||
int ending_size = engine.getDependencies().length;
|
||||
engine.close();
|
||||
assertTrue(initial_size < ending_size);
|
||||
} finally {
|
||||
instance.close();
|
||||
@@ -281,7 +264,7 @@ public class ArchiveAnalyzerIT extends BaseDBTestCase {
|
||||
ArchiveAnalyzer instance = new ArchiveAnalyzer();
|
||||
instance.initialize(getSettings());
|
||||
instance.accept(new File("zip")); //ensure analyzer is "enabled"
|
||||
try {
|
||||
try (Engine engine = new Engine(getSettings())) {
|
||||
instance.prepare(null);
|
||||
|
||||
//File file = new File(this.getClass().getClassLoader().getResource("file.tgz").getPath());
|
||||
@@ -289,13 +272,10 @@ public class ArchiveAnalyzerIT extends BaseDBTestCase {
|
||||
getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, false);
|
||||
getSettings().setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
|
||||
getSettings().setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
|
||||
Engine engine = new Engine(getSettings());
|
||||
|
||||
int initial_size = engine.getDependencies().length;
|
||||
engine.scan(file);
|
||||
engine.analyzeDependencies();
|
||||
int ending_size = engine.getDependencies().length;
|
||||
engine.close();
|
||||
assertTrue(initial_size < ending_size);
|
||||
|
||||
} finally {
|
||||
@@ -311,18 +291,16 @@ public class ArchiveAnalyzerIT extends BaseDBTestCase {
|
||||
ArchiveAnalyzer instance = new ArchiveAnalyzer();
|
||||
instance.initialize(getSettings());
|
||||
instance.accept(new File("zip")); //ensure analyzer is "enabled"
|
||||
try {
|
||||
try (Engine engine = new Engine(getSettings())) {
|
||||
instance.prepare(null);
|
||||
File file = BaseTest.getResourceAsFile(this, "file.tbz2");
|
||||
getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, false);
|
||||
getSettings().setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
|
||||
getSettings().setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
|
||||
Engine engine = new Engine(getSettings());
|
||||
int initial_size = engine.getDependencies().length;
|
||||
engine.scan(file);
|
||||
engine.analyzeDependencies();
|
||||
int ending_size = engine.getDependencies().length;
|
||||
engine.close();
|
||||
assertTrue(initial_size < ending_size);
|
||||
} finally {
|
||||
instance.close();
|
||||
@@ -336,7 +314,7 @@ public class ArchiveAnalyzerIT extends BaseDBTestCase {
|
||||
public void testAnalyze_badZip() throws Exception {
|
||||
ArchiveAnalyzer instance = new ArchiveAnalyzer();
|
||||
instance.initialize(getSettings());
|
||||
try {
|
||||
try (Engine engine = new Engine(getSettings())) {
|
||||
instance.prepare(null);
|
||||
|
||||
//File file = new File(this.getClass().getClassLoader().getResource("test.zip").getPath());
|
||||
@@ -345,7 +323,6 @@ public class ArchiveAnalyzerIT extends BaseDBTestCase {
|
||||
getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, false);
|
||||
getSettings().setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
|
||||
getSettings().setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
|
||||
Engine engine = new Engine(getSettings());
|
||||
int initial_size = engine.getDependencies().length;
|
||||
// boolean failed = false;
|
||||
// try {
|
||||
@@ -355,7 +332,6 @@ public class ArchiveAnalyzerIT extends BaseDBTestCase {
|
||||
// }
|
||||
// assertTrue(failed);
|
||||
int ending_size = engine.getDependencies().length;
|
||||
engine.close();
|
||||
assertEquals(initial_size, ending_size);
|
||||
} finally {
|
||||
instance.close();
|
||||
|
||||
@@ -154,19 +154,21 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
|
||||
*/
|
||||
@Test
|
||||
