github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-12 05:11:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

merge owasp 1.4.1

Browse Source
This commit is contained in:
bjiang
2016-07-12 16:22:05 -04:00
parent 00d4ee47de f23003ead3
commit 2fa8507d69
105 changed files with 2246 additions and 482 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineIntegrationTest.java
View File

@@ -17,9 +17,8 @@
*/
package org.owasp.dependencycheck;
import org.junit.After;
import static org.junit.Assert.assertTrue;
import org.junit.Before;
import org.junit.Test;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;

15
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzerTest.java
View File

@@ -23,8 +23,7 @@ import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.suppression.SuppressionParseException;
import org.owasp.dependencycheck.suppression.SuppressionRule;
import org.owasp.dependencycheck.xml.suppression.SuppressionRule;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.LoggerFactory;
@@ -35,6 +34,7 @@ import java.util.Set;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import org.owasp.dependencycheck.exception.InitializationException;
/**
* @author Jeremy Long
@@ -49,7 +49,8 @@ public class AbstractSuppressionAnalyzerTest extends BaseTest {
}
/**
* Test of getSupportedExtensions method, of class AbstractSuppressionAnalyzer.
* Test of getSupportedExtensions method, of class
* AbstractSuppressionAnalyzer.
*/
@Test
public void testGetSupportedExtensions() {
@@ -58,7 +59,8 @@ public class AbstractSuppressionAnalyzerTest extends BaseTest {
}
/**
* Test of getRules method, of class AbstractSuppressionAnalyzer for suppression file declared as URL.
* Test of getRules method, of class AbstractSuppressionAnalyzer for
* suppression file declared as URL.
*/
@Test
public void testGetRulesFromSuppressionFileFromURL() throws Exception {
@@ -70,7 +72,8 @@ public class AbstractSuppressionAnalyzerTest extends BaseTest {
}
/**
* Test of getRules method, of class AbstractSuppressionAnalyzer for suppression file declared as URL.
* Test of getRules method, of class AbstractSuppressionAnalyzer for
* suppression file declared as URL.
*/
@Test
public void testGetRulesFromSuppressionFileInClasspath() throws Exception {
@@ -81,7 +84,7 @@ public class AbstractSuppressionAnalyzerTest extends BaseTest {
assertTrue(expCount <= currentSize);
}
@Test(expected = SuppressionParseException.class)
@Test(expected = InitializationException.class)
public void testFailureToLocateSuppressionFileAnywhere() throws Exception {
Settings.setString(Settings.KEYS.SUPPRESSION_FILE, "doesnotexist.xml");
instance.initialize();

1
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AnalyzerServiceTest.java
View File

@@ -17,7 +17,6 @@
*/
package org.owasp.dependencycheck.analyzer;
import java.util.Iterator;
import java.util.List;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;

31
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerIntegrationTest.java
View File

@@ -116,7 +116,6 @@ public class ArchiveAnalyzerIntegrationTest extends BaseDBTestCase {
try {
instance.initialize();
File file = BaseTest.getResourceAsFile(this, "daytrader-ear-2.1.7.ear");
//File file = new File(this.getClass().getClassLoader().getResource("daytrader-ear-2.1.7.ear").getPath());
Dependency dependency = new Dependency(file);
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
@@ -136,6 +135,36 @@ public class ArchiveAnalyzerIntegrationTest extends BaseDBTestCase {
}
}
/**
* Test of analyze method, of class ArchiveAnalyzer, with an executable jar.
*/
@Test
public void testAnalyzeExecutableJar() throws Exception {
ArchiveAnalyzer instance = new ArchiveAnalyzer();
//trick the analyzer into thinking it is active.
instance.accept(new File("test.ear"));
try {
instance.initialize();
File file = BaseTest.getResourceAsFile(this, "bootable-0.1.0.jar");
Dependency dependency = new Dependency(file);
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
Engine engine = new Engine();
int initial_size = engine.getDependencies().size();
instance.analyze(dependency, engine);
int ending_size = engine.getDependencies().size();
engine.cleanup();
assertTrue(initial_size < ending_size);
} finally {
instance.close();
}
}
/**
* Test of analyze method, of class ArchiveAnalyzer.
*/

