mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-04-30 12:14:30 +02:00
Merge pull request #681 from jeremylong/java7_updates_and_cleanup
Java7 updates and cleanup
This commit is contained in:
Jeremy Long
@@ -24,6 +24,7 @@ import java.io.FileInputStream;
|
||||
import java.io.FileOutputStream;
|
||||
import java.util.zip.ZipEntry;
|
||||
import java.util.zip.ZipInputStream;
|
||||
import org.apache.commons.compress.utils.IOUtils;
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.Before;
|
||||
import org.owasp.dependencycheck.data.nvdcve.CveDB;
|
||||
@@ -45,7 +46,7 @@ public abstract class BaseDBTestCase extends BaseTest {
|
||||
|
||||
@Before
|
||||
public void setUpDb() throws Exception {
|
||||
ensureDBExists();
|
||||
ensureDBExists();
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
@@ -54,12 +55,10 @@ public abstract class BaseDBTestCase extends BaseTest {
|
||||
}
|
||||
|
||||
public static void ensureDBExists() throws Exception {
|
||||
|
||||
File f = new File("./target/data/dc.h2.db");
|
||||
if (f.exists() && f.isFile() && f.length() < 71680) {
|
||||
f.delete();
|
||||
}
|
||||
|
||||
File dataPath = Settings.getDataDirectory();
|
||||
String fileName = Settings.getString(Settings.KEYS.DB_FILE_NAME);
|
||||
LOGGER.trace("DB file name {}", fileName);
|
||||
@@ -68,12 +67,9 @@ public abstract class BaseDBTestCase extends BaseTest {
|
||||
if (!dataPath.exists() || !dataFile.exists()) {
|
||||
LOGGER.trace("Extracting database to {}", dataPath.toString());
|
||||
dataPath.mkdirs();
|
||||
FileInputStream fis = null;
|
||||
ZipInputStream zin = null;
|
||||
try {
|
||||
File path = new File(BaseDBTestCase.class.getClassLoader().getResource("data.zip").toURI().getPath());
|
||||
fis = new FileInputStream(path);
|
||||
zin = new ZipInputStream(new BufferedInputStream(fis));
|
||||
File path = new File(BaseDBTestCase.class.getClassLoader().getResource("data.zip").toURI().getPath());
|
||||
try (FileInputStream fis = new FileInputStream(path);
|
||||
ZipInputStream zin = new ZipInputStream(new BufferedInputStream(fis))) {
|
||||
ZipEntry entry;
|
||||
while ((entry = zin.getNextEntry()) != null) {
|
||||
if (entry.isDirectory()) {
|
||||
@@ -81,53 +77,15 @@ public abstract class BaseDBTestCase extends BaseTest {
|
||||
d.mkdir();
|
||||
continue;
|
||||
}
|
||||
FileOutputStream fos = null;
|
||||
BufferedOutputStream dest = null;
|
||||
try {
|
||||
File o = new File(dataPath, entry.getName());
|
||||
o.createNewFile();
|
||||
fos = new FileOutputStream(o, false);
|
||||
dest = new BufferedOutputStream(fos, BUFFER_SIZE);
|
||||
byte data[] = new byte[BUFFER_SIZE];
|
||||
int count;
|
||||
while ((count = zin.read(data, 0, BUFFER_SIZE)) != -1) {
|
||||
dest.write(data, 0, count);
|
||||
}
|
||||
File o = new File(dataPath, entry.getName());
|
||||
o.createNewFile();
|
||||
try (FileOutputStream fos = new FileOutputStream(o, false);
|
||||
BufferedOutputStream dest = new BufferedOutputStream(fos, BUFFER_SIZE)) {
|
||||
IOUtils.copy(zin, dest);
|
||||
} catch (Throwable ex) {
|
||||
LOGGER.error("", ex);
|
||||
} finally {
|
||||
try {
|
||||
if (dest != null) {
|
||||
dest.flush();
|
||||
dest.close();
|
||||
}
|
||||
} catch (Throwable ex) {
|
||||
LOGGER.trace("", ex);
|
||||
}
|
||||
try {
|
||||
if (fos != null) {
|
||||
fos.close();
|
||||
}
|
||||
} catch (Throwable ex) {
|
||||
LOGGER.trace("", ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
} finally {
|
||||
try {
|
||||
if (zin != null) {
|
||||
zin.close();
|
||||
}
|
||||
} catch (Throwable ex) {
|
||||
LOGGER.trace("", ex);
|
||||
}
|
||||
try {
|
||||
if (fis != null) {
|
||||
fis.close();
|
||||
}
|
||||
} catch (Throwable ex) {
|
||||
LOGGER.trace("", ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -22,20 +22,24 @@ import static org.junit.Assert.assertTrue;
|
||||
|
||||
import java.io.File;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import org.junit.After;
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.owasp.dependencycheck.BaseTest;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
import org.owasp.dependencycheck.dependency.Evidence;
|
||||
import org.owasp.dependencycheck.utils.Settings;
|
||||
|
||||
/**
|
||||
* @author Jeremy Long
|
||||
*/
|
||||
public class JarAnalyzerTest extends BaseTest {
|
||||
|
||||
// private static final Logger LOGGER = LoggerFactory.getLogger(JarAnalyzerTest.class);
|
||||
|
||||
/**
|
||||
* Test of inspect method, of class JarAnalyzer.
