From 9f9e2d12c43744e26eefbf8eea1107f80cd01b56 Mon Sep 17 00:00:00 2001 From: Steve Springett Date: Mon, 23 Sep 2013 17:51:22 -0500 Subject: [PATCH] Fixed minor issue with xsd so the xml report would validate. Added unit test for xml report generation. Adding DependencyCheck.xsd to jar. Former-commit-id: 5dc93c191f001e92b92a1eb1b02e10e33719ca08 --- dependency-check-core/pom.xml | 1 + .../main/resources/schema/DependencyCheck.xsd | 2 +- .../reporting/ReportGeneratorTest.java | 46 +++++++++++++++++++ 3 files changed, 48 insertions(+), 1 deletion(-) diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml index 5cc0f174e..63a496c99 100644 --- a/dependency-check-core/pom.xml +++ b/dependency-check-core/pom.xml @@ -44,6 +44,7 @@ along with Dependency-Check. If not, see . src/main/resources **/*.properties + **/schema/*.xsd true diff --git a/dependency-check-core/src/main/resources/schema/DependencyCheck.xsd b/dependency-check-core/src/main/resources/schema/DependencyCheck.xsd index f6b522455..4f7c171c9 100644 --- a/dependency-check-core/src/main/resources/schema/DependencyCheck.xsd +++ b/dependency-check-core/src/main/resources/schema/DependencyCheck.xsd @@ -1,5 +1,5 @@  - + diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorTest.java index f932ea291..1d060adb5 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorTest.java @@ -18,6 +18,7 @@ */ package org.owasp.dependencycheck.reporting; +import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.data.cpe.BaseIndexTestCase; import org.junit.After; import org.junit.AfterClass; @@ -25,6 +26,14 @@ import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; +import javax.xml.XMLConstants; +import javax.xml.transform.stream.StreamSource; +import javax.xml.validation.Schema; +import javax.xml.validation.SchemaFactory; +import javax.xml.validation.Validator; +import java.io.File; +import java.io.InputStream; + /** * * @author Jeremy Long (jeremy.long@owasp.org) @@ -107,4 +116,41 @@ public class ReportGeneratorTest { // instance.generateReport(templateName, writeTo, properties); //assertTrue("need to add a real check here", false); } + + /** + * Generates an XML report containing known vulnerabilities and realistic + * data and validates the generated XML document against the XSD. + * @throws Exception + */ + @Test + public void testGenerateXMLReport() throws Exception { + String templateName = "XmlReport"; + + File f = new File("target/test-reports"); + if (!f.exists()) { + f.mkdir(); + } + String writeTo = "target/test-reports/Report.xml"; + + File struts = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); + File axis = new File(this.getClass().getClassLoader().getResource("axis2-adb-1.4.1.jar").getPath()); + File jetty = new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath()); + + Engine engine = new Engine(); + engine.scan(struts); + engine.scan(axis); + engine.scan(jetty); + engine.analyzeDependencies(); + + ReportGenerator generator = new ReportGenerator("Test Report", engine.getDependencies(), engine.getAnalyzers()); + generator.generateReport(templateName, writeTo); + + InputStream xsdStream = ReportGenerator.class.getClassLoader().getResourceAsStream("schema/DependencyCheck.xsd"); + StreamSource xsdSource = new StreamSource(xsdStream); + StreamSource xmlSource = new StreamSource(new File(writeTo)); + SchemaFactory sf = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI); + Schema schema = sf.newSchema(xsdSource); + Validator validator = schema.newValidator(); + validator.validate(xmlSource); + } }