diff --git a/lib/com/db4o/db4o-all/8.0.249.16098/db4o-all-8.0.249.16098.pom b/lib/com/db4o/db4o-all/8.0.249.16098/db4o-all-8.0.249.16098.pom
deleted file mode 100644
index 5c1c1ff2f..000000000
--- a/lib/com/db4o/db4o-all/8.0.249.16098/db4o-all-8.0.249.16098.pom
+++ /dev/null
@@ -1,9 +0,0 @@
-
-
- 4.0.0
- com.db4o
- db4o-all
- 8.0.249.16098
- POM was created from install:install-file
-
diff --git a/pom.xml b/pom.xml
index 899d96994..bc6b51f7c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -66,22 +66,6 @@ along with DependencyCheck. If not, see .
UTF-8
-
-
-
- lib
- lib
-
- true
- ignore
-
-
- false
-
- file://${project.basedir}/lib
-
-
-
@@ -471,9 +455,9 @@ along with DependencyCheck. If not, see .
- com.db4o
- db4o-all
- 8.0.249.16098
+ com.h2database
+ h2
+ 1.3.170
+
+
+
+
+ Documents one CVE entry. The child elements should always
+ appear in the sequence defined below. These elements are compatible with
+ entry elements from the CVE XML feeds.
+
+
+
+
+ Description wrapper tag, parent to any
+ documented descriptions of this CVE entry. While the "desc"
+ tag will always be present, there may be no "descript" child
+ tags. Only one "descript" tag will exist for each
+ description source (i.e. CVE, NVD, ...).
+
+
+
+
+
+ A description of a CVE entry
+ from the source indicated by the "source"
+ attribute.
+
+
+
+
+
+
+
+ Impact wrapper tag (may or may not be
+ present). Only one "impact" tag will exist for each impact
+ explanation source.
+
+
+
+
+
+ Contains a specific impact
+ explanation of this CVE entry from source
+ indicated by the "source" attribute.
+
+
+
+
+
+
+
+
+ Solution wrapper tag (may or may not be
+ present). Only one "sol" tag will exist for each solution
+ explanation source.
+
+
+
+
+ Loss type tag (may or may not be present).
+ Contains one loss type child for each loss type of this CVE
+ entry. Potential loss types are: "avail" => availability
+ "conf" => confidentiality "int" => integrity "sec_prot" =>
+ security protection
+
+
+
+
+ Vulnerability type tag (may or may not be
+ present). Contains one vulnerability type child for each
+ vulnerability type of this CVE entry. Potential
+ vulnerability types are: "access" => Access validation error
+ "input" => Input validation error "design" => Design error
+ "exception" => Exceptional condition error "env" =>
+ Environmental error "config" => Configuration error "race"
+ => Race condition error "other" => other
+
+
+
+
+ Vulnerability range tag (may or may not be
+ present). Contains one vulnerability range child for each
+ vulnerability range of this CVE entry. Potential
+ vulnerability ranges are: "local" => Locally exploitable
+ "local_network" => Local network exploitable "network" =>
+ Network exploitable "user_init" => User accesses attacker
+
+
+
+
+
+ Reference wrapper tag (always present).
+ External references to this CVE entry are contained within
+ this tag.
+
+
+
+
+
+ Individual reference to this CVE
+ entry. Text is the name of this vulnerability at
+ this particular reference. Attributes: "source"
+ (required) => Name of reference source "url"
+ (required) => hyperlink to reference "sig" =>
+ indicates this reference includes a tool
+ signature "adv" => indicates this reference is a
+ Security Advisory "patch" => indicates this
+ reference includes a patch for this
+ vulnerability
+
+
+
+
+
+
+
+ Vulnerable software wrapper tag (may or may
+ not be present). Software affected by this CVE entry are
+ listed within this tag.