9
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerTest.java
View File

@@ -16,22 +16,17 @@
package org.owasp.dependencycheck.analyzer;
import java.io.File;
import java.io.FileFilter;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
import static org.junit.Assume.assumeFalse;
import static org.junit.Assume.assumeNotNull;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.utils.Settings;
/**

7
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java
View File

@@ -31,6 +31,7 @@ import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.exception.InitializationException;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -64,7 +65,7 @@ public class AssemblyAnalyzerTest extends BaseTest {
if (e.getMessage().contains("Could not execute .NET AssemblyAnalyzer")) {
LOGGER.warn("Exception setting up AssemblyAnalyzer. Tests will be incomplete");
} else {
LOGGER.warn("Exception setting up AssemblyAnalyzer. Tests will be incomplete", e);
LOGGER.warn("Exception setting up AssemblyAnalyzer. Tests will be incomplete");
}
Assume.assumeNoException("Is mono installed? TESTS WILL BE INCOMPLETE", e);
}
@@ -157,8 +158,8 @@ public class AssemblyAnalyzerTest extends BaseTest {
AssemblyAnalyzer aanalyzer = new AssemblyAnalyzer();
aanalyzer.accept(new File("test.dll")); // trick into "thinking it is active"
aanalyzer.initialize();
fail("Expected an AnalysisException");
} catch (AnalysisException ae) {
fail("Expected an InitializationException");
} catch (InitializationException ae) {
assertEquals("An error occurred with the .NET AssemblyAnalyzer", ae.getMessage());
} finally {
System.setProperty(LOG_KEY, oldProp);