|
||||
*
|
||||
@@ -51,14 +55,14 @@ public class JarAnalyzerTest extends BaseTest {
|
||||
instance.analyze(result, null);
|
||||
assertTrue(result.getVendorEvidence().toString().toLowerCase().contains("apache"));
|
||||
assertTrue(result.getVendorEvidence().getWeighting().contains("apache"));
|
||||
|
||||
|
||||
file = BaseTest.getResourceAsFile(this, "dwr.jar");
|
||||
result = new Dependency(file);
|
||||
instance.analyze(result, null);
|
||||
boolean found = false;
|
||||
for (Evidence e : result.getVendorEvidence()) {
|
||||
if (e.getName().equals("url")) {
|
||||
assertEquals("Project url was not as expected in dwr.jar", e.getValue(), "http://getahead.ltd.uk/dwr");
|
||||
assertEquals("Project url was not as expected in dwr.jar", e.getValue(), "http://getahead.ltd.uk/dwr");
|
||||
found = true;
|
||||
break;
|
||||
}
|
||||
@@ -136,9 +140,40 @@ public class JarAnalyzerTest extends BaseTest {
|
||||
File file = BaseTest.getResourceAsFile(this, "xalan-2.7.0.jar");
|
||||
Dependency result = new Dependency(file);
|
||||
JarAnalyzer instance = new JarAnalyzer();
|
||||
List<JarAnalyzer.ClassNameInformation> cni = new ArrayList<JarAnalyzer.ClassNameInformation>();
|
||||
List<JarAnalyzer.ClassNameInformation> cni = new ArrayList<>();
|
||||
instance.parseManifest(result, cni);
|
||||
|
||||
assertTrue(result.getVersionEvidence().getEvidence("manifest: org/apache/xalan/").size() > 0);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test of getAnalysisPhase method, of class JarAnalyzer.
|
||||
*/
|
||||
@Test
|
||||
public void testGetAnalysisPhase() {
|
||||
JarAnalyzer instance = new JarAnalyzer();
|
||||
AnalysisPhase expResult = AnalysisPhase.INFORMATION_COLLECTION;
|
||||
AnalysisPhase result = instance.getAnalysisPhase();
|
||||
assertEquals(expResult, result);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test of getAnalyzerEnabledSettingKey method, of class JarAnalyzer.
