Merge branch 'master' of github.com:jeremylong/DependencyCheck into stevespringett-master

dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineIT.java

@@ -17,6 +17,7 @@
  */
 package org.owasp.dependencycheck;
 
+import java.io.File;
 import java.io.IOException;
 import java.util.HashSet;
 import java.util.Set;
@@ -79,12 +80,7 @@ public class EngineIT extends BaseDBTestCase {
                 }
             }
         }
-        DatabaseProperties prop = null;
-        try (CveDB cve = CveDB.getInstance()) {
-            prop = cve.getDatabaseProperties();
-        }
-        ReportGenerator rg = new ReportGenerator("DependencyCheck", instance.getDependencies(), instance.getAnalyzers(), prop);
-        rg.generateReports("./target/", "ALL");
+        instance.writeReports("dependency-check sample", new File("./target/"), "ALL");
         instance.cleanup();
     }
 }

dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorIT.java

@@ -25,15 +25,12 @@ import javax.xml.transform.stream.StreamSource;
 import javax.xml.validation.Schema;
 import javax.xml.validation.SchemaFactory;
 import javax.xml.validation.Validator;
-import static org.junit.Assert.fail;
 
 import org.junit.Test;
 import org.owasp.dependencycheck.BaseDBTestCase;
 import org.owasp.dependencycheck.BaseTest;
 import org.owasp.dependencycheck.Engine;
-import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
-import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
 import org.owasp.dependencycheck.exception.ExceptionCollection;
 import org.owasp.dependencycheck.exception.ReportException;
 import org.owasp.dependencycheck.utils.InvalidSettingException;
@@ -47,67 +44,6 @@ import static org.junit.Assert.fail;
  */
 public class ReportGeneratorIT extends BaseDBTestCase {
 
-    /**
-     * Test of generateReport method, of class ReportGenerator.
-     *
-     * @throws Exception is thrown when an exception occurs.
-     */
-    @Test
-    public void testGenerateReport() throws Exception {
-//        String templateName = "HtmlReport";
-//        File f = new File("target/test-reports");
-//        if (!f.exists()) {
-//            f.mkdir();
-//        }
-//        String writeTo = "target/test-reports/Report.html";
-//        Map<String, Object> properties = new HashMap<String, Object>();
-//        Dependency d = new Dependency();
-//        d.setFileName("FileName.jar");
-//        d.setActualFilePath("lib/FileName.jar");
-//        d.addCPEentry("cpe://a:/some:cpe:1.0");
-//
-//        List<Dependency> dependencies = new ArrayList<Dependency>();
-//        d.getProductEvidence().addEvidence("jar","filename","<test>test", Confidence.HIGH);
-//        d.getProductEvidence().addEvidence("manifest","vendor","<test>test", Confidence.HIGH);
-//
-//        for (Evidence e : d.getProductEvidence().iterator(Confidence.HIGH)) {
-//            String t = e.getValue();
-//        }
-//        dependencies.add(d);
-//
-//        Dependency d2 = new Dependency();
-//        d2.setFileName("Another.jar");
-//        d2.setActualFilePath("lib/Another.jar");
-//        d2.addCPEentry("cpe://a:/another:cpe:1.0");
-//        d2.addCPEentry("cpe://a:/another:cpe:1.1");
-//        d2.addCPEentry("cpe://a:/another:cpe:1.2");
-//        d2.getProductEvidence().addEvidence("jar","filename","another.jar", Confidence.HIGH);
-//        d2.getProductEvidence().addEvidence("manifest","vendor","Company A", Confidence.MEDIUM);
-//
-//        for (Evidence e : d2.getProductEvidence().iterator(Confidence.HIGH)) {
-//            String t = e.getValue();
-//        }
-//
-//        dependencies.add(d2);
-//
-//        Dependency d3 = new Dependency();
-//        d3.setFileName("Third.jar");
-//        d3.setActualFilePath("lib/Third.jar");
-//        d3.getProductEvidence().addEvidence("jar","filename","third.jar", Confidence.HIGH);
-//
-//        for (Evidence e : d3.getProductEvidence().iterator(Confidence.HIGH)) {
-//            String t = e.getValue();
-//        }
-//
-//        dependencies.add(d3);
-//
-//        properties.put("dependencies",dependencies);
-//
-//        ReportGenerator instance = new ReportGenerator();
-//        instance.generateReport(templateName, writeTo, properties);
-        //assertTrue("need to add a real check here", false);
-    }
-
     /**
      * Generates an XML report containing known vulnerabilities and realistic
      * data and validates the generated XML document against the XSD.
@@ -115,7 +51,7 @@ public class ReportGeneratorIT extends BaseDBTestCase {
      * @throws Exception
      */
     @Test
-    public void testGenerateXMLReport() {
+    public void testGenerateReport() {
         try {
             String templateName = "XmlReport";
 