public void testAnalyzeCMakeListsOpenCV3rdParty() throws AnalysisException, DatabaseException {
|
||||
final Dependency result = new Dependency(BaseTest.getResourceAsFile(
|
||||
this, "cmake/opencv/3rdparty/ffmpeg/ffmpeg_version.cmake"));
|
||||
final Engine engine = new Engine(getSettings());
|
||||
analyzer.analyze(result, engine);
|
||||
assertProductEvidence(result, "libavcodec");
|
||||
assertVersionEvidence(result, "55.18.102");
|
||||
assertFalse("ALIASOF_ prefix shouldn't be present.",
|
||||
Pattern.compile("\\bALIASOF_\\w+").matcher(result.getEvidence(EvidenceType.PRODUCT).toString()).find());
|
||||
final Dependency[] dependencies = engine.getDependencies();
|
||||
assertEquals("Number of additional dependencies should be 4.", 4, dependencies.length);
|
||||
final Dependency last = dependencies[3];
|
||||
assertProductEvidence(last, "libavresample");
|
||||
assertVersionEvidence(last, "1.0.1");
|
||||
try (Engine engine = new Engine(getSettings())) {
|
||||
final Dependency result = new Dependency(BaseTest.getResourceAsFile(
|
||||
this, "cmake/opencv/3rdparty/ffmpeg/ffmpeg_version.cmake"));
|
||||
|
||||
analyzer.analyze(result, engine);
|
||||
assertProductEvidence(result, "libavcodec");
|
||||
assertVersionEvidence(result, "55.18.102");
|
||||
assertFalse("ALIASOF_ prefix shouldn't be present.",
|
||||
Pattern.compile("\\bALIASOF_\\w+").matcher(result.getEvidence(EvidenceType.PRODUCT).toString()).find());
|
||||
final Dependency[] dependencies = engine.getDependencies();
|
||||
assertEquals("Number of additional dependencies should be 4.", 4, dependencies.length);
|
||||
final Dependency last = dependencies[3];
|
||||
assertProductEvidence(last, "libavresample");
|
||||
assertVersionEvidence(last, "1.0.1");
|
||||
}
|
||||
}
|
||||
|
||||
private void assertVersionEvidence(Dependency result, String version) {
|
||||
|
||||
@@ -84,12 +84,11 @@ public class CPEAnalyzerIT extends BaseDBTestCase {
|
||||
*/
|
||||
@Test
|
||||
public void testDetermineCPE_full() throws Exception {
|
||||
//update needs to be performed so that xtream can be tested
|
||||
Engine e = new Engine(getSettings());
|
||||
e.doUpdates();
|
||||
|
||||
CPEAnalyzer cpeAnalyzer = new CPEAnalyzer();
|
||||
try {
|
||||
try (Engine e = new Engine(getSettings())) {
|
||||
//update needs to be performed so that xtream can be tested
|
||||
e.doUpdates(true);
|
||||
|
||||
cpeAnalyzer.initialize(getSettings());
|
||||
cpeAnalyzer.prepare(e);
|
||||
FileNameAnalyzer fnAnalyzer = new FileNameAnalyzer();
|
||||
@@ -113,7 +112,6 @@ public class CPEAnalyzerIT extends BaseDBTestCase {
|
||||
callDetermineCPE_full("jaxb-xercesImpl-1.5.jar", null, cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
|
||||
callDetermineCPE_full("ehcache-core-2.2.0.jar", null, cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
|
||||
callDetermineCPE_full("xstream-1.4.8.jar", "cpe:/a:x-stream:xstream:1.4.8", cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
|
||||
|
||||
} finally {
|
||||
cpeAnalyzer.close();
|
||||
}
|
||||
@@ -124,7 +122,8 @@ public class CPEAnalyzerIT extends BaseDBTestCase {
|
||||
*
|
||||
* @throws Exception is thrown when an exception occurs
|
||||
*/
|
||||
public void callDetermineCPE_full(String depName, String expResult, CPEAnalyzer cpeAnalyzer, FileNameAnalyzer fnAnalyzer, JarAnalyzer jarAnalyzer, HintAnalyzer hAnalyzer, FalsePositiveAnalyzer fp) throws Exception {
|
||||
public void callDetermineCPE_full(String depName, String expResult, CPEAnalyzer cpeAnalyzer, FileNameAnalyzer fnAnalyzer,
|
||||
JarAnalyzer jarAnalyzer, HintAnalyzer hAnalyzer, FalsePositiveAnalyzer fp) throws Exception {
|
||||
