diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java
index 588c99d84..f3194c19b 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java
@@ -82,6 +82,7 @@ public class HintAnalyzer extends AbstractAnalyzer {
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
+
/**
*
* Returns the setting key to determine if the analyzer is enabled.
@@ -134,29 +135,38 @@ public class HintAnalyzer extends AbstractAnalyzer {
@Override
protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
for (HintRule hint : hints.getHintRules()) {
- boolean shouldAdd = false;
+ boolean matchFound = false;
for (Evidence given : hint.getGivenVendor()) {
if (dependency.getVendorEvidence().getEvidence().contains(given)) {
- shouldAdd = true;
+ matchFound = true;
break;
}
}
- if (!shouldAdd) {
+ if (!matchFound) {
for (Evidence given : hint.getGivenProduct()) {
if (dependency.getProductEvidence().getEvidence().contains(given)) {
- shouldAdd = true;
+ matchFound = true;
break;
}
}
}
- if (!shouldAdd) {
- for (PropertyType pt : hint.getFilenames()) {
- if (pt.matches(dependency.getFileName())) {
- shouldAdd = true;
+ if (!matchFound) {
+ for (Evidence given : hint.getGivenVersion()) {
+ if (dependency.getVersionEvidence().getEvidence().contains(given)) {
+ matchFound = true;
+ break;
}
}
}
- if (shouldAdd) {
+ if (!matchFound) {
+ for (PropertyType pt : hint.getFilenames()) {
+ if (pt.matches(dependency.getFileName())) {
+ matchFound = true;
+ break;
+ }
+ }
+ }
+ if (matchFound) {
for (Evidence e : hint.getAddVendor()) {
dependency.getVendorEvidence().addEvidence(e);
}
@@ -166,6 +176,21 @@ public class HintAnalyzer extends AbstractAnalyzer {
for (Evidence e : hint.getAddVersion()) {
dependency.getVersionEvidence().addEvidence(e);
}
+ for (Evidence e : hint.getRemoveVendor()) {
+ if (dependency.getVendorEvidence().getEvidence().contains(e)) {
+ dependency.getVendorEvidence().getEvidence().remove(e);
+ }
+ }
+ for (Evidence e : hint.getRemoveProduct()) {
+ if (dependency.getProductEvidence().getEvidence().contains(e)) {
+ dependency.getProductEvidence().getEvidence().remove(e);
+ }
+ }
+ for (Evidence e : hint.getRemoveVersion()) {
+ if (dependency.getVersionEvidence().getEvidence().contains(e)) {
+ dependency.getVersionEvidence().getEvidence().remove(e);
+ }
+ }
}
}
@@ -183,108 +208,6 @@ public class HintAnalyzer extends AbstractAnalyzer {
for (Evidence e : newEntries) {
dependency.getVendorEvidence().addEvidence(e);
}
-
- //
- /*
- final Evidence springTest1 = new Evidence("Manifest",
- "Implementation-Title",
- "Spring Framework",
- Confidence.HIGH);
-
- final Evidence springTest2 = new Evidence("Manifest",
- "Implementation-Title",
- "org.springframework.core",
- Confidence.HIGH);
-
- final Evidence springTest3 = new Evidence("Manifest",
- "Implementation-Title",
- "spring-core",
- Confidence.HIGH);
-
- final Evidence springTest4 = new Evidence("jar",
- "package name",
- "springframework",
- Confidence.LOW);
-
- final Evidence springSecurityTest1 = new Evidence("Manifest",
- "Bundle-Name",
- "Spring Security Core",
- Confidence.MEDIUM);
-
- final Evidence springSecurityTest2 = new Evidence("pom",
- "artifactid",
- "spring-security-core",
- Confidence.HIGH);
-
- final Evidence symfony = new Evidence("composer.lock",
- "vendor",
- "symfony",
- Confidence.HIGHEST);
-
- final Evidence zendframeworkVendor = new Evidence("composer.lock",
- "vendor",
- "zendframework",
- Confidence.HIGHEST);
-
- final Evidence zendframeworkProduct = new Evidence("composer.lock",
- "product",
- "zendframework",