45
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java
View File

@@ -29,6 +29,7 @@ import static org.junit.Assert.assertTrue;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.BaseDBTestCase;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.cpe.IndexEntry;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
@@ -82,23 +83,33 @@ public class CPEAnalyzerIntegrationTest extends BaseDBTestCase {
*/
@Test
public void testDetermineCPE_full() throws Exception {
CPEAnalyzer instance = new CPEAnalyzer();
instance.open();
FileNameAnalyzer fnAnalyzer = new FileNameAnalyzer();
JarAnalyzer jarAnalyzer = new JarAnalyzer();
HintAnalyzer hAnalyzer = new HintAnalyzer();
FalsePositiveAnalyzer fp = new FalsePositiveAnalyzer();
//update needs to be performed so that xtream can be tested
Engine e = new Engine();
e.doUpdates();
CPEAnalyzer cpeAnalyzer = new CPEAnalyzer();
try {
//callDetermineCPE_full("struts2-core-2.3.16.3.jar", "cpe:/a:apache:struts:2.3.16.3", instance, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
callDetermineCPE_full("hazelcast-2.5.jar", null, instance, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
callDetermineCPE_full("spring-context-support-2.5.5.jar", "cpe:/a:springsource:spring_framework:2.5.5", instance, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
callDetermineCPE_full("spring-core-3.0.0.RELEASE.jar", "cpe:/a:vmware:springsource_spring_framework:3.0.0", instance, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
callDetermineCPE_full("org.mortbay.jetty.jar", "cpe:/a:mortbay_jetty:jetty:4.2.27", instance, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
callDetermineCPE_full("jaxb-xercesImpl-1.5.jar", null, instance, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
callDetermineCPE_full("ehcache-core-2.2.0.jar", null, instance, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
cpeAnalyzer.initialize();
FileNameAnalyzer fnAnalyzer = new FileNameAnalyzer();
fnAnalyzer.initialize();
JarAnalyzer jarAnalyzer = new JarAnalyzer();
jarAnalyzer.accept(new File("test.jar"));//trick analyzer into "thinking it is active"
jarAnalyzer.initialize();
HintAnalyzer hAnalyzer = new HintAnalyzer();
hAnalyzer.initialize();
FalsePositiveAnalyzer fp = new FalsePositiveAnalyzer();
fp.initialize();
callDetermineCPE_full("hazelcast-2.5.jar", null, cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
callDetermineCPE_full("spring-context-support-2.5.5.jar", "cpe:/a:springsource:spring_framework:2.5.5", cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
callDetermineCPE_full("spring-core-3.0.0.RELEASE.jar", "cpe:/a:vmware:springsource_spring_framework:3.0.0", cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
callDetermineCPE_full("org.mortbay.jetty.jar", "cpe:/a:mortbay_jetty:jetty:4.2.27", cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
callDetermineCPE_full("jaxb-xercesImpl-1.5.jar", null, cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
callDetermineCPE_full("ehcache-core-2.2.0.jar", null, cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
callDetermineCPE_full("xstream-1.4.8.jar", "cpe:/a:x-stream:xstream:1.4.8", cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
} finally {
instance.close();
cpeAnalyzer.close();
}
}
@@ -107,7 +118,7 @@ public class CPEAnalyzerIntegrationTest extends BaseDBTestCase {
*
* @throws Exception is thrown when an exception occurs
*/
public void callDetermineCPE_full(String depName, String expResult, CPEAnalyzer instance, FileNameAnalyzer fnAnalyzer, JarAnalyzer jarAnalyzer, HintAnalyzer hAnalyzer, FalsePositiveAnalyzer fp) throws Exception {
public void callDetermineCPE_full(String depName, String expResult, CPEAnalyzer cpeAnalyzer, FileNameAnalyzer fnAnalyzer, JarAnalyzer jarAnalyzer, HintAnalyzer hAnalyzer, FalsePositiveAnalyzer fp) throws Exception {
//File file = new File(this.getClass().getClassLoader().getResource(depName).getPath());
File file = BaseTest.getResourceAsFile(this, depName);
@@ -117,7 +128,7 @@ public class CPEAnalyzerIntegrationTest extends BaseDBTestCase {
fnAnalyzer.analyze(dep, null);
jarAnalyzer.analyze(dep, null);
hAnalyzer.analyze(dep, null);
instance.analyze(dep, null);
cpeAnalyzer.analyze(dep, null);
fp.analyze(dep, null);
if (expResult != null) {
@@ -146,8 +157,10 @@ public class CPEAnalyzerIntegrationTest extends BaseDBTestCase {
fnAnalyzer.analyze(struts, null);
HintAnalyzer hintAnalyzer = new HintAnalyzer();
hintAnalyzer.initialize();
JarAnalyzer jarAnalyzer = new JarAnalyzer();
jarAnalyzer.accept(new File("test.jar"));//trick analyzer into "thinking it is active"
jarAnalyzer.initialize();
jarAnalyzer.analyze(struts, null);
hintAnalyzer.analyze(struts, null);

6
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzerTest.java
View File

@@ -23,16 +23,11 @@ import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import java.io.File;
import static org.hamcrest.CoreMatchers.containsString;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
import org.owasp.dependencycheck.BaseDBTestCase;
@@ -53,6 +48,7 @@ public class ComposerLockAnalyzerTest extends BaseDBTestCase {
*
* @throws Exception thrown if there is a problem
*/
@Override
@Before
public void setUp() throws Exception {
super.setUp();

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/HintAnalyzerTest.java
View File

@@ -20,7 +20,7 @@ import java.util.Set;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import org.junit.Before;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.Engine;

3
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java
View File

@@ -63,6 +63,7 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
*
* @throws Exception thrown if there is a problem
*/
@Override
@Before
public void setUp() throws Exception {
super.setUp();
@@ -145,7 +146,7 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
assertEquals(vulnerability.getCvssScore(), 5.0f, 0.0);
} catch (Exception e) {
LOGGER.warn("Exception setting up RubyBundleAuditAnalyzer. Make sure Ruby gem bundle-audit is installed. You may also need to set property \"analyzer.bundle.audit.path\".", e);
LOGGER.warn("Exception setting up RubyBundleAuditAnalyzer. Make sure Ruby gem bundle-audit is installed. You may also need to set property \"analyzer.bundle.audit.path\".");
Assume.assumeNoException("Exception setting up RubyBundleAuditAnalyzer; bundle audit may not be installed, or property \"analyzer.bundle.audit.path\" may not be set.", e);
}
}

