From 44edcabe15ca98b60d98d0fc71d8296e87349436 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sat, 1 Oct 2016 06:55:37 -0400 Subject: [PATCH] fixed duplicate analysis identified in https://github.com/jeremylong/dependency-check-gradle/issues/19 --- .../org/owasp/dependencycheck/Engine.java | 28 ++++++++-- .../org/owasp/dependencycheck/EngineTest.java | 53 +++++++++++++++++++ 2 files changed, 78 insertions(+), 3 deletions(-) create mode 100644 dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineTest.java diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java index 473ba3faf..c3d0f6584 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java @@ -309,10 +309,22 @@ public class Engine implements FileFilter { if (file.isFile()) { if (accept(file)) { dependency = new Dependency(file); - dependencies.add(dependency); + String sha1 = dependency.getSha1sum(); + boolean found = false; + if (sha1 != null) { + for (Dependency existing : dependencies) { + if (sha1.equals(existing.getSha1sum())) { + found = true; + dependency = existing; + } + } + } + if (!found) { + dependencies.add(dependency); + } + } else { + LOGGER.debug("Path passed to scanFile(File) is not a file: {}. Skipping the file.", file); } - } else { - LOGGER.debug("Path passed to scanFile(File) is not a file: {}. Skipping the file.", file); } return dependency; } @@ -539,6 +551,16 @@ public class Engine implements FileFilter { return this.fileTypeAnalyzers; } + /** + * Adds a file type analyzer. This has been added solely to assist in unit + * testing the Engine. + * + * @param fta the file type analyzer to add + */ + protected void addFileTypeAnalyzer(FileTypeAnalyzer fta) { + this.fileTypeAnalyzers.add(fta); + } + /** * Checks the CPE Index to ensure documents exists. If none exist a * NoDataException is thrown. diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineTest.java new file mode 100644 index 000000000..3f2e9cfec --- /dev/null +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineTest.java @@ -0,0 +1,53 @@ +/* + * This file is part of dependency-check-core. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright (c) 2016 Jeremy Long. All Rights Reserved. + */ +package org.owasp.dependencycheck; + +import java.io.File; +import org.junit.Test; +import static org.junit.Assert.*; +import org.owasp.dependencycheck.analyzer.JarAnalyzer; +import org.owasp.dependencycheck.data.nvdcve.DatabaseException; +import org.owasp.dependencycheck.dependency.Dependency; + +/** + * + * @author Jeremy Long + */ +public class EngineTest extends BaseDBTestCase { + + /** + * Test of scanFile method, of class Engine. + */ + @Test + public void testScanFile() throws DatabaseException { + Engine instance = new Engine(); + instance.addFileTypeAnalyzer(new JarAnalyzer()); + File file = BaseTest.getResourceAsFile(this, "dwr.jar"); + Dependency dwr = instance.scanFile(file); + file = BaseTest.getResourceAsFile(this, "org.mortbay.jmx.jar"); + Dependency jmx = instance.scanFile(file); + assertEquals(2, instance.getDependencies().size()); + + file = BaseTest.getResourceAsFile(this, "dwr.jar"); + Dependency secondDwr = instance.scanFile(file); + + assertEquals(2, instance.getDependencies().size()); + assertTrue(dwr == secondDwr); + + } +}