- Confidence.HIGHEST);
-
- //springsource/vware problem
- final Set product = dependency.getProductEvidence().getEvidence();
- final Set vendor = dependency.getVendorEvidence().getEvidence();
-
- if (product.contains(springTest1) || product.contains(springTest2) || product.contains(springTest3)
- || (dependency.getFileName().contains("spring") && product.contains(springTest4))) {
- dependency.getProductEvidence().addEvidence("hint analyzer", "product", "springsource spring framework", Confidence.HIGH);
- dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "SpringSource", Confidence.HIGH);
- dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);
- dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "pivotal", Confidence.HIGH);
- }
-
- if (vendor.contains(springTest4)) {
- dependency.getProductEvidence().addEvidence("hint analyzer", "product", "springsource_spring_framework", Confidence.HIGH);
- dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);
- dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "pivotal", Confidence.HIGH);
- }
-
- if (product.contains(springSecurityTest1) || product.contains(springSecurityTest2)) {
- dependency.getProductEvidence().addEvidence("hint analyzer", "product", "springsource_spring_security", Confidence.HIGH);
- dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "SpringSource", Confidence.HIGH);
- dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);
- }
-
- if (vendor.contains(symfony)) {
- dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "sensiolabs", Confidence.HIGHEST);
- }
-
- if (vendor.contains(zendframeworkVendor)) {
- dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "zend", Confidence.HIGHEST);
- }
-
- if (product.contains(zendframeworkProduct)) {
- dependency.getProductEvidence().addEvidence("hint analyzer", "vendor", "zend_framework", Confidence.HIGHEST);
- }
-
- //sun/oracle problem
- final Iterator itr = dependency.getVendorEvidence().iterator();
- final List newEntries = new ArrayList();
- while (itr.hasNext()) {
- final Evidence e = itr.next();
- if ("sun".equalsIgnoreCase(e.getValue(false))) {
- final Evidence newEvidence = new Evidence(e.getSource() + " (hint)", e.getName(), "oracle", e.getConfidence());
- newEntries.add(newEvidence);
- } else if ("oracle".equalsIgnoreCase(e.getValue(false))) {
- final Evidence newEvidence = new Evidence(e.getSource() + " (hint)", e.getName(), "sun", e.getConfidence());
- newEntries.add(newEvidence);
- }
- }
- for (Evidence e : newEntries) {
- dependency.getVendorEvidence().addEvidence(e);
- }
- */
- //
}
/**
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintHandler.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintHandler.java
index 0608f5fa1..269d6d168 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintHandler.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintHandler.java
@@ -45,6 +45,11 @@ public class HintHandler extends DefaultHandler {
* Element name.
*/
private static final String ADD = "add";
+ /**
+ * Element name.
+ */
+ private static final String REMOVE = "remove";
+
/**
* Element name.
*/
@@ -139,16 +144,25 @@ public class HintHandler extends DefaultHandler {
* The current rule being read.
*/
private HintRule rule;
+
+ /**
+ * Internal type to track the parent node state.
+ */
+ enum ParentType {
+ ADD,
+ GIVEN,
+ REMOVE
+ }
/**
* The current state of the parent node (to differentiate between 'add' and
* 'given').
*/
- private boolean inAddNode = false;
+ private ParentType nodeType = ParentType.GIVEN;
/**
* Handles the start element event.