|
||||
//File file = new File(this.getClass().getClassLoader().getResource(depName).getPath());
|
||||
File file = BaseTest.getResourceAsFile(this, depName);
|
||||
@@ -197,35 +196,35 @@ public class CPEAnalyzerIT extends BaseDBTestCase {
|
||||
hintAnalyzer.analyze(spring3, null);
|
||||
|
||||
CPEAnalyzer instance = new CPEAnalyzer();
|
||||
Engine engine = new Engine(getSettings());
|
||||
engine.openDatabase();
|
||||
instance.initialize(getSettings());
|
||||
instance.prepare(engine);
|
||||
instance.determineCPE(commonValidator);
|
||||
instance.determineCPE(struts);
|
||||
instance.determineCPE(spring);
|
||||
instance.determineCPE(spring3);
|
||||
instance.close();
|
||||
try (Engine engine = new Engine(getSettings())) {
|
||||
engine.openDatabase(true, true);
|
||||
instance.initialize(getSettings());
|
||||
instance.prepare(engine);
|
||||
instance.determineCPE(commonValidator);
|
||||
instance.determineCPE(struts);
|
||||
instance.determineCPE(spring);
|
||||
instance.determineCPE(spring3);
|
||||
instance.close();
|
||||
|
||||
String expResult = "cpe:/a:apache:struts:2.1.2";
|
||||
String expResult = "cpe:/a:apache:struts:2.1.2";
|
||||
|
||||
for (Identifier i : commonValidator.getIdentifiers()) {
|
||||
assertFalse("Apache Common Validator - found a CPE identifier?", "cpe".equals(i.getType()));
|
||||
}
|
||||
|
||||
assertTrue("Incorrect match size - struts", struts.getIdentifiers().size() >= 1);
|
||||
boolean found = false;
|
||||
for (Identifier i : struts.getIdentifiers()) {
|
||||
if (expResult.equals(i.getValue())) {
|
||||
found = true;
|
||||
break;
|
||||
for (Identifier i : commonValidator.getIdentifiers()) {
|
||||
assertFalse("Apache Common Validator - found a CPE identifier?", "cpe".equals(i.getType()));
|
||||
}
|
||||
}
|
||||
assertTrue("Incorrect match - struts", found);
|
||||
assertTrue("Incorrect match size - spring3 - " + spring3.getIdentifiers().size(), spring3.getIdentifiers().size() >= 1);
|
||||
|
||||
jarAnalyzer.close();
|
||||
engine.close();
|
||||
assertTrue("Incorrect match size - struts", struts.getIdentifiers().size() >= 1);
|
||||
boolean found = false;
|
||||
for (Identifier i : struts.getIdentifiers()) {
|
||||
if (expResult.equals(i.getValue())) {
|
||||
found = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
assertTrue("Incorrect match - struts", found);
|
||||
assertTrue("Incorrect match size - spring3 - " + spring3.getIdentifiers().size(), spring3.getIdentifiers().size() >= 1);
|
||||
|
||||
jarAnalyzer.close();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -241,13 +240,13 @@ public class CPEAnalyzerIT extends BaseDBTestCase {
|
||||
openssl.addEvidence(EvidenceType.VERSION, "test", "version", "1.0.1c", Confidence.HIGHEST);
|
||||
|
||||
CPEAnalyzer instance = new CPEAnalyzer();
|
||||
Engine engine = new Engine(getSettings());
|
||||
engine.openDatabase();
|
||||
instance.initialize(getSettings());
|
||||
instance.prepare(engine);
|
||||
instance.determineIdentifiers(openssl, "openssl", "openssl", Confidence.HIGHEST);
|
||||
instance.close();
|
||||
engine.close();
|
||||
try (Engine engine = new Engine(getSettings())) {
|
||||
engine.openDatabase(true, true);
|
||||
instance.initialize(getSettings());
|
||||
instance.prepare(engine);
|
||||
instance.determineIdentifiers(openssl, "openssl", "openssl", Confidence.HIGHEST);
|
||||
instance.close();
|
||||
}
|
||||
|
||||
String expResult = "cpe:/a:openssl:openssl:1.0.1c";
|
||||
Identifier expIdentifier = new Identifier("cpe", expResult, expResult);
|
||||
@@ -258,7 +257,6 @@ public class CPEAnalyzerIT extends BaseDBTestCase {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
