github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-25 02:21:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated test case to ensure suppressed vulnerabilities were tracked correctly per issue #66

Browse Source 
Former-commit-id: 657213bab4b2f0a9538fb03319ff945971765b47
This commit is contained in:
Jeremy Long
2014-03-30 06:31:52 -04:00
parent 9bdff89833
commit 1c30e555dc
2 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
View File

@@ -87,6 +87,8 @@ public class Dependency implements Comparable<Dependency> {
versionEvidence = new EvidenceCollection(); versionEvidence = new EvidenceCollection();
identifiers = new TreeSet<Identifier>(); identifiers = new TreeSet<Identifier>();
vulnerabilities = new TreeSet<Vulnerability>(new VulnerabilityComparator()); vulnerabilities = new TreeSet<Vulnerability>(new VulnerabilityComparator());
suppressedIdentifiers = new TreeSet<Identifier>();
suppressedVulnerabilities = new TreeSet<Vulnerability>(new VulnerabilityComparator());
} }
/** /**

5
dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionRuleTest.java
View File

@@ -413,6 +413,7 @@ public class SuppressionRuleTest {
dependency.setSha1sum(sha1); dependency.setSha1sum(sha1);
instance.process(dependency); instance.process(dependency);
assertTrue(dependency.getVulnerabilities().isEmpty()); assertTrue(dependency.getVulnerabilities().isEmpty());
assertTrue(dependency.getSuppressedVulnerabilities().size() == 1);
//cvss //cvss
dependency.addVulnerability(v); dependency.addVulnerability(v);
@@ -423,6 +424,7 @@ public class SuppressionRuleTest {
instance.addCvssBelow(8f); instance.addCvssBelow(8f);
instance.process(dependency); instance.process(dependency);
assertTrue(dependency.getVulnerabilities().isEmpty()); assertTrue(dependency.getVulnerabilities().isEmpty());
assertTrue(dependency.getSuppressedVulnerabilities().size() == 1);
//cve //cve
dependency.addVulnerability(v); dependency.addVulnerability(v);
@@ -433,6 +435,7 @@ public class SuppressionRuleTest {
instance.addCve("CVE-2013-1337"); instance.addCve("CVE-2013-1337");
instance.process(dependency); instance.process(dependency);
assertTrue(dependency.getVulnerabilities().isEmpty()); assertTrue(dependency.getVulnerabilities().isEmpty());
assertTrue(dependency.getSuppressedVulnerabilities().size() == 1);
//cpe //cpe
instance = new SuppressionRule(); instance = new SuppressionRule();
@@ -450,6 +453,7 @@ public class SuppressionRuleTest {
instance.setFilePath(pt); instance.setFilePath(pt);
instance.process(dependency); instance.process(dependency);
assertTrue(dependency.getIdentifiers().isEmpty()); assertTrue(dependency.getIdentifiers().isEmpty());
assertTrue(dependency.getSuppressedIdentifiers().size() == 1);
dependency.addIdentifier("cwe", "cpe:/a:microsoft:.net_framework:4.0", "some url not needed for this test"); dependency.addIdentifier("cwe", "cpe:/a:microsoft:.net_framework:4.0", "some url not needed for this test");
dependency.addIdentifier("cwe", "cpe:/a:microsoft:.net_framework:4.5", "some url not needed for this test"); dependency.addIdentifier("cwe", "cpe:/a:microsoft:.net_framework:4.5", "some url not needed for this test");
@@ -460,6 +464,7 @@ public class SuppressionRuleTest {
assertTrue(dependency.getIdentifiers().size() == 3); assertTrue(dependency.getIdentifiers().size() == 3);
instance.process(dependency); instance.process(dependency);
assertTrue(dependency.getIdentifiers().isEmpty()); assertTrue(dependency.getIdentifiers().isEmpty());
assertTrue(dependency.getSuppressedIdentifiers().size() == 3);
} }
private Vulnerability createVulnerability() { private Vulnerability createVulnerability() {