added a vulnerability suppression analyzer test case

Former-commit-id: d90596a3493f1fd557222fac0568955b5ab58b4f
2026-01-14 15:53:36 +01:00 · 2014-03-16 07:05:05 -04:00
parent 633028a63f
commit 3994ef3619
3 changed files with 137 additions and 0 deletions
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/VulnerabilitySuppressionAnalyzerTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/VulnerabilitySuppressionAnalyzerTest.java
@@ -0,0 +1,127 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2014 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.analyzer;
+
+import java.io.File;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.owasp.dependencycheck.Engine;
+import org.owasp.dependencycheck.data.cpe.AbstractDatabaseTestCase;
+import org.owasp.dependencycheck.dependency.Dependency;
+import org.owasp.dependencycheck.utils.Settings;
+
+/**
+ * Testing the vulnerability suppression analyzer.
+ *
+ * @author Jeremy Long <jeremy.long@owasp.org>
+ */
+public class VulnerabilitySuppressionAnalyzerTest extends AbstractDatabaseTestCase {
+
+    public VulnerabilitySuppressionAnalyzerTest() {
+    }
+
+    @BeforeClass
+    public static void setUpClass() {
+    }
+
+    @AfterClass
+    public static void tearDownClass() {
+    }
+    private boolean update = true;
+    private boolean nexus = false;
+
+    @Before
+    @Override
+    public void setUp() throws Exception {
+        super.setUp();
+        update = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE);
+        nexus = Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED);
+        Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
+        Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
+    }
+
+    @After
+    @Override
+    public void tearDown() throws Exception {
+        super.tearDown();
+        Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, update);
+        Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, nexus);
+    }
+
+    /**
+     * Test of getName method, of class VulnerabilitySuppressionAnalyzer.
+     */
+    @Test
+    public void testGetName() {
+        VulnerabilitySuppressionAnalyzer instance = new VulnerabilitySuppressionAnalyzer();
+        String expResult = "Vulnerability Suppression Analyzer";
+        String result = instance.getName();
+        assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of getAnalysisPhase method, of class VulnerabilitySuppressionAnalyzer.
+     */
+    @Test
+    public void testGetAnalysisPhase() {
+        VulnerabilitySuppressionAnalyzer instance = new VulnerabilitySuppressionAnalyzer();
+        AnalysisPhase expResult = AnalysisPhase.POST_FINDING_ANALYSIS;;
+        AnalysisPhase result = instance.getAnalysisPhase();
+        assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of analyze method, of class VulnerabilitySuppressionAnalyzer.
+     */
+    @Test
+    public void testAnalyze() throws Exception {
+
+        File file = new File(this.getClass().getClassLoader().getResource("FileHelpers.2.0.0.0.nupkg").getPath());
+        File suppression = new File(this.getClass().getClassLoader().getResource("FileHelpers.2.0.0.0.suppression.xml").getPath());
+
+        Engine engine = new Engine();
+        engine.scan(file);
+        engine.analyzeDependencies();
+        Dependency dependency = getDependency(engine, file);
+        assertTrue(dependency.getVulnerabilities().size() > 0);
+        Settings.setString(Settings.KEYS.SUPPRESSION_FILE, suppression.getAbsolutePath());
+        VulnerabilitySuppressionAnalyzer instance = new VulnerabilitySuppressionAnalyzer();
+        instance.initialize();
+        instance.analyze(dependency, engine);
+        assertTrue(dependency.getVulnerabilities().size() == 0);
+    }
+
+    /**
+     * Retrieves a specific dependency from the engine.
+     *
+     * @param engine the engine
+     * @param file the dependency to retrieve
+     * @return the dependency
+     */
+    private Dependency getDependency(Engine engine, File file) {
+        for (Dependency d : engine.getDependencies()) {
+            if (d.getFileName().equals(file.getName())) {
+                return d;
+            }
+        }
+        return null;
+    }
+}
--- a/dependency-check-core/src/test/resources/FileHelpers.2.0.0.0.nupkg
+++ b/dependency-check-core/src/test/resources/FileHelpers.2.0.0.0.nupkg
--- a/dependency-check-core/src/test/resources/FileHelpers.2.0.0.0.suppression.xml
+++ b/dependency-check-core/src/test/resources/FileHelpers.2.0.0.0.suppression.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://www.owasp.org/index.php/OWASP_Dependency_Check_Suppression">
+	<suppress>
+	   <notes><![CDATA[
+	   file name: FileHelpers.2.0.0.0.nupkg
+	   ]]></notes>
+	   <sha1>30FB37D6163CF16E3BA740343BECDD14D5457619</sha1>
+	   <cve>CVE-2007-1536</cve>
+	</suppress>
+</suppressions>