+
+
+
+
+
+ CVE or CAN
+
+
+
+
+
+
+
+
+
+
+ the full CVE name
+
+
+
+
+
+
+
+
+
+ the sequence number from CVE name
+
+
+
+
+
+
+
+
+
+ the NVD name (if it exists)
+
+
+
+
+ the date this entry was discovered
+
+
+
+
+ the date this entry was published
+
+
+
+
+ the date this entry was last modified
+
+
+
+
+ the entry's severity as determined by the NVD analysts: High, Medium, or Low
+
+
+
+
+
+
+
+
+
+
+
+ indicates that this CVE entry has been rejected by CVE or NVD
+
+
+
+
+ the CVSS Version Indicator
+
+
+
+
+ Same as the CVSS_base_score to provide backwards compatability with the previous CVE XML feed format. This field is deprecated an may be removed at a future date.
+
+
+
+
+ CVSS version 2 Base Score
+
+
+
+
+ CVSS version 2 Impact Score
+
+
+
+
+ CVSS version 2 Exploit Score
+
+
+
+
+ the CVSS version 2 Vector string
+
+
+
+
+
+
+
+
+
+ The source of the CVE description.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Input validation error tag with
+ one attribute for each input validation error
+ type. Potential input validation error types
+ are: "bound" => Boundary condition error
+ "buffer" => Buffer overflow
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Contains a specific solution
+ explanation of this CVE entry from source
+ indicated by the "source" attribute.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Security Protection tag with one
+ attribute for each security protection type.
+ Potential security protection types are: "admin"
+ => gain administrative access "user" => gain
+ user access "other" => other
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Product wrapper tag. Versions of
+ this product that are affected by this
+ vulnerability are listed within this tag.
+ Attributes: "name" => Product name "vendor" =>
+ Vendor of this product
+
+
+
+
+
+ Represents a version
+ of this product that is affected by
+ this vulnerability. Attributes:
+ "num" => This version number "prev"
+ => Indicates that versions previous
+ to this version number are also
+ affected by this vulnerability
+ "edition" => Indicates the edition
+ associated with the version number
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Defines date format for NVD. Dates follow the mask "yyyy-mm-dd"
+
+
+
+
+
+
+
+
+ Restricts urls in NVD beyond the xs:anyURI restrictions.
+
+
+
+
+
+
+
+
+
+ simpleType used for attributes that are only present when they are
+ true. Such attributes appear only in the form attribute_name="1".
+
+
+
+
+
+
+
+
+ simpleType used when scoring on a scale of 0-10, inclusive
+
+
+
+
+
+
+
+
+
+ simpleType to describe the CVSS Base Vector
+
+
+
+
+
+
diff --git a/src/main/resources/schema/nvdcve/cce_0.1.xsd b/src/main/resources/schema/nvdcve/2_0/cce_0.1.xsd
similarity index 100%
rename from src/main/resources/schema/nvdcve/cce_0.1.xsd
rename to src/main/resources/schema/nvdcve/2_0/cce_0.1.xsd
diff --git a/src/main/resources/schema/nvdcve/cpe-language_2.1.xsd b/src/main/resources/schema/nvdcve/2_0/cpe-language_2.1.xsd
similarity index 100%
rename from src/main/resources/schema/nvdcve/cpe-language_2.1.xsd
rename to src/main/resources/schema/nvdcve/2_0/cpe-language_2.1.xsd
diff --git a/src/main/resources/schema/nvdcve/cve_0.1.xsd b/src/main/resources/schema/nvdcve/2_0/cve_0.1.xsd
similarity index 100%
rename from src/main/resources/schema/nvdcve/cve_0.1.xsd
rename to src/main/resources/schema/nvdcve/2_0/cve_0.1.xsd
diff --git a/src/main/resources/schema/nvdcve/cvss-v2_0.2.xsd b/src/main/resources/schema/nvdcve/2_0/cvss-v2_0.2.xsd
similarity index 100%
rename from src/main/resources/schema/nvdcve/cvss-v2_0.2.xsd
rename to src/main/resources/schema/nvdcve/2_0/cvss-v2_0.2.xsd
diff --git a/src/main/resources/schema/nvdcve/nvd-cve-feed_2.0.xsd b/src/main/resources/schema/nvdcve/2_0/nvd-cve-feed_2.0.xsd
similarity index 100%
rename from src/main/resources/schema/nvdcve/nvd-cve-feed_2.0.xsd
rename to src/main/resources/schema/nvdcve/2_0/nvd-cve-feed_2.0.xsd
diff --git a/src/main/resources/schema/nvdcve/patch_0.1.xsd b/src/main/resources/schema/nvdcve/2_0/patch_0.1.xsd
similarity index 100%
rename from src/main/resources/schema/nvdcve/patch_0.1.xsd