*
- * @param uri the uri of the element being processed
+ * @param uri the URI of the element being processed
* @param localName the local name of the element being processed
* @param qName the qName of the element being processed
* @param attr the attributes of the element being processed
@@ -159,41 +173,81 @@ public class HintHandler extends DefaultHandler {
if (HINT.equals(qName)) {
rule = new HintRule();
} else if (ADD.equals(qName)) {
- inAddNode = true;
+ nodeType = ParentType.ADD;
} else if (GIVEN.equals(qName)) {
- inAddNode = false;
+ nodeType = ParentType.GIVEN;
+ } else if (REMOVE.equals(qName)) {
+ nodeType = ParentType.REMOVE;
} else if (EVIDENCE.equals(qName)) {
final String hintType = attr.getValue(TYPE);
if (VENDOR.equals(hintType)) {
- if (inAddNode) {
- rule.addAddVendor(attr.getValue(SOURCE),
- attr.getValue(NAME),
- attr.getValue(VALUE),
- Confidence.valueOf(attr.getValue(CONFIDENCE)));
- } else {
- rule.addGivenVendor(attr.getValue(SOURCE),
- attr.getValue(NAME),
- attr.getValue(VALUE),
- Confidence.valueOf(attr.getValue(CONFIDENCE)));
+ if (null != nodeType) switch (nodeType) {
+ case ADD:
+ rule.addAddVendor(attr.getValue(SOURCE),
+ attr.getValue(NAME),
+ attr.getValue(VALUE),
+ Confidence.valueOf(attr.getValue(CONFIDENCE)));
+ break;
+ case REMOVE:
+ rule.addRemoveVendor(attr.getValue(SOURCE),
+ attr.getValue(NAME),
+ attr.getValue(VALUE),
+ Confidence.valueOf(attr.getValue(CONFIDENCE)));
+ break;
+ case GIVEN:
+ rule.addGivenVendor(attr.getValue(SOURCE),
+ attr.getValue(NAME),
+ attr.getValue(VALUE),
+ Confidence.valueOf(attr.getValue(CONFIDENCE)));
+ break;
+ default:
+ break;
}
} else if (PRODUCT.equals(hintType)) {
- if (inAddNode) {
- rule.addAddProduct(attr.getValue(SOURCE),
- attr.getValue(NAME),
- attr.getValue(VALUE),
- Confidence.valueOf(attr.getValue(CONFIDENCE)));
- } else {
- rule.addGivenProduct(attr.getValue(SOURCE),
- attr.getValue(NAME),
- attr.getValue(VALUE),
- Confidence.valueOf(attr.getValue(CONFIDENCE)));
+ if (null != nodeType) switch (nodeType) {
+ case ADD:
+ rule.addAddProduct(attr.getValue(SOURCE),
+ attr.getValue(NAME),
+ attr.getValue(VALUE),
+ Confidence.valueOf(attr.getValue(CONFIDENCE)));
+ break;
+ case REMOVE:
+ rule.addRemoveProduct(attr.getValue(SOURCE),
+ attr.getValue(NAME),
+ attr.getValue(VALUE),
+ Confidence.valueOf(attr.getValue(CONFIDENCE)));
+ break;
+ case GIVEN:
+ rule.addGivenProduct(attr.getValue(SOURCE),
+ attr.getValue(NAME),
+ attr.getValue(VALUE),
+ Confidence.valueOf(attr.getValue(CONFIDENCE)));
+ break;
+ default:
+ break;
}
} else if (VERSION.equals(hintType)) {
- if (inAddNode) {
- rule.addAddVersion(attr.getValue(SOURCE),
- attr.getValue(NAME),
- attr.getValue(VALUE),
- Confidence.valueOf(attr.getValue(CONFIDENCE)));
+ if (null != nodeType) switch (nodeType) {
+ case ADD:
+ rule.addAddVersion(attr.getValue(SOURCE),
+ attr.getValue(NAME),
+ attr.getValue(VALUE),
+ Confidence.valueOf(attr.getValue(CONFIDENCE)));
+ break;
+ case REMOVE:
+ rule.addRemoveVersion(attr.getValue(SOURCE),
+ attr.getValue(NAME),
+ attr.getValue(VALUE),
+ Confidence.valueOf(attr.getValue(CONFIDENCE)));
+ break;
+ case GIVEN:
+ rule.addGivenVersion(attr.getValue(SOURCE),
+ attr.getValue(NAME),
+ attr.getValue(VALUE),
+ Confidence.valueOf(attr.getValue(CONFIDENCE)));
+ break;
+ default:
+ break;
}
}
} else if (FILE_NAME.equals(qName)) {
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintParser.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintParser.java
index 8d7afada9..ce881759c 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintParser.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintParser.java
@@ -64,7 +64,12 @@ public class HintParser {
/**
* The schema for the hint XML files.
*/
- private static final String HINT_SCHEMA = "schema/dependency-hint.1.1.xsd";
+ private static final String HINT_SCHEMA = "schema/dependency-hint.1.2.xsd";
+
+ /**
+ * The schema for the hint XML files.
+ */
+ private static final String HINT_SCHEMA_OLD = "schema/dependency-hint.1.1.xsd";
/**
* Parses the given XML file and returns a list of the hints contained.