|
||||
*/
|
||||
@Test
|
||||
public void testGetAnalyzerEnabledSettingKey() {
|
||||
JarAnalyzer instance = new JarAnalyzer();
|
||||
String expResult = Settings.KEYS.ANALYZER_JAR_ENABLED;
|
||||
String result = instance.getAnalyzerEnabledSettingKey();
|
||||
assertEquals(expResult, result);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testClassInformation() {
|
||||
JarAnalyzer.ClassNameInformation instance = new JarAnalyzer.ClassNameInformation("org/owasp/dependencycheck/analyzer/JarAnalyzer");
|
||||
assertEquals("org/owasp/dependencycheck/analyzer/JarAnalyzer", instance.getName());
|
||||
List<String> expected = Arrays.asList("owasp", "dependencycheck", "analyzer", "jaranalyzer");
|
||||
List<String> results = instance.getPackageStructure();
|
||||
assertEquals(expected, results);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -45,6 +45,7 @@ import org.owasp.dependencycheck.utils.Settings;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import static org.junit.Assert.fail;
|
||||
import org.owasp.dependencycheck.exception.InitializationException;
|
||||
|
||||
/**
|
||||
* Unit tests for {@link RubyBundleAuditAnalyzer}.
|
||||
@@ -122,7 +123,7 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
|
||||
assertTrue(dependency.getVersionEvidence().toString().toLowerCase().contains("2.2.2"));
|
||||
assertTrue(dependency.getFilePath().endsWith(resource));
|
||||
assertTrue(dependency.getFileName().equals("Gemfile.lock"));
|
||||
} catch (Exception e) {
|
||||
} catch (InitializationException | DatabaseException | AnalysisException e) {
|
||||
LOGGER.warn("Exception setting up RubyBundleAuditAnalyzer. Make sure Ruby gem bundle-audit is installed. You may also need to set property \"analyzer.bundle.audit.path\".");
|
||||
Assume.assumeNoException("Exception setting up RubyBundleAuditAnalyzer; bundle audit may not be installed, or property \"analyzer.bundle.audit.path\" may not be set.", e);
|
||||
}
|
||||
@@ -145,7 +146,7 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
|
||||
Vulnerability vulnerability = dependency.getVulnerabilities().first();
|
||||
assertEquals(vulnerability.getCvssScore(), 5.0f, 0.0);
|
||||
|
||||
} catch (Exception e) {
|
||||
} catch (InitializationException | DatabaseException | AnalysisException e) {
|
||||
LOGGER.warn("Exception setting up RubyBundleAuditAnalyzer. Make sure Ruby gem bundle-audit is installed. You may also need to set property \"analyzer.bundle.audit.path\".");
|
||||
Assume.assumeNoException("Exception setting up RubyBundleAuditAnalyzer; bundle audit may not be installed, or property \"analyzer.bundle.audit.path\" may not be set.", e);
|
||||
}
|
||||
|
||||
@@ -61,19 +61,19 @@ public class FieldAnalyzerTest extends BaseTest {
|
||||
String field2 = "vendor";
|
||||
String text2 = "springsource";
|
||||
|
||||
IndexWriter w = createIndex(analyzer, index);
|
||||
addDoc(w, field1, text1, field2, text2);
|
||||
text1 = "x-stream";
|
||||
text2 = "xstream";
|
||||
addDoc(w, field1, text1, field2, text2);
|
||||
w.close();
|
||||
try (IndexWriter w = createIndex(analyzer, index)) {
|
||||
addDoc(w, field1, text1, field2, text2);
|
||||
text1 = "x-stream";
|
||||
text2 = "xstream";
|
||||
addDoc(w, field1, text1, field2, text2);
|
||||
}
|
||||
|
||||
//Analyzer searchingAnalyzer = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION);
|
||||
String querystr = "product:\"(Spring Framework Core)\" vendor:(SpringSource)";
|
||||
|
||||
SearchFieldAnalyzer searchAnalyzerProduct = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION);
|
||||
SearchFieldAnalyzer searchAnalyzerVendor = new SearchFieldAnalyzer(LuceneUtils.CURRENT_VERSION);
|
||||
HashMap<String, Analyzer> map = new HashMap<String, Analyzer>();
|
||||
HashMap<String, Analyzer> map = new HashMap<>();
|
||||
map.put(field1, searchAnalyzerProduct);
|
||||
map.put(field2, searchAnalyzerVendor);
|
||||
PerFieldAnalyzerWrapper wrapper = new PerFieldAnalyzerWrapper(new StandardAnalyzer(LuceneUtils.CURRENT_VERSION), map);