assertTrue("OpenSSL identifier not found", found);
|
||||
}
|
||||
|
||||
@@ -275,23 +273,23 @@ public class CPEAnalyzerIT extends BaseDBTestCase {
|
||||
String expProduct = "struts";
|
||||
|
||||
CPEAnalyzer instance = new CPEAnalyzer();
|
||||
Engine engine = new Engine(getSettings());
|
||||
engine.openDatabase();
|
||||
instance.initialize(getSettings());
|
||||
instance.prepare(engine);
|
||||
try (Engine engine = new Engine(getSettings())) {
|
||||
engine.openDatabase(true, true);
|
||||
instance.initialize(getSettings());
|
||||
instance.prepare(engine);
|
||||
|
||||
Set<String> productWeightings = Collections.singleton("struts2");
|
||||
Set<String> vendorWeightings = Collections.singleton("apache");
|
||||
List<IndexEntry> result = instance.searchCPE(vendor, product, vendorWeightings, productWeightings);
|
||||
instance.close();
|
||||
Set<String> productWeightings = Collections.singleton("struts2");
|
||||
Set<String> vendorWeightings = Collections.singleton("apache");
|
||||
List<IndexEntry> result = instance.searchCPE(vendor, product, vendorWeightings, productWeightings);
|
||||
|
||||
boolean found = false;
|
||||
for (IndexEntry entry : result) {
|
||||
if (expVendor.equals(entry.getVendor()) && expProduct.equals(entry.getProduct())) {
|
||||
found = true;
|
||||
break;
|
||||
boolean found = false;
|
||||
for (IndexEntry entry : result) {
|
||||
if (expVendor.equals(entry.getVendor()) && expProduct.equals(entry.getProduct())) {
|
||||
found = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
assertTrue("apache:struts was not identified", found);
|
||||
}
|
||||
assertTrue("apache:struts was not identified", found);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -99,12 +99,13 @@ public class ComposerLockAnalyzerTest extends BaseDBTestCase {
|
||||
*/
|
||||
@Test
|
||||
public void testAnalyzePackageJson() throws Exception {
|
||||
final Engine engine = new Engine(getSettings());
|
||||
final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
|
||||
"composer.lock"));
|
||||
analyzer.analyze(result, engine);
|
||||
try (Engine engine = new Engine(getSettings())) {
|
||||
final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
|
||||
"composer.lock"));
|
||||
analyzer.analyze(result, engine);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@Test(expected = InitializationException.class)
|
||||
public void analyzerIsDisabledInCaseOfMissingMessageDigest() throws InitializationException {
|
||||
new MockUp<MessageDigest>() {
|
||||
@@ -113,13 +114,13 @@ public class ComposerLockAnalyzerTest extends BaseDBTestCase {
|
||||
throw new NoSuchAlgorithmException("SHA1 is missing");
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
analyzer = new ComposerLockAnalyzer();
|
||||
analyzer.setFilesMatched(true);
|
||||
analyzer.initialize(getSettings());
|
||||
assertTrue(analyzer.isEnabled());
|
||||
analyzer.prepare(null);
|
||||
|
||||
|
||||
assertFalse(analyzer.isEnabled());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -66,44 +66,45 @@ public class HintAnalyzerTest extends BaseDBTestCase {
|
||||
public void testAnalyze() throws Exception {
|
||||
//File guice = new File(this.getClass().getClassLoader().getResource("guice-3.0.jar").getPath());
|
||||
File guice = BaseTest.getResourceAsFile(this, "guice-3.0.jar");
|
||||
//Dependency guice = new Dependency(fileg);
|
||||
//Dependency guice = new EngineDependency(fileg);
|
||||
//File spring = new File(this.getClass().getClassLoader().getResource("spring-core-3.0.0.RELEASE.jar").getPath());
|
||||
File spring = BaseTest.getResourceAsFile(this, "spring-core-3.0.0.RELEASE.jar");