rename to src/main/resources/schema/nvdcve/2_0/patch_0.1.xsd
diff --git a/src/main/resources/schema/nvdcve/scap-core_0.1.xsd b/src/main/resources/schema/nvdcve/2_0/scap-core_0.1.xsd
similarity index 100%
rename from src/main/resources/schema/nvdcve/scap-core_0.1.xsd
rename to src/main/resources/schema/nvdcve/2_0/scap-core_0.1.xsd
diff --git a/src/main/resources/schema/nvdcve/vulnerability_0.4.xsd b/src/main/resources/schema/nvdcve/2_0/vulnerability_0.4.xsd
similarity index 100%
rename from src/main/resources/schema/nvdcve/vulnerability_0.4.xsd
rename to src/main/resources/schema/nvdcve/2_0/vulnerability_0.4.xsd
diff --git a/src/main/resources/schema/nvdcve/bindings.xml b/src/main/resources/schema/nvdcve/bindings.xml
deleted file mode 100644
index 6da0d77a4..000000000
--- a/src/main/resources/schema/nvdcve/bindings.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/main/resources/schema/nvdcve/generateBindings.bat b/src/main/resources/schema/nvdcve/generateBindings.bat
deleted file mode 100644
index 915de1bab..000000000
--- a/src/main/resources/schema/nvdcve/generateBindings.bat
+++ /dev/null
@@ -1,18 +0,0 @@
-if not "%JAVA_HOME%" == "" goto JAVA_HOME_DEFINED
-
-:NO_JAVA_HOME
-set XJC=xjc.exe
-goto LAUNCH
-
-:JAVA_HOME_DEFINED
-set XJC="%JAVA_HOME%\bin\xjc.exe"
-goto LAUNCH
-
-:LAUNCH
-%XJC% -extension -d ..\..\..\java -b "bindings.xml" -p "org.codesecure.dependencycheck.data.nvdcve.generated" -mark-generated "nvd-cve-feed_2.0.xsd"
-
-echo --------------------------------------------------------------
-echo IMPORTANT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-echo You must add the following annotation to the VulnerabilityType
-echo @XmlRootElement(name = "vulnerabilityType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4")
-echo --------------------------------------------------------------
\ No newline at end of file
diff --git a/src/main/resources/schema/nvdcve/generateBindings.sh b/src/main/resources/schema/nvdcve/generateBindings.sh
deleted file mode 100644
index 6e571f84f..000000000
--- a/src/main/resources/schema/nvdcve/generateBindings.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/sh
-
-if [ -n "$JAVA_HOME" ]
-then
- XJC="$JAVA_HOME/bin/xjc.exe"
-else
- XJC=xjc.exe
-fi
-
-exec "$XJC" -extension -d ../../../java -b "bindings.xml" -p "org.codesecure.dependencycheck.data.nvdcve.generated" -mark-generated "nvd-cve-feed_2.0.xsd"
-
-echo '--------------------------------------------------------------'
-echo 'IMPORTANT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'
-echo 'You must add the following annotation to the VulnerabilityType'
-echo '@XmlRootElement(name = "vulnerabilityType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4")'
-echo '--------------------------------------------------------------'
\ No newline at end of file
diff --git a/src/test/java/org/codesecure/dependencycheck/EngineIntegrationTest.java b/src/test/java/org/codesecure/dependencycheck/EngineIntegrationTest.java
index ed4ed7d58..4ec411df2 100644
--- a/src/test/java/org/codesecure/dependencycheck/EngineIntegrationTest.java
+++ b/src/test/java/org/codesecure/dependencycheck/EngineIntegrationTest.java
@@ -19,7 +19,7 @@ import static org.junit.Assert.*;
public class EngineIntegrationTest {
public EngineIntegrationTest() throws Exception {
- org.codesecure.dependencycheck.data.nvdcve.BaseIndexTestCase.ensureIndexExists();
+ org.codesecure.dependencycheck.data.nvdcve.BaseDBTestCase.ensureDBExists();
org.codesecure.dependencycheck.data.cpe.BaseIndexTestCase.ensureIndexExists();
}
diff --git a/src/test/java/org/codesecure/dependencycheck/data/cpe/IndexTest.java b/src/test/java/org/codesecure/dependencycheck/data/cpe/IndexTest.java
index 300cdaec7..d0e8db07c 100644
--- a/src/test/java/org/codesecure/dependencycheck/data/cpe/IndexTest.java
+++ b/src/test/java/org/codesecure/dependencycheck/data/cpe/IndexTest.java
@@ -65,7 +65,6 @@ public class IndexTest extends BaseIndexTestCase {
Directory result = index.getDirectory();
String exp = File.separatorChar + "target" + File.separatorChar + "data" + File.separatorChar + "cpe";
- // TODO review the generated test code and remove the default call to fail.