5
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/cwe/CweDBTest.java
View File

@@ -17,11 +17,8 @@
*/
package org.owasp.dependencycheck.data.cwe;
import org.junit.After;
import org.junit.AfterClass;
import static org.junit.Assert.assertEquals;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;

31
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/lucene/FieldAnalyzerTest.java
View File

@@ -36,12 +36,10 @@ import org.apache.lucene.search.ScoreDoc;
import org.apache.lucene.search.TopScoreDocCollector;
import org.apache.lucene.store.Directory;
import org.apache.lucene.store.RAMDirectory;
import org.junit.After;
import org.junit.AfterClass;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
@@ -63,7 +61,12 @@ public class FieldAnalyzerTest extends BaseTest {
String field2 = "vendor";
String text2 = "springsource";
createIndex(analyzer, index, field1, text1, field2, text2);
IndexWriter w = createIndex(analyzer, index);
addDoc(w, field1, text1, field2, text2);
text1 = "x-stream";
text2 = "xstream";
addDoc(w, field1, text1, field2, text2);
w.close();
//Analyzer searchingAnalyzer = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION);
String querystr = "product:\"(Spring Framework Core)\" vendor:(SpringSource)";
@@ -77,7 +80,6 @@ public class FieldAnalyzerTest extends BaseTest {
QueryParser parser = new QueryParser(LuceneUtils.CURRENT_VERSION, field1, wrapper);
Query q = parser.parse(querystr);
//System.out.println(q.toString());
int hitsPerPage = 10;
@@ -88,20 +90,27 @@ public class FieldAnalyzerTest extends BaseTest {
ScoreDoc[] hits = collector.topDocs().scoreDocs;
assertEquals("Did not find 1 document?", 1, hits.length);
assertEquals("springframework", searcher.doc(hits[0].doc).get(field1));
assertEquals("springsource", searcher.doc(hits[0].doc).get(field2));
searchAnalyzerProduct.clear(); //ensure we don't have anything left over from the previous search.
searchAnalyzerVendor.clear();
querystr = "product:(Apache Struts) vendor:(Apache)";
Query q2 = parser.parse(querystr);
//System.out.println(q2.toString());
assertFalse("second parsing contains previousWord from the TokenPairConcatenatingFilter", q2.toString().contains("core"));
querystr = "product:( x-stream^5 ) AND vendor:( thoughtworks.xstream )";
Query q3 = parser.parse(querystr);
collector = TopScoreDocCollector.create(hitsPerPage, true);
searcher.search(q3, collector);
hits = collector.topDocs().scoreDocs;
assertEquals("x-stream", searcher.doc(hits[0].doc).get(field1));
assertEquals("xstream", searcher.doc(hits[0].doc).get(field2));
}
private void createIndex(Analyzer analyzer, Directory index, String field1, String text1, String field2, String text2) throws IOException {
private IndexWriter createIndex(Analyzer analyzer, Directory index) throws IOException {
IndexWriterConfig config = new IndexWriterConfig(LuceneUtils.CURRENT_VERSION, analyzer);
IndexWriter w = new IndexWriter(index, config);
addDoc(w, field1, text1, field2, text2);
w.close();
return new IndexWriter(index, config);
}
private static void addDoc(IndexWriter w, String field1, String text1, String field2, String text2) throws IOException {

5
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/lucene/LuceneUtilsTest.java
View File

@@ -17,11 +17,8 @@
*/
package org.owasp.dependencycheck.data.lucene;
import org.junit.After;
import org.junit.AfterClass;
import static org.junit.Assert.assertEquals;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;