|
||||
|
||||
@@ -31,7 +31,7 @@ import org.apache.lucene.analysis.core.KeywordTokenizer;
|
||||
*/
|
||||
public class UrlTokenizingFilterTest extends BaseTokenStreamTestCase {
|
||||
|
||||
private Analyzer analyzer;
|
||||
private final Analyzer analyzer;
|
||||
|
||||
public UrlTokenizingFilterTest() {
|
||||
analyzer = new Analyzer() {
|
||||
|
||||
@@ -36,9 +36,9 @@ public class ConnectionFactoryTest extends BaseDBTestCase {
|
||||
@Test
|
||||
public void testInitialize() throws DatabaseException, SQLException {
|
||||
ConnectionFactory.initialize();
|
||||
Connection result = ConnectionFactory.getConnection();
|
||||
assertNotNull(result);
|
||||
result.close();
|
||||
try (Connection result = ConnectionFactory.getConnection()) {
|
||||
assertNotNull(result);
|
||||
}
|
||||
ConnectionFactory.cleanup();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -17,7 +17,6 @@
|
||||
*/
|
||||
package org.owasp.dependencycheck.data.update.nvd;
|
||||
|
||||
import org.owasp.dependencycheck.data.update.nvd.NvdCveInfo;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import org.junit.Test;
|
||||
import org.owasp.dependencycheck.BaseTest;
|
||||
|
||||
@@ -17,7 +17,6 @@
|
||||
*/
|
||||
package org.owasp.dependencycheck.data.update.nvd;
|
||||
|
||||
import org.owasp.dependencycheck.data.update.nvd.NvdCve12Handler;
|
||||
import java.io.File;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
@@ -17,10 +17,11 @@
|
||||
*/
|
||||
package org.owasp.dependencycheck.data.update.nvd;
|
||||
|
||||
import org.owasp.dependencycheck.data.update.nvd.NvdCve20Handler;
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import javax.xml.parsers.ParserConfigurationException;
|
||||
import javax.xml.parsers.SAXParser;
|
||||
import javax.xml.parsers.SAXParserFactory;
|
||||
|
||||
@@ -29,6 +30,7 @@ import static org.junit.Assert.assertTrue;
|
||||
import org.junit.Test;
|
||||
import org.owasp.dependencycheck.BaseTest;
|
||||
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
|
||||
import org.xml.sax.SAXException;
|
||||
|
||||
/**
|
||||
*
|
||||
@@ -49,7 +51,7 @@ public class NvdCve_2_0_HandlerTest extends BaseTest {
|
||||
NvdCve20Handler instance = new NvdCve20Handler();
|
||||
|
||||
saxParser.parse(file, instance);
|
||||
} catch (Throwable ex) {
|
||||
} catch (ParserConfigurationException | SAXException | IOException ex) {
|
||||
ex.printStackTrace();
|
||||
results = ex;
|
||||
}
|
||||
@@ -80,7 +82,7 @@ public class NvdCve_2_0_HandlerTest extends BaseTest {
|
||||
saxParser.parse(file20, instance);
|
||||
|
||||
assertTrue(instance.getTotalNumberOfEntries()==1);
|
||||
} catch (Throwable ex) {
|
||||
} catch (ParserConfigurationException | SAXException | IOException ex) {
|
||||
results = ex;
|
||||
}
|
||||
assertTrue("Exception thrown during parse of 2012 CVE version 2.0?", results == null);
|
||||
|
||||
@@ -48,12 +48,12 @@ public class FilterTest extends BaseTest {
|
||||
*/
|
||||
@Test
|
||||
public void testFilter_Iterable() {
|
||||
List<String> testData = new ArrayList<String>();
|
||||
List<String> testData = new ArrayList<>();
|
||||
testData.add("keep");
|
||||
testData.add("remove");
|
||||
testData.add("keep");
|
||||
|
||||
List<String> expResults = new ArrayList<String>();
|
||||
List<String> expResults = new ArrayList<>();
|
||||
expResults.add("keep");
|
||||
expResults.add("keep");
|
||||
|
||||
|
||||
@@ -0,0 +1,74 @@
|
||||
/*
|
||||
* This file is part of dependency-check-core.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* Copyright (c) 2017 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.owasp.dependencycheck.utils;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import org.junit.Test;
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author jeremy long
|
||||
*/
|
||||
public class UrlStringUtilsTest {
|
||||
|
||||
/**
|
||||
* Test of containsUrl method, of class UrlStringUtils.