@@ -123,7 +59,7 @@ public class ReportGeneratorIT extends BaseDBTestCase {
             if (!f.exists()) {
                 f.mkdir();
             }
-            String writeTo = "target/test-reports/Report.xml";
+            File writeTo = new File("target/test-reports/Report.xml");
             File suppressionFile = BaseTest.getResourceAsFile(this, "incorrectSuppressions.xml");
 
             Settings.setString(Settings.KEYS.SUPPRESSION_FILE, suppressionFile.getAbsolutePath());
@@ -135,29 +71,20 @@ public class ReportGeneratorIT extends BaseDBTestCase {
             //File jetty = new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath());
             File jetty = BaseTest.getResourceAsFile(this, "org.mortbay.jetty.jar");
 
-            boolean autoUpdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE);
             Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
             Engine engine = new Engine();
-            Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
 
             engine.scan(struts);
             engine.scan(axis);
             engine.scan(jetty);
             engine.analyzeDependencies();
-
-            CveDB cveDB = CveDB.getInstance();
-            DatabaseProperties dbProp = cveDB.getDatabaseProperties();
-
-            ReportGenerator generator = new ReportGenerator("Test Report", "org.owasp", "dependency-check-core", "1.4.7",
-                    engine.getDependencies(), engine.getAnalyzers(), dbProp);
-            generator.generateReport(templateName, writeTo);
-            cveDB.close();
+            engine.writeReports("Test Report", "org.owasp", "dependency-check-core", "1.4.7", writeTo, "XML");
 
             engine.cleanup();
 
             InputStream xsdStream = ReportGenerator.class.getClassLoader().getResourceAsStream("schema/dependency-check.1.5.xsd");
             StreamSource xsdSource = new StreamSource(xsdStream);
-            StreamSource xmlSource = new StreamSource(new File(writeTo));
+            StreamSource xmlSource = new StreamSource(writeTo);
             SchemaFactory sf = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
             Schema schema = sf.newSchema(xsdSource);
             Validator validator = schema.newValidator();

dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/XmlEntityTest.java

@@ -0,0 +1,55 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2017 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.xml;
+
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+/**
+ *
+ * @author Jeremy Long
+ */
+public class XmlEntityTest {
+
+    /**
+     * Test of fromNamedReference method, of class XmlEntity.
+     */
+    @Test
+    public void testFromNamedReference() {
+        CharSequence s = null;
+        String expResult = null;
+        String result = XmlEntity.fromNamedReference(s);
+        assertEquals(expResult, result);
+
+        s = "somethingWrong";
+        expResult = null;
+        result = XmlEntity.fromNamedReference(s);
+        assertEquals(expResult, result);
+
+        s = "amp";
+        expResult = "&";
+        result = XmlEntity.fromNamedReference(s);
+        assertEquals(expResult, result);
+        
+        s = "acute";
+        expResult = "´";
+        result = XmlEntity.fromNamedReference(s);
+        assertEquals(expResult, result);
+    }
+
+}

dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/XmlInputStreamTest.java

@@ -0,0 +1,135 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2017 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.xml;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+/**
+ *
+ * @author jerem
+ */
+public class XmlInputStreamTest {
+
+    /**
+     * Test of length method, of class XmlInputStream.
+     */
+    @Test
+    public void testLength() {
+        String data = "";
+        InputStream stream = new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8));
+        XmlInputStream instance = new XmlInputStream(stream);
+        int expResult = 0;
+        int result = instance.length();
+        assertEquals(expResult, result);
+
+        data = "Input data";
+        stream = new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8));
+        instance = new XmlInputStream(stream);
+        result = instance.length();
+        assertTrue(result > 0);
+    }
+
+    /**
+     * Test of read method, of class XmlInputStream.
+     */
+    @Test
+    public void testRead_0args() throws Exception {
+        String data = "";
+        InputStream stream = new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8));
+        XmlInputStream instance = new XmlInputStream(stream);
+        int expResult = -1;
+        int result = instance.read();
+        assertEquals(expResult, result);
+
+        data = "*";
+        stream = new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8));
+        instance = new XmlInputStream(stream);
+        expResult = 42;
+        result = instance.read();
+        assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of read method, of class XmlInputStream.
+     */
+    @Test
+    public void testRead_3args() throws Exception {
+        byte[] data = new byte[10];
+        int offset = 0;
+        int length = 10;
+        byte[] expected = "abcdefghij".getBytes(StandardCharsets.UTF_8);
+        String text = "abcdefghijklmnopqrstuvwxyz";
+        InputStream stream = new ByteArrayInputStream(text.getBytes(StandardCharsets.UTF_8));
+        XmlInputStream instance = new XmlInputStream(stream);
+        int expResult = 10;
+        int result = instance.read(data, offset, length);
+        assertEquals(expResult, result);
+        assertArrayEquals(expected, data);
+        
+        
+        data = new byte[5];
+        offset = 0;
+        length = 5;
+        expected = "&".getBytes(StandardCharsets.UTF_8);
+        text = "&";
+        stream = new ByteArrayInputStream(text.getBytes(StandardCharsets.UTF_8));
+        instance = new XmlInputStream(stream);
+        expResult = 5;
+        result = instance.read(data, offset, length);
+        assertEquals(expResult, result);
+        assertArrayEquals(expected, data);
+        
+        data = new byte[10];
+        offset = 0;
+        length = 10;
+        expected = "& test".getBytes(StandardCharsets.UTF_8);
+        text = "& test";
+        stream = new ByteArrayInputStream(text.getBytes(StandardCharsets.UTF_8));
+        instance = new XmlInputStream(stream);
+        expResult = 10;
+        result = instance.read(data, offset, length);
+        assertEquals(expResult, result);
+        assertArrayEquals(expected, data);
+    }
+
+    /**
+     * Test of toString method, of class XmlInputStream.
+     */
+    @Test
+    public void testToString() throws IOException {
+        String data = "test";
+        InputStream stream = new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8));
+        XmlInputStream instance = new XmlInputStream(stream);
+        int r = instance.read();
+        assertEquals('t', r);
+        String expResult = "[1]-\"t\" ( 74)";
+        String result = instance.toString();
+        assertEquals(expResult, result);
+        r = instance.read();
+        assertEquals('e', r);
+        expResult = "[2]-\"te\" ( 74 65)";
+        result = instance.toString();
+        assertEquals(expResult, result);
+
+    }
+}

dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/pom/PomUtilsTest.java

@@ -49,7 +49,7 @@ public class PomUtilsTest extends BaseTest {
         assertEquals(expResult, result.getOrganizationUrl());
 
         file = BaseTest.getResourceAsFile(this, "jmockit-1.26.pom");
-        expResult = "Main";
+        expResult = "Main ø modified to test issue #710";
         result = PomUtils.readPom(file);
         assertEquals(expResult, result.getName());
     }

dependency-check-core/src/test/resources/jmockit-1.26.pom

@@ -7,7 +7,7 @@
    <groupId>org.jmockit</groupId><artifactId>jmockit</artifactId><version>1.26</version>
    <packaging>jar</packaging>
 
-   <name>Main</name>
+   <name>Main &oslash; modified to test issue #710</name>
    <description>
       JMockit is a Java toolkit for automated developer testing.
       It contains mocking and faking APIs and a code coverage tool, supporting both JUnit and TestNG.