7
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilterTest.java
View File

@@ -20,17 +20,12 @@ package org.owasp.dependencycheck.data.lucene;
import java.io.IOException;
import java.io.StringReader;
import org.apache.lucene.analysis.BaseTokenStreamTestCase;
import static org.apache.lucene.analysis.BaseTokenStreamTestCase.assertTokenStreamContents;
import org.apache.lucene.analysis.TokenStream;
import org.apache.lucene.analysis.Tokenizer;
import org.apache.lucene.analysis.core.WhitespaceTokenizer;
import org.junit.After;
import org.junit.AfterClass;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
/**

5
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/ConnectionFactoryTest.java
View File

@@ -17,10 +17,7 @@ package org.owasp.dependencycheck.data.nvdcve;
import java.sql.Connection;
import java.sql.SQLException;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
import org.owasp.dependencycheck.BaseDBTestCase;

7
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/CveDBMySQLTest.java
View File

@@ -19,16 +19,13 @@ package org.owasp.dependencycheck.data.nvdcve;
import java.util.List;
import java.util.Set;
import org.junit.After;
import org.junit.AfterClass;
import static org.junit.Assert.assertTrue;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
import org.owasp.dependencycheck.utils.Settings;
/**
*

6
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DriverLoaderTest.java
View File

@@ -20,12 +20,10 @@ package org.owasp.dependencycheck.data.nvdcve;
import java.io.File;
import java.sql.Driver;
import java.sql.DriverManager;
import org.junit.After;
import org.junit.AfterClass;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;

6
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/nvd/DownloadTaskTest.java
View File

@@ -20,13 +20,11 @@ package org.owasp.dependencycheck.data.update.nvd;
import java.io.File;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Future;
import org.junit.After;
import org.junit.AfterClass;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.data.nvdcve.CveDB;

6
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/nvd/NvdCve_1_2_HandlerTest.java
View File

@@ -23,11 +23,9 @@ import java.util.List;
import java.util.Map;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import org.junit.After;
import org.junit.AfterClass;
import static org.junit.Assert.assertTrue;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;

6
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/nvd/NvdCve_2_0_HandlerTest.java
View File

@@ -23,11 +23,9 @@ import java.util.List;
import java.util.Map;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import org.junit.After;
import org.junit.AfterClass;
import static org.junit.Assert.assertTrue;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;

7
dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java
View File

@@ -18,15 +18,12 @@
package org.owasp.dependencycheck.dependency;
import java.io.File;
import java.util.List;
import java.util.Set;
import org.junit.After;
import org.junit.AfterClass;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.data.nexus.MavenArtifact;

7
dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerabilityTest.java
View File

@@ -18,13 +18,10 @@
package org.owasp.dependencycheck.dependency;
import java.util.Set;
import org.junit.After;
import org.junit.AfterClass;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.assertFalse;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;

5
dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java
View File

@@ -17,13 +17,10 @@
*/
package org.owasp.dependencycheck.dependency;
import org.junit.After;
import org.junit.AfterClass;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.assertFalse;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorIntegrationTest.java
View File

@@ -24,7 +24,7 @@ import javax.xml.transform.stream.StreamSource;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
import javax.xml.validation.Validator;
import org.junit.Before;
import org.junit.Test;
import org.owasp.dependencycheck.BaseDBTestCase;
import org.owasp.dependencycheck.BaseTest;

6
dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DateUtilTest.java
View File

@@ -16,11 +16,9 @@
package org.owasp.dependencycheck.utils;
import java.util.Calendar;
import org.junit.After;
import org.junit.AfterClass;
import static org.junit.Assert.assertEquals;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;

5
dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DependencyVersionUtilTest.java
View File

@@ -17,12 +17,9 @@
*/
package org.owasp.dependencycheck.utils;
import org.junit.After;
import org.junit.AfterClass;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;

77
dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/hints/HintHandlerTest.java Normal file
View File