@@ -82,7 +87,23 @@ public class HintParser {
LOGGER.debug("", ex);
throw new HintParseException(ex);
} catch (SAXException ex) {
- throw new HintParseException(ex);
+ try {
+ if (fis != null) {
+ try {
+ fis.close();
+ } catch (IOException ex1) {
+ LOGGER.debug("Unable to close stream", ex1);
+ }
+ }
+ fis = new FileInputStream(file);
+ } catch (FileNotFoundException ex1) {
+ throw new HintParseException(ex1);
+ }
+ try {
+ return parseHints(fis, HINT_SCHEMA_OLD);
+ } catch (SAXException ex1) {
+ throw new HintParseException(ex);
+ }
} finally {
if (fis != null) {
try {
@@ -104,9 +125,23 @@ public class HintParser {
* @throws SAXException thrown if the XML cannot be parsed
*/
public Hints parseHints(InputStream inputStream) throws HintParseException, SAXException {
+ return parseHints(inputStream, HINT_SCHEMA);
+ }
+
+ /**
+ * Parses the given XML stream and returns a list of the hint rules
+ * contained.
+ *
+ * @param inputStream an InputStream containing hint rules
+ * @param schema the XSD to use to validate the XML against
+ * @return a list of hint rules
+ * @throws HintParseException thrown if the XML cannot be parsed
+ * @throws SAXException thrown if the XML cannot be parsed
+ */
+ private Hints parseHints(InputStream inputStream, String schema) throws HintParseException, SAXException {
InputStream schemaStream = null;
try {
- schemaStream = this.getClass().getClassLoader().getResourceAsStream(HINT_SCHEMA);
+ schemaStream = this.getClass().getClassLoader().getResourceAsStream(schema);
final HintHandler handler = new HintHandler();
final SAXParser saxParser = XmlUtils.buildSecureSaxParser(schemaStream);
final XMLReader xmlReader = saxParser.getXMLReader();
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintRule.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintRule.java
index 7290ba26e..dc9d5f38e 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintRule.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/HintRule.java
@@ -36,6 +36,43 @@ public class HintRule {
* The list of file names to match.
*/
private final List filenames = new ArrayList();
+ /**
+ * The list of vendor evidence that is being matched.
+ */
+ private final List givenVendor = new ArrayList();
+ /**
+ * The list of product evidence that is being matched.
+ */
+ private final List givenProduct = new ArrayList();
+ /**
+ * The list of product evidence that is being matched.
+ */
+ private final List givenVersion = new ArrayList();
+ /**
+ * The list of vendor hints to add.
+ */
+ private final List addVendor = new ArrayList();
+ /**
+ * The list of product evidence to add.
+ */
+ private final List addProduct = new ArrayList();
+ /**
+ * The list of version evidence to add.
+ */
+ private final List addVersion = new ArrayList();
+
+ /**
+ * The list of vendor hints to add.
+ */
+ private final List removeVendor = new ArrayList();
+ /**
+ * The list of product evidence to add.
+ */
+ private final List removeProduct = new ArrayList();
+ /**
+ * The list of version evidence to add.
+ */
+ private final List removeVersion = new ArrayList();
/**
* Adds the filename evidence to the collection.
@@ -54,10 +91,6 @@ public class HintRule {
public List getFilenames() {
return filenames;
}
- /**
- * The list of product evidence that is being matched.
- */
- private final List givenProduct = new ArrayList();
/**
* Adds a given product to the list of evidence to matched.
@@ -80,20 +113,6 @@ public class HintRule {
return givenProduct;
}
- /**
- * The list of vendor evidence that is being matched.
- */
- private final List givenVendor = new ArrayList();
-
- /**
- * The list of product evidence to add.
- */
- private final List addProduct = new ArrayList();
- /**
- * The list of version evidence to add.
- */
- private final List addVersion = new ArrayList();
-
/**
* Adds a given vendors to the list of evidence to matched.
*
@@ -157,11 +176,6 @@ public class HintRule {
return addVersion;
}
- /**
- * The list of vendor hints to add.
- */
- private final List addVendor = new ArrayList();
-
/**
* Adds a given vendor to the list of evidence to add when matched.
