Merge branch 'master' of https://github.com/jeremylong/DependencyCheck

Former-commit-id: 232fd9692b90f77e6cc445f2baddbeb29d38dcde

dependency-check-core/pom.xml

@@ -44,6 +44,7 @@ along with Dependency-Check.  If not, see <http://www.gnu.org/licenses />.
                 <directory>src/main/resources</directory>
                 <includes>
                     <include>**/*.properties</include>
+                    <include>**/schema/*.xsd</include>
                 </includes>
                 <filtering>true</filtering>
             </resource>

dependency-check-core/src/main/resources/schema/DependencyCheck.xsd

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<xs:schema id="analysis" xmlns="https://www.owasp.org/index.php/OWASP_Dependency_Check" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+<xs:schema id="analysis" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" targetNamespace="https://www.owasp.org/index.php/OWASP_Dependency_Check">
     <xs:element name="analysis">
         <xs:complexType>
             <xs:sequence minOccurs="0" maxOccurs="unbounded">

dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorTest.java

@@ -18,6 +18,7 @@
  */
 package org.owasp.dependencycheck.reporting;
 
+import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.data.cpe.BaseIndexTestCase;
 import org.junit.After;
 import org.junit.AfterClass;
@@ -25,6 +26,14 @@ import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
 
+import javax.xml.XMLConstants;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+import javax.xml.validation.Validator;
+import java.io.File;
+import java.io.InputStream;
+
 /**
  *
  * @author Jeremy Long (jeremy.long@owasp.org)
@@ -107,4 +116,41 @@ public class ReportGeneratorTest {
 //        instance.generateReport(templateName, writeTo, properties);
         //assertTrue("need to add a real check here", false);
     }
+
+    /**
+     * Generates an XML report containing known vulnerabilities and realistic
+     * data and validates the generated XML document against the XSD.
+     * @throws Exception
+     */
+    @Test
+    public void testGenerateXMLReport() throws Exception {
+        String templateName = "XmlReport";
+
+        File f = new File("target/test-reports");
+        if (!f.exists()) {
+            f.mkdir();
+        }
+        String writeTo = "target/test-reports/Report.xml";
+
+        File struts = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
+        File axis = new File(this.getClass().getClassLoader().getResource("axis2-adb-1.4.1.jar").getPath());
+        File jetty = new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath());
+
+        Engine engine = new Engine();
+        engine.scan(struts);
+        engine.scan(axis);
+        engine.scan(jetty);
+        engine.analyzeDependencies();
+
+        ReportGenerator generator = new ReportGenerator("Test Report", engine.getDependencies(), engine.getAnalyzers());
+        generator.generateReport(templateName, writeTo);
+
+        InputStream xsdStream = ReportGenerator.class.getClassLoader().getResourceAsStream("schema/DependencyCheck.xsd");
+        StreamSource xsdSource = new StreamSource(xsdStream);
+        StreamSource xmlSource =  new StreamSource(new File(writeTo));
+        SchemaFactory sf = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
+        Schema schema = sf.newSchema(xsdSource);
+        Validator validator = schema.newValidator();
+        validator.validate(xmlSource);
+    }
 }