@@ -0,0 +1,77 @@
/*
* This file is part of dependency-check-core.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright (c) 2016 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.xml.hints;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.io.UnsupportedEncodingException;
import java.util.List;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import org.junit.Test;
import static org.junit.Assert.*;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler;
import org.owasp.dependencycheck.xml.suppression.SuppressionHandler;
import org.owasp.dependencycheck.xml.suppression.SuppressionParser;
import org.owasp.dependencycheck.xml.suppression.SuppressionRule;
import org.xml.sax.Attributes;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.SAXNotRecognizedException;
import org.xml.sax.SAXNotSupportedException;
import org.xml.sax.XMLReader;
/**
*
* @author Jeremy Long
*/
public class HintHandlerTest extends BaseTest {
@Test
public void testHandler() throws ParserConfigurationException, SAXNotRecognizedException, SAXNotSupportedException, SAXException, FileNotFoundException, UnsupportedEncodingException, IOException {
File file = BaseTest.getResourceAsFile(this, "hints.xml");
File schema = BaseTest.getResourceAsFile(this, "schema/dependency-hint.1.0.xsd");
HintHandler handler = new HintHandler();
SAXParserFactory factory = SAXParserFactory.newInstance();
factory.setNamespaceAware(true);
factory.setValidating(true);
SAXParser saxParser = factory.newSAXParser();
saxParser.setProperty(HintParser.JAXP_SCHEMA_LANGUAGE, HintParser.W3C_XML_SCHEMA);
saxParser.setProperty(HintParser.JAXP_SCHEMA_SOURCE, schema);
XMLReader xmlReader = saxParser.getXMLReader();
xmlReader.setErrorHandler(new HintErrorHandler());
xmlReader.setContentHandler(handler);
InputStream inputStream = new FileInputStream(file);
Reader reader = new InputStreamReader(inputStream, "UTF-8");
InputSource in = new InputSource(reader);
xmlReader.parse(in);
List<HintRule> result = handler.getHintRules();
assertEquals("two hint rules should have been loaded",2,result.size());
}
}

73
dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/hints/HintParserTest.java Normal file
View File

@@ -0,0 +1,73 @@
/*
* This file is part of dependency-check-core.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright (c) 2016 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.xml.hints;
import java.io.File;
import java.io.InputStream;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
import org.owasp.dependencycheck.BaseTest;
/**
*
* @author Jeremy Long
*/
public class HintParserTest extends BaseTest {
/**
* Test of parseHints method, of class HintParser.
*/
@Test
public void testParseHints_File() throws Exception {
File file = BaseTest.getResourceAsFile(this, "hints.xml");
HintParser instance = new HintParser();
Hints results = instance.parseHints(file);
assertEquals("Two duplicating hints should have been read", 2, results.getVendorDuplicatingHintRules().size());
assertEquals("Two hint rules should have been read", 2, results.getHintRules().size());
}
/**
* Test of parseHints method, of class HintParser.
*/
@Test
public void testParseHints_InputStream() throws Exception {
InputStream ins = BaseTest.getResourceAsStream(this, "hints.xml");
HintParser instance = new HintParser();
Hints results = instance.parseHints(ins);
assertEquals("Two duplicating hints should have been read", 2, results.getVendorDuplicatingHintRules().size());
assertEquals("Two hint rules should have been read", 2, results.getHintRules().size());
assertEquals("One add product should have been read", 1, results.getHintRules().get(0).getAddProduct().size());
assertEquals("One add vendor should have been read", 1, results.getHintRules().get(0).getAddVendor().size());
assertEquals("Two file name should have been read", 2, results.getHintRules().get(1).getFilenames().size());
assertEquals("add product name not found", "add product name", results.getHintRules().get(0).getAddProduct().get(0).getName());
assertEquals("add vendor name not found", "add vendor name", results.getHintRules().get(0).getAddVendor().get(0).getName());
assertEquals("given product name not found", "given product name", results.getHintRules().get(0).getGivenProduct().get(0).getName());
assertEquals("given vendor name not found", "given vendor name", results.getHintRules().get(0).getGivenVendor().get(0).getName());
assertEquals("spring file name not found", "spring", results.getHintRules().get(1).getFilenames().get(0).getValue());
assertEquals("file name 1 should not be case sensitive", false, results.getHintRules().get(1).getFilenames().get(0).isCaseSensitive());
assertEquals("file name 1 should not be a regex", false, results.getHintRules().get(1).getFilenames().get(0).isRegex());
assertEquals("file name 2 should be case sensitive", true, results.getHintRules().get(1).getFilenames().get(1).isCaseSensitive());
assertEquals("file name 2 should be a regex", true, results.getHintRules().get(1).getFilenames().get(1).isRegex());
assertEquals("sun duplicating vendor", "sun", results.getVendorDuplicatingHintRules().get(0).getValue());
assertEquals("sun duplicates vendor oracle", "oracle", results.getVendorDuplicatingHintRules().get(0).getDuplicate());
}
}