|
||||
*/
|
||||
@Test
|
||||
public void testContainsUrl() {
|
||||
String text = "Test of https://github.com";
|
||||
assertTrue(UrlStringUtils.containsUrl(text));
|
||||
text = "Test of github.com";
|
||||
assertFalse(UrlStringUtils.containsUrl(text));
|
||||
}
|
||||
|
||||
/**
|
||||
* Test of isUrl method, of class UrlStringUtils.
|
||||
*/
|
||||
@Test
|
||||
public void testIsUrl() {
|
||||
String text = "https://github.com";
|
||||
assertTrue(UrlStringUtils.isUrl(text));
|
||||
text = "simple text";
|
||||
assertFalse(UrlStringUtils.isUrl(text));
|
||||
}
|
||||
|
||||
/**
|
||||
* Test of extractImportantUrlData method, of class UrlStringUtils.
|
||||
*/
|
||||
@Test
|
||||
public void testExtractImportantUrlData() throws Exception {
|
||||
String text = "http://github.com/jeremylong/DependencyCheck/index.html";
|
||||
List<String> expResult = Arrays.asList("github", "jeremylong", "DependencyCheck", "index");;
|
||||
List<String> result = UrlStringUtils.extractImportantUrlData(text);
|
||||
assertEquals(expResult, result);
|
||||
|
||||
text = "http://github.com/jeremylong/DependencyCheck/.gitignore";
|
||||
expResult = Arrays.asList("github", "jeremylong", "DependencyCheck", "gitignore");;
|
||||
result = UrlStringUtils.extractImportantUrlData(text);
|
||||
assertEquals(expResult, result);
|
||||
|
||||
text = "http://github.com/jeremylong/DependencyCheck/something";
|
||||
expResult = Arrays.asList("github", "jeremylong", "DependencyCheck", "something");;
|
||||
result = UrlStringUtils.extractImportantUrlData(text);
|
||||
assertEquals(expResult, result);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -248,7 +248,7 @@ public class ModelTest extends BaseTest {
|
||||
public void testGetLicenses() {
|
||||
Model instance = new Model();
|
||||
instance.addLicense(new License("name", "url"));
|
||||
List<License> expResult = new ArrayList<License>();
|
||||
List<License> expResult = new ArrayList<>();
|
||||
expResult.add(new License("name", "url"));
|
||||
List<License> result = instance.getLicenses();
|
||||
assertEquals(expResult, result);
|
||||
|
||||
@@ -86,7 +86,7 @@ public class SuppressionRuleTest extends BaseTest {
|
||||
@Test
|
||||
public void testGetCvssBelow() {
|
||||
SuppressionRule instance = new SuppressionRule();
|
||||
List<Float> cvss = new ArrayList<Float>();
|
||||
List<Float> cvss = new ArrayList<>();
|
||||
instance.setCvssBelow(cvss);
|
||||
assertFalse(instance.hasCvssBelow());
|
||||
instance.addCvssBelow(0.7f);
|
||||
@@ -101,7 +101,7 @@ public class SuppressionRuleTest extends BaseTest {
|
||||
@Test
|
||||
public void testCwe() {
|
||||
SuppressionRule instance = new SuppressionRule();
|
||||
List<String> cwe = new ArrayList<String>();
|
||||
List<String> cwe = new ArrayList<>();
|
||||
instance.setCwe(cwe);
|
||||
assertFalse(instance.hasCwe());
|
||||
instance.addCwe("2");
|
||||
@@ -116,7 +116,7 @@ public class SuppressionRuleTest extends BaseTest {
|
||||
@Test
|
||||
public void testCve() {
|
||||
SuppressionRule instance = new SuppressionRule();
|
||||
List<String> cve = new ArrayList<String>();
|
||||
List<String> cve = new ArrayList<>();
|
||||
instance.setCve(cve);
|
||||
assertFalse(instance.hasCve());
|
||||
instance.addCve("CVE-2013-1337");
|
||||
|
||||
Reference in New Issue
Block a user