|
||||
//Dependency spring = new Dependency(files);
|
||||
getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, false);
|
||||
getSettings().setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
|
||||
getSettings().setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
|
||||
Engine engine = new Engine(getSettings());
|
||||
try (Engine engine = new Engine(getSettings())) {
|
||||
|
||||
engine.scan(guice);
|
||||
engine.scan(spring);
|
||||
engine.analyzeDependencies();
|
||||
Dependency gdep = null;
|
||||
Dependency sdep = null;
|
||||
for (Dependency d : engine.getDependencies()) {
|
||||
if (d.getActualFile().equals(guice)) {
|
||||
gdep = d;
|
||||
} else if (d.getActualFile().equals(spring)) {
|
||||
sdep = d;
|
||||
engine.scan(guice);
|
||||
engine.scan(spring);
|
||||
engine.analyzeDependencies();
|
||||
Dependency gdep = null;
|
||||
Dependency sdep = null;
|
||||
for (Dependency d : engine.getDependencies()) {
|
||||
if (d.getActualFile().equals(guice)) {
|
||||
gdep = d;
|
||||
} else if (d.getActualFile().equals(spring)) {
|
||||
sdep = d;
|
||||
}
|
||||
}
|
||||
final Evidence springTest1 = new Evidence("hint analyzer", "product", "springsource_spring_framework", Confidence.HIGH);
|
||||
final Evidence springTest2 = new Evidence("hint analyzer", "vendor", "SpringSource", Confidence.HIGH);
|
||||
final Evidence springTest3 = new Evidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);
|
||||
final Evidence springTest4 = new Evidence("hint analyzer", "product", "springsource_spring_framework", Confidence.HIGH);
|
||||
final Evidence springTest5 = new Evidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);
|
||||
|
||||
assertFalse(gdep.contains(EvidenceType.PRODUCT, springTest1));
|
||||
assertFalse(gdep.contains(EvidenceType.VENDOR, springTest2));
|
||||
assertFalse(gdep.contains(EvidenceType.VENDOR, springTest3));
|
||||
assertFalse(gdep.contains(EvidenceType.PRODUCT, springTest4));
|
||||
assertFalse(gdep.contains(EvidenceType.VENDOR, springTest5));
|
||||
|
||||
assertTrue(sdep.contains(EvidenceType.PRODUCT, springTest1));
|
||||
assertTrue(sdep.contains(EvidenceType.VENDOR, springTest2));
|
||||
assertTrue(sdep.contains(EvidenceType.VENDOR, springTest3));
|
||||
//assertTrue(evidence.contains(springTest4));
|
||||
//assertTrue(evidence.contains(springTest5));
|
||||
}
|
||||
final Evidence springTest1 = new Evidence("hint analyzer", "product", "springsource_spring_framework", Confidence.HIGH);
|
||||
final Evidence springTest2 = new Evidence("hint analyzer", "vendor", "SpringSource", Confidence.HIGH);
|
||||
final Evidence springTest3 = new Evidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);
|
||||
final Evidence springTest4 = new Evidence("hint analyzer", "product", "springsource_spring_framework", Confidence.HIGH);
|
||||
final Evidence springTest5 = new Evidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);
|
||||
|
||||
assertFalse(gdep.contains(EvidenceType.PRODUCT, springTest1));
|
||||
assertFalse(gdep.contains(EvidenceType.VENDOR, springTest2));
|
||||
assertFalse(gdep.contains(EvidenceType.VENDOR, springTest3));
|
||||
assertFalse(gdep.contains(EvidenceType.PRODUCT, springTest4));
|
||||
assertFalse(gdep.contains(EvidenceType.VENDOR, springTest5));
|
||||
|
||||
assertTrue(sdep.contains(EvidenceType.PRODUCT, springTest1));
|
||||
assertTrue(sdep.contains(EvidenceType.VENDOR, springTest2));
|
||||
assertTrue(sdep.contains(EvidenceType.VENDOR, springTest3));
|
||||
//assertTrue(evidence.contains(springTest4));
|
||||
