github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-13 23:33:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'brianf-nugetNameImprovements'

Browse Source
This commit is contained in:
Jeremy Long
2017-10-02 06:59:23 -04:00
parent 54ccd04c17 159b9006cc
commit 27abb72df1
3 changed files with 57 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java
View File

@@ -45,6 +45,12 @@ import org.owasp.dependencycheck.exception.InitializationException;
@ThreadSafe
public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
/**
* A descriptor for the type of dependencies processed or added by this
* analyzer
*/
public static final String DEPENDENCY_ECOSYSTEM = "NuGet";
/**
* The logger.
*/
@@ -140,12 +146,15 @@ public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
throw new AnalysisException(ex);
}
dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
if (np.getOwners() != null) {
dependency.addEvidence(EvidenceType.VENDOR, "nuspec", "owners", np.getOwners(), Confidence.HIGHEST);
}
dependency.addEvidence(EvidenceType.VENDOR, "nuspec", "authors", np.getAuthors(), Confidence.HIGH);
dependency.addEvidence(EvidenceType.VERSION, "nuspec", "version", np.getVersion(), Confidence.HIGHEST);
dependency.addEvidence(EvidenceType.PRODUCT, "nuspec", "id", np.getId(), Confidence.HIGHEST);
dependency.setVersion(np.getVersion());
dependency.setName(np.getId());
if (np.getTitle() != null) {
dependency.addEvidence(EvidenceType.PRODUCT, "nuspec", "title", np.getTitle(), Confidence.MEDIUM);
}

31
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzerTest.java
View File

@@ -23,8 +23,12 @@ import static org.junit.Assert.assertTrue;
import org.junit.Before;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import java.io.File;
import org.owasp.dependencycheck.dependency.EvidenceType;
public class NuspecAnalyzerTest extends BaseTest {
@@ -55,4 +59,31 @@ public class NuspecAnalyzerTest extends BaseTest {
public void testGetAnalysisPhaze() {
assertEquals(AnalysisPhase.INFORMATION_COLLECTION, instance.getAnalysisPhase());
}
@Test
public void testNuspecAnalysis() throws Exception {
File file = BaseTest.getResourceAsFile(this, "nuspec/test.nuspec");
Dependency result = new Dependency(file);
instance.analyze(result, null);
assertEquals(NuspecAnalyzer.DEPENDENCY_ECOSYSTEM, result.getEcosystem());
//checking the owner field
assertTrue(result.getEvidence(EvidenceType.VENDOR).toString().toLowerCase().contains("bobsmack"));
//checking the author field
assertTrue(result.getEvidence(EvidenceType.VENDOR).toString().toLowerCase().contains("brianfox"));
//checking the id field
assertTrue(result.getEvidence(EvidenceType.PRODUCT).toString().contains("TestDepCheck"));
//checking the title field
assertTrue(result.getEvidence(EvidenceType.PRODUCT).toString().contains("Test Package"));
assertTrue(result.getEvidence(EvidenceType.VERSION).toString().contains("1.0.0"));
assertEquals("1.0.0", result.getVersion());
assertEquals("TestDepCheck", result.getName());
assertEquals("TestDepCheck:1.0.0", result.getDisplayFileName());
}
}

17
dependency-check-core/src/test/resources/nuspec/test.nuspec Normal file
View File

@@ -0,0 +1,17 @@
<?xml version="1.0"?>
<package xmlns="http://schemas.microsoft.com/packaging/2010/07/nuspec.xsd">
<metadata>
<version>1.0.0</version>
<authors>brianfox</authors>
<owners>bobsmack</owners>
<dependencies>
<dependency id="ClassLibrary" version="[1.0.0]" />
</dependencies>
<id>TestDepCheck</id>
<title>Test Package</title>
<requireLicenseAcceptance>false</requireLicenseAcceptance>
<description> Test package for Dependency Check Analyzer</description>
<summary />
</metadata>
<files/>
</package>