diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java index 1aefe1129..05e8fa18c 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java @@ -41,7 +41,12 @@ import org.owasp.dependencycheck.exception.InitializationException; * @author colezlaw */ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer { - + + /** + * A descriptor for the type of dependencies processed or added by this analyzer + */ + public static final String DEPENDENCY_ECOSYSTEM = "NuGet"; + /** * The logger. */ @@ -136,12 +141,15 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer { throw new AnalysisException(ex); } + dependency.setEcosystem(DEPENDENCY_ECOSYSTEM); if (np.getOwners() != null) { dependency.getVendorEvidence().addEvidence("nuspec", "owners", np.getOwners(), Confidence.HIGHEST); } dependency.getVendorEvidence().addEvidence("nuspec", "authors", np.getAuthors(), Confidence.HIGH); dependency.getVersionEvidence().addEvidence("nuspec", "version", np.getVersion(), Confidence.HIGHEST); + dependency.setVersion(np.getVersion()); dependency.getProductEvidence().addEvidence("nuspec", "id", np.getId(), Confidence.HIGHEST); + dependency.setName(np.getId()); if (np.getTitle() != null) { dependency.getProductEvidence().addEvidence("nuspec", "title", np.getTitle(), Confidence.MEDIUM); } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzerTest.java index 6d184dd2a..280e611a6 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzerTest.java @@ -23,6 +23,9 @@ import static org.junit.Assert.assertTrue; import org.junit.Before; import org.junit.Test; import org.owasp.dependencycheck.BaseTest; +import org.owasp.dependencycheck.analyzer.exception.AnalysisException; +import org.owasp.dependencycheck.dependency.Dependency; +import org.owasp.dependencycheck.dependency.Evidence; import java.io.File; @@ -52,6 +55,33 @@ public class NuspecAnalyzerTest extends BaseTest { public void testGetAnalysisPhaze() { assertEquals(AnalysisPhase.INFORMATION_COLLECTION, instance.getAnalysisPhase()); } + + @Test + public void testNuspecAnalysis() throws Exception { + + File file = BaseTest.getResourceAsFile(this, "nuspec/test.nuspec"); + Dependency result = new Dependency(file); + instance.analyze(result, null); + + assertEquals(NuspecAnalyzer.DEPENDENCY_ECOSYSTEM,result.getEcosystem()); + + //checking the owner field + assertTrue(result.getVendorEvidence().toString().toLowerCase().contains("bobsmack")); + + //checking the author field + assertTrue(result.getVendorEvidence().toString().toLowerCase().contains("brianfox")); + + //checking the id field + assertTrue(result.getProductEvidence().toString().contains("TestDepCheck")); + + //checking the title field + assertTrue(result.getProductEvidence().toString().contains("Test Package")); + + assertTrue(result.getVersionEvidence().toString().contains("1.0.0")); + assertEquals("1.0.0", result.getVersion()); + assertEquals("TestDepCheck", result.getName()); + assertEquals("TestDepCheck:1.0.0", result.getDisplayFileName()); + } } // vim: cc=120:sw=4:ts=4:sts=4 diff --git a/dependency-check-core/src/test/resources/nuspec/test.nuspec b/dependency-check-core/src/test/resources/nuspec/test.nuspec new file mode 100644 index 000000000..7dc2f2029 --- /dev/null +++ b/dependency-check-core/src/test/resources/nuspec/test.nuspec @@ -0,0 +1,17 @@ + + + + 1.0.0 + brianfox + bobsmack + + + + TestDepCheck + Test Package + false + Test package for Dependency Check Analyzer + + + + \ No newline at end of file