//assertTrue(evidence.contains(springTest5));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -189,9 +189,10 @@ public class JarAnalyzerTest extends BaseTest {
|
||||
Dependency actualJarFile = new Dependency();
|
||||
actualJarFile.setActualFilePath(BaseTest.getResourceAsFile(this, "avro-ipc-1.5.0.jar").getAbsolutePath());
|
||||
actualJarFile.setFileName("avro-ipc-1.5.0.jar");
|
||||
Engine engine = new Engine(getSettings());
|
||||
engine.setDependencies(Arrays.asList(macOSMetaDataFile, actualJarFile));
|
||||
instance.analyzeDependency(macOSMetaDataFile, engine);
|
||||
try (Engine engine = new Engine(getSettings())) {
|
||||
engine.setDependencies(Arrays.asList(macOSMetaDataFile, actualJarFile));
|
||||
instance.analyzeDependency(macOSMetaDataFile, engine);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -201,8 +202,9 @@ public class JarAnalyzerTest extends BaseTest {
|
||||
textFileWithJarExtension
|
||||
.setActualFilePath(BaseTest.getResourceAsFile(this, "textFileWithJarExtension.jar").getAbsolutePath());
|
||||
textFileWithJarExtension.setFileName("textFileWithJarExtension.jar");
|
||||
Engine engine = new Engine(getSettings());
|
||||
engine.setDependencies(Collections.singletonList(textFileWithJarExtension));
|
||||
instance.analyzeDependency(textFileWithJarExtension, engine);
|
||||
try (Engine engine = new Engine(getSettings())) {
|
||||
engine.setDependencies(Collections.singletonList(textFileWithJarExtension));
|
||||
instance.analyzeDependency(textFileWithJarExtension, engine);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -150,7 +150,7 @@ public class RubyBundleAuditAnalyzerIT extends BaseDBTestCase {
|
||||
@Test
|
||||
public void testAddCriticalityToVulnerability() throws AnalysisException, DatabaseException {
|
||||
try (Engine engine = new Engine(getSettings())) {
|
||||
engine.doUpdates();
|
||||
engine.doUpdates(true);
|
||||
analyzer.prepare(engine);
|
||||
|
||||
final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
|
||||
@@ -198,52 +198,19 @@ public class RubyBundleAuditAnalyzerIT extends BaseDBTestCase {
|
||||
*/
|
||||
@Test
|
||||
public void testDependenciesPath() throws AnalysisException, DatabaseException {
|
||||
final Engine engine = new Engine(getSettings());
|
||||
engine.scan(BaseTest.getResourceAsFile(this,
|
||||
"ruby/vulnerable/gems/rails-4.1.15/"));
|
||||
try {
|
||||
engine.analyzeDependencies();
|
||||
} catch (NullPointerException ex) {
|
||||
LOGGER.error("NPE", ex);
|
||||
fail(ex.getMessage());
|
||||
} catch (ExceptionCollection ex) {
|
||||
Assume.assumeNoException("Exception setting up RubyBundleAuditAnalyzer; bundle audit may not be installed, or property \"analyzer.bundle.audit.path\" may not be set.", ex);
|
||||
return;
|
||||
try (Engine engine = new Engine(getSettings())) {
|
||||
try {
|
||||
engine.scan(BaseTest.getResourceAsFile(this, "ruby/vulnerable/gems/rails-4.1.15/"));
|
||||
engine.analyzeDependencies();
|
||||
} catch (NullPointerException ex) {
|
||||
LOGGER.error("NPE", ex);
|
||||
fail(ex.getMessage());
|
||||
} catch (ExceptionCollection ex) {
|
||||
Assume.assumeNoException("Exception setting up RubyBundleAuditAnalyzer; bundle audit may not be installed, or property \"analyzer.bundle.audit.path\" may not be set.", ex);
|
||||
return;
|
||||
}
|
||||
List<Dependency> dependencies = new ArrayList<>(Arrays.asList(engine.getDependencies()));
|
||||
LOGGER.info("{} dependencies found.", dependencies.size());
|
||||
}
|
||||
List<Dependency> dependencies = new ArrayList<>(Arrays.asList(engine.getDependencies()));
|
||||
LOGGER.info("{} dependencies found.", dependencies.size());
|
||||
//TODO before re-enablign the following add actual assertions.