assertTrue(result.toString().contains(exp));
}
}
diff --git a/src/test/java/org/codesecure/dependencycheck/data/nvdcve/BaseIndexTestCase.java b/src/test/java/org/codesecure/dependencycheck/data/nvdcve/BaseDBTestCase.java
similarity index 75%
rename from src/test/java/org/codesecure/dependencycheck/data/nvdcve/BaseIndexTestCase.java
rename to src/test/java/org/codesecure/dependencycheck/data/nvdcve/BaseDBTestCase.java
index 7855d7aa2..a590513ec 100644
--- a/src/test/java/org/codesecure/dependencycheck/data/nvdcve/BaseIndexTestCase.java
+++ b/src/test/java/org/codesecure/dependencycheck/data/nvdcve/BaseDBTestCase.java
@@ -21,19 +21,18 @@ import org.codesecure.dependencycheck.utils.Settings;
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
-public abstract class BaseIndexTestCase extends TestCase {
-
- public BaseIndexTestCase(String testName) {
+public abstract class BaseDBTestCase extends TestCase {
+
+ public BaseDBTestCase(String testName) {
super(testName);
}
-
+
@Override
protected void setUp() throws Exception {
super.setUp();
- ensureIndexExists();
+ ensureDBExists();
}
-
-
+
protected static File getDataDirectory() throws IOException {
String fileName = Settings.getString(Settings.KEYS.CVE_INDEX);
String filePath = Index.class.getProtectionDomain().getCodeSource().getLocation().getPath();
@@ -42,14 +41,14 @@ public abstract class BaseIndexTestCase extends TestCase {
if (exePath.getName().toLowerCase().endsWith(".jar")) {
exePath = exePath.getParentFile();
} else {
- exePath = new File( "." );
+ exePath = new File(".");
}
File path = new File(exePath.getCanonicalFile() + File.separator + fileName);
path = new File(path.getCanonicalPath());
return path;
}
-
- public static void ensureIndexExists() throws Exception {
+
+ public static void ensureDBExists() throws Exception {
//String indexPath = Settings.getString(Settings.KEYS.CVE_INDEX);
String indexPath = getDataDirectory().getCanonicalPath();
java.io.File f = new File(indexPath);
@@ -58,7 +57,7 @@ public abstract class BaseIndexTestCase extends TestCase {
FileInputStream fis = null;
ZipInputStream zin = null;
try {
- File path = new File(BaseIndexTestCase.class.getClassLoader().getResource("index.nvdcve.zip").getPath());
+ File path = new File(BaseDBTestCase.class.getClassLoader().getResource("db.nvdcve.zip").getPath());
fis = new FileInputStream(path);
zin = new ZipInputStream(new BufferedInputStream(fis));
ZipEntry entry;
@@ -77,40 +76,48 @@ public abstract class BaseIndexTestCase extends TestCase {