*
@@ -182,4 +196,81 @@ public class HintRule {
public List getAddVendor() {
return addVendor;
}
+
+ /**
+ * Adds a given vendor to the list of evidence to remove when matched.
+ *
+ * @param source the source of the evidence
+ * @param name the name of the evidence
+ * @param value the value of the evidence
+ * @param confidence the confidence of the evidence
+ */
+ public void addRemoveVendor(String source, String name, String value, Confidence confidence) {
+ removeVendor.add(new Evidence(source, name, value, confidence));
+ }
+ /**
+ * Get the value of removeVendor.
+ *
+ * @return the value of removeVendor
+ */
+ public List getRemoveVendor() {
+ return removeVendor;
+ }
+ /**
+ * Adds a given product to the list of evidence to remove when matched.
+ *
+ * @param source the source of the evidence
+ * @param name the name of the evidence
+ * @param value the value of the evidence
+ * @param confidence the confidence of the evidence
+ */
+ public void addRemoveProduct(String source, String name, String value, Confidence confidence) {
+ removeProduct.add(new Evidence(source, name, value, confidence));
+ }
+ /**
+ * Get the value of removeProduct.
+ *
+ * @return the value of removeProduct
+ */
+ public List getRemoveProduct() {
+ return removeProduct;
+ }
+ /**
+ * Adds a given version to the list of evidence to remove when matched.
+ *
+ * @param source the source of the evidence
+ * @param name the name of the evidence
+ * @param value the value of the evidence
+ * @param confidence the confidence of the evidence
+ */
+ public void addRemoveVersion(String source, String name, String value, Confidence confidence) {
+ removeVersion.add(new Evidence(source, name, value, confidence));
+ }
+ /**
+ * Get the value of removeVersion.
+ *
+ * @return the value of removeVersion
+ */
+ public List getRemoveVersion() {
+ return removeVersion;
+ }
+ /**
+ * Adds a given version to the list of evidence to matche.
+ *
+ * @param source the source of the evidence
+ * @param name the name of the evidence
+ * @param value the value of the evidence
+ * @param confidence the confidence of the evidence
+ */
+ public void addGivenVersion(String source, String name, String value, Confidence confidence) {
+ givenVersion.add(new Evidence(source, name, value, confidence));
+ }
+ /**
+ * Get the value of givenVersion.
+ *
+ * @return the value of givenVersion
+ */
+ public List getGivenVersion() {
+ return givenVersion;
+ }
}
diff --git a/dependency-check-core/src/main/resources/dependencycheck-base-hint.xml b/dependency-check-core/src/main/resources/dependencycheck-base-hint.xml
index 6c441db13..a7a45d05e 100644
--- a/dependency-check-core/src/main/resources/dependencycheck-base-hint.xml
+++ b/dependency-check-core/src/main/resources/dependencycheck-base-hint.xml
@@ -1,7 +1,7 @@
-
+
-
+
diff --git a/dependency-check-core/src/main/resources/schema/dependency-hint.1.2.xsd b/dependency-check-core/src/main/resources/schema/dependency-hint.1.2.xsd
new file mode 100644
index 000000000..cc912609c
--- /dev/null
+++ b/dependency-check-core/src/main/resources/schema/dependency-hint.1.2.xsd
@@ -0,0 +1,76 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/HintAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/HintAnalyzerTest.java
index bf8cf07c1..e8e133da8 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/HintAnalyzerTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/HintAnalyzerTest.java
@@ -108,5 +108,32 @@ public class HintAnalyzerTest extends BaseDBTestCase {
//assertTrue(evidence.contains(springTest4));
//assertTrue(evidence.contains(springTest5));
}
-
+ /**
+ * Test of analyze method, of class HintAnalyzer.