|
||||
// Iterator<Dependency> dIterator = dependencies.iterator();
|
||||
// while (dIterator.hasNext()) {
|
||||
// Dependency dept = dIterator.next();
|
||||
// LOGGER.info("dept path: {}", dept.getActualFilePath());
|
||||
//
|
||||
// Set<Identifier> identifiers = dept.getIdentifiers();
|
||||
// Iterator<Identifier> idIterator = identifiers.iterator();
|
||||
// while (idIterator.hasNext()) {
|
||||
// Identifier id = idIterator.next();
|
||||
// LOGGER.info(" Identifier: {}, type={}, url={}, conf={}", id.getValue(), id.getType(), id.getUrl(), id.getConfidence());
|
||||
// }
|
||||
//
|
||||
// Set<Evidence> prodEv = dept.getProductEvidence().getEvidence();
|
||||
// Iterator<Evidence> it = prodEv.iterator();
|
||||
// while (it.hasNext()) {
|
||||
// Evidence e = it.next();
|
||||
// LOGGER.info(" prod: name={}, value={}, source={}, confidence={}", e.getName(), e.getValue(), e.getSource(), e.getConfidence());
|
||||
// }
|
||||
// Set<Evidence> versionEv = dept.getVersionEvidence().getEvidence();
|
||||
// Iterator<Evidence> vIt = versionEv.iterator();
|
||||
// while (vIt.hasNext()) {
|
||||
// Evidence e = vIt.next();
|
||||
// LOGGER.info(" version: name={}, value={}, source={}, confidence={}", e.getName(), e.getValue(), e.getSource(), e.getConfidence());
|
||||
// }
|
||||
//
|
||||
// Set<Evidence> vendorEv = dept.getVendorEvidence().getEvidence();
|
||||
// Iterator<Evidence> vendorIt = vendorEv.iterator();
|
||||
// while (vendorIt.hasNext()) {
|
||||
// Evidence e = vendorIt.next();
|
||||
// LOGGER.info(" vendor: name={}, value={}, source={}, confidence={}", e.getName(), e.getValue(), e.getSource(), e.getConfidence());
|
||||
// }
|
||||
// }
|
||||
}
|
||||
}
|
||||
|
||||
@@ -74,24 +74,24 @@ public class VulnerabilitySuppressionAnalyzerIT extends BaseDBTestCase {
|
||||
getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, false);
|
||||
getSettings().setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
|
||||
getSettings().setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
|
||||
Engine engine = new Engine(getSettings());
|
||||
engine.scan(file);
|
||||
engine.analyzeDependencies();
|
||||
Dependency dependency = getDependency(engine, file);
|
||||
int cveSize = dependency.getVulnerabilities().size();
|
||||
int cpeSize = dependency.getIdentifiers().size();
|
||||
assertTrue(cveSize > 0);
|
||||
assertTrue(cpeSize > 0);
|
||||
getSettings().setString(Settings.KEYS.SUPPRESSION_FILE, suppression.getAbsolutePath());
|
||||
VulnerabilitySuppressionAnalyzer instance = new VulnerabilitySuppressionAnalyzer();
|
||||
instance.initialize(getSettings());
|
||||
instance.prepare(engine);
|
||||
instance.analyze(dependency, engine);
|
||||
cveSize = cveSize > 1 ? cveSize - 2 : 0;
|
||||
cpeSize = cpeSize > 0 ? cpeSize - 1 : 0;