7
dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/PropertyTypeTest.java → dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/suppression/PropertyTypeTest.java
View File

@@ -15,15 +15,12 @@
*
* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.suppression;
package org.owasp.dependencycheck.xml.suppression;
import org.junit.After;
import org.junit.AfterClass;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;

10
dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionHandlerTest.java → dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/suppression/SuppressionHandlerTest.java
View File

@@ -15,7 +15,7 @@
*
* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.suppression;
package org.owasp.dependencycheck.xml.suppression;
import java.io.File;
import java.io.FileInputStream;
@@ -25,11 +25,7 @@ import java.io.Reader;
import java.util.List;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import org.junit.After;
import org.junit.AfterClass;
import static org.junit.Assert.assertTrue;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.xml.sax.InputSource;
@@ -48,10 +44,7 @@ public class SuppressionHandlerTest extends BaseTest {
*/
@Test
public void testHandler() throws Exception {
//File file = new File(this.getClass().getClassLoader().getResource("suppressions.xml").getPath());
File file = BaseTest.getResourceAsFile(this, "suppressions.xml");
//File schema = new File(this.getClass().getClassLoader().getResource("schema/suppression.xsd").getPath());
File schema = BaseTest.getResourceAsFile(this, "schema/suppression.xsd");
SuppressionHandler handler = new SuppressionHandler();
@@ -81,6 +74,5 @@ public class SuppressionHandlerTest extends BaseTest {
}
}
assertTrue(baseCount > 0);
}
}

8
dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionParserTest.java → dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/suppression/SuppressionParserTest.java
View File

@@ -15,15 +15,13 @@
*
* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.suppression;
package org.owasp.dependencycheck.xml.suppression;
import java.io.File;
import java.util.List;
import org.junit.After;
import org.junit.AfterClass;
import static org.junit.Assert.assertTrue;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;

2
dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionRuleTest.java → dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/suppression/SuppressionRuleTest.java
View File

@@ -15,7 +15,7 @@
*
* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.suppression;
package org.owasp.dependencycheck.xml.suppression;
import java.io.File;
import java.util.ArrayList;

BIN
dependency-check-core/src/test/resources/bootable-0.1.0.jar Normal file
View File

Binary file not shown.

25
dependency-check-core/src/test/resources/hints.xml Normal file
View File

@@ -0,0 +1,25 @@
<?xml version="1.0" encoding="UTF-8"?>
<hints xmlns="https://jeremylong.github.io/DependencyCheck/dependency-hint.1.0.xsd">
<hint>
<given>
<evidence type="product" source="product source" name="given product name" value="value" confidence="HIGH"/>
<evidence type="vendor" source="vendor source" name="given vendor name" value="value" confidence="HIGH"/>
</given>
<add>
<evidence type="product" source="hint analyzer" name="add product name" value="product" confidence="HIGH"/>
<evidence type="vendor" source="hint analyzer" name="add vendor name" value="vendor" confidence="HIGH"/>
</add>
</hint>
<hint>
<given>
<fileName contains="spring"/>
<fileName contains="struts" regex="true" caseSensitive="true"/>
</given>
<add>
<evidence type="product" source="hint analyzer" name="product" value="product" confidence="HIGH"/>
<evidence type="vendor" source="hint analyzer" name="vendor" value="vendor" confidence="HIGH"/>
</add>
</hint>
<vendorDuplicatingHint value="sun" duplicate="oracle"/>
<vendorDuplicatingHint value="oracle" duplicate="sun"/>
</hints>