+ */
+ @Test
+ public void testAnalyze_1() throws Exception {
+ File path = BaseTest.getResourceAsFile(this, "hints_12.xml");
+ Settings.setString(Settings.KEYS.HINTS_FILE, path.getPath());
+ HintAnalyzer instance = new HintAnalyzer();
+ instance.initialize();
+ Dependency d = new Dependency();
+ d.getVersionEvidence().addEvidence("version source", "given version name", "1.2.3", Confidence.HIGH);
+ d.getVersionEvidence().addEvidence("hint analyzer", "remove version name", "value", Confidence.HIGH);
+ d.getVendorEvidence().addEvidence("hint analyzer", "remove vendor name", "vendor", Confidence.HIGH);
+ d.getProductEvidence().addEvidence("hint analyzer", "remove product name", "product", Confidence.HIGH);
+ d.getVersionEvidence().addEvidence("hint analyzer", "other version name", "value", Confidence.HIGH);
+ d.getVendorEvidence().addEvidence("hint analyzer", "other vendor name", "vendor", Confidence.HIGH);
+ d.getProductEvidence().addEvidence("hint analyzer", "other product name", "product", Confidence.HIGH);
+
+ assertEquals("vendor evidence mismatch",2, d.getVendorEvidence().size());
+ assertEquals("product evidence mismatch",2, d.getProductEvidence().size());
+ assertEquals("version evidence mismatch",3, d.getVersionEvidence().size());
+ instance.analyze(d, null);
+ assertEquals("vendor evidence mismatch",1, d.getVendorEvidence().size());
+ assertEquals("product evidence mismatch",1, d.getProductEvidence().size());
+ assertEquals("version evidence mismatch",2, d.getVersionEvidence().size());
+
+
+ }
}
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/hints/HintHandlerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/hints/HintHandlerTest.java
index 2d06c3a69..138c8e39b 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/hints/HintHandlerTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/hints/HintHandlerTest.java
@@ -32,11 +32,6 @@ import javax.xml.parsers.SAXParserFactory;
import org.junit.Test;
import static org.junit.Assert.*;
import org.owasp.dependencycheck.BaseTest;
-import org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler;
-import org.owasp.dependencycheck.xml.suppression.SuppressionHandler;
-import org.owasp.dependencycheck.xml.suppression.SuppressionParser;
-import org.owasp.dependencycheck.xml.suppression.SuppressionRule;
-import org.xml.sax.Attributes;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.SAXNotRecognizedException;
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/hints/HintParserTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/hints/HintParserTest.java
index 6b5df4404..7c6432cc4 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/hints/HintParserTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/hints/HintParserTest.java
@@ -39,18 +39,7 @@ public class HintParserTest extends BaseTest {
Hints results = instance.parseHints(file);
assertEquals("Two duplicating hints should have been read", 2, results.getVendorDuplicatingHintRules().size());
assertEquals("Two hint rules should have been read", 2, results.getHintRules().size());
- }
- /**
- * Test of parseHints method, of class HintParser.
- */
- @Test
- public void testParseHints_InputStream() throws Exception {
- InputStream ins = BaseTest.getResourceAsStream(this, "hints.xml");
- HintParser instance = new HintParser();
- Hints results = instance.parseHints(ins);
- assertEquals("Two duplicating hints should have been read", 2, results.getVendorDuplicatingHintRules().size());
- assertEquals("Two hint rules should have been read", 2, results.getHintRules().size());
assertEquals("One add product should have been read", 1, results.getHintRules().get(0).getAddProduct().size());
assertEquals("One add vendor should have been read", 1, results.getHintRules().get(0).getAddVendor().size());
assertEquals("Two file name should have been read", 2, results.getHintRules().get(1).getFilenames().size());
@@ -65,9 +54,57 @@ public class HintParserTest extends BaseTest {
assertEquals("file name 1 should not be a regex", false, results.getHintRules().get(1).getFilenames().get(0).isRegex());
assertEquals("file name 2 should be case sensitive", true, results.getHintRules().get(1).getFilenames().get(1).isCaseSensitive());
assertEquals("file name 2 should be a regex", true, results.getHintRules().get(1).getFilenames().get(1).isRegex());
-
-
+
assertEquals("sun duplicating vendor", "sun", results.getVendorDuplicatingHintRules().get(0).getValue());
assertEquals("sun duplicates vendor oracle", "oracle", results.getVendorDuplicatingHintRules().get(0).getDuplicate());
}
+
+ /**
+ * Test of parseHints method, of class HintParser.