|
||||
assertTrue(dependency.getVulnerabilities().size() == cveSize);
|
||||
assertTrue(dependency.getIdentifiers().size() == cpeSize);
|
||||
engine.close();
|
||||
try (Engine engine = new Engine(getSettings())) {
|
||||
engine.scan(file);
|
||||
engine.analyzeDependencies();
|
||||
Dependency dependency = getDependency(engine, file);
|
||||
int cveSize = dependency.getVulnerabilities().size();
|
||||
int cpeSize = dependency.getIdentifiers().size();
|
||||
assertTrue(cveSize > 0);
|
||||
assertTrue(cpeSize > 0);
|
||||
getSettings().setString(Settings.KEYS.SUPPRESSION_FILE, suppression.getAbsolutePath());
|
||||
VulnerabilitySuppressionAnalyzer instance = new VulnerabilitySuppressionAnalyzer();
|
||||
instance.initialize(getSettings());
|
||||
instance.prepare(engine);
|
||||
instance.analyze(dependency, engine);
|
||||
cveSize = cveSize > 1 ? cveSize - 2 : 0;
|
||||
cpeSize = cpeSize > 0 ? cpeSize - 1 : 0;
|
||||
assertTrue(dependency.getVulnerabilities().size() == cveSize);
|
||||
assertTrue(dependency.getIdentifiers().size() == cpeSize);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -68,16 +68,13 @@ public class ReportGeneratorIT extends BaseDBTestCase {
|
||||
File jetty = BaseTest.getResourceAsFile(this, "org.mortbay.jetty.jar");
|
||||
|
||||
getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, false);
|
||||
Engine engine = new Engine(getSettings());
|
||||
|
||||
engine.scan(struts);
|
||||
engine.scan(axis);
|
||||
engine.scan(jetty);
|
||||
engine.analyzeDependencies();
|
||||
engine.writeReports("Test Report", "org.owasp", "dependency-check-core", "1.4.7", writeTo, "XML");
|
||||
|
||||
engine.close();
|
||||
|
||||
try (Engine engine = new Engine(getSettings())) {
|
||||
engine.scan(struts);
|
||||
engine.scan(axis);
|
||||
engine.scan(jetty);
|
||||
engine.analyzeDependencies();
|
||||
engine.writeReports("Test Report", "org.owasp", "dependency-check-core", "1.4.7", writeTo, "XML");
|
||||
}
|
||||
InputStream xsdStream = ReportGenerator.class.getClassLoader().getResourceAsStream("schema/dependency-check.1.6.xsd");
|
||||
StreamSource xsdSource = new StreamSource(xsdStream);
|
||||
StreamSource xmlSource = new StreamSource(writeTo);
|
||||
|
||||
@@ -18,7 +18,7 @@ data.directory=[JAR]/data
|
||||
#if the filename has a %s it will be replaced with the current expected version
|
||||
data.file_name=dc.h2.db
|
||||
data.version=3.0
|
||||
data.connection_string=jdbc:h2:file:%s;MV_STORE=FALSE;AUTOCOMMIT=ON;LOCK_MODE=0;FILE_LOCK=NO
|
||||
data.connection_string=jdbc:h2:file:%s;MV_STORE=FALSE;AUTOCOMMIT=ON;
|
||||
#data.connection_string=jdbc:mysql://localhost:3306/dependencycheck
|
||||
|
||||
# user name and password for the database connection. The inherent case is to use H2.
|
||||
|
||||
Reference in New Issue
Block a user