+ */
+ @Test
+ public void testParseHints_InputStream() throws Exception {
+ InputStream ins = BaseTest.getResourceAsStream(this, "hints_12.xml");
+ HintParser instance = new HintParser();
+ Hints results = instance.parseHints(ins);
+ assertEquals("Zero duplicating hints should have been read", 0, results.getVendorDuplicatingHintRules().size());
+ assertEquals("Two hint rules should have been read", 2, results.getHintRules().size());
+
+ assertEquals("One given product should have been read in hint 0", 1, results.getHintRules().get(0).getGivenProduct().size());
+ assertEquals("One given vendor should have been read in hint 0", 1, results.getHintRules().get(0).getGivenVendor().size());
+ assertEquals("One given version should have been read in hint 0", 1, results.getHintRules().get(0).getGivenVersion().size());
+
+ assertEquals("One add product should have been read in hint 0", 1, results.getHintRules().get(0).getAddProduct().size());
+ assertEquals("One add vendor should have been read in hint 0", 1, results.getHintRules().get(0).getAddVendor().size());
+ assertEquals("One add version should have been read in hint 0", 1, results.getHintRules().get(0).getAddVersion().size());
+ assertEquals("Zero remove product should have been read in hint 0", 0, results.getHintRules().get(0).getRemoveProduct().size());
+ assertEquals("Zero remove vendor should have been read in hint 0", 0, results.getHintRules().get(0).getRemoveVendor().size());
+ assertEquals("Zero remove version should have been read in hint 0", 0, results.getHintRules().get(0).getRemoveVersion().size());
+
+ assertEquals("Zero given product should have been read in hint 1", 0, results.getHintRules().get(1).getGivenProduct().size());
+ assertEquals("Zero given vendor should have been read in hint 1", 0, results.getHintRules().get(1).getGivenVendor().size());
+ assertEquals("One given version should have been read in hint 1", 1, results.getHintRules().get(1).getGivenVersion().size());
+
+ assertEquals("One remove product should have been read in hint 1", 1, results.getHintRules().get(1).getRemoveProduct().size());
+ assertEquals("One remove vendor should have been read in hint 1", 1, results.getHintRules().get(1).getRemoveVendor().size());
+ assertEquals("One remove version should have been read in hint 1", 1, results.getHintRules().get(1).getRemoveVersion().size());
+ assertEquals("Zero add product should have been read in hint 1", 0, results.getHintRules().get(1).getAddProduct().size());
+ assertEquals("Zero add vendor should have been read in hint 1", 0, results.getHintRules().get(1).getAddVendor().size());
+ assertEquals("Zero add version should have been read in hint 1", 0, results.getHintRules().get(1).getAddVersion().size());
+
+ assertEquals("add product name not found in hint 0", "add product name", results.getHintRules().get(0).getAddProduct().get(0).getName());
+ assertEquals("add vendor name not found in hint 0", "add vendor name", results.getHintRules().get(0).getAddVendor().get(0).getName());
+ assertEquals("add version name not found in hint 0", "add version name", results.getHintRules().get(0).getAddVersion().get(0).getName());
+
+ assertEquals("given product name not found in hint 0", "given product name", results.getHintRules().get(0).getGivenProduct().get(0).getName());
+ assertEquals("given vendor name not found in hint 0", "given vendor name", results.getHintRules().get(0).getGivenVendor().get(0).getName());
+ assertEquals("given version name not found in hint 0", "given version name", results.getHintRules().get(0).getGivenVersion().get(0).getName());
+
+ assertEquals("given version name not found in hint 1", "given version name", results.getHintRules().get(1).getGivenVersion().get(0).getName());
+
+ assertEquals("add product name not found in hint 1", "remove product name", results.getHintRules().get(1).getRemoveProduct().get(0).getName());
+ assertEquals("add vendor name not found in hint 1", "remove vendor name", results.getHintRules().get(1).getRemoveVendor().get(0).getName());
+ assertEquals("add version name not found in hint 1", "remove version name", results.getHintRules().get(1).getRemoveVersion().get(0).getName());
+
+ }
}
diff --git a/dependency-check-core/src/test/resources/hints_12.xml b/dependency-check-core/src/test/resources/hints_12.xml
new file mode 100644
index 000000000..2e5699abb
--- /dev/null
+++ b/dependency-check-core/src/test/resources/hints_12.xml
@@ -0,0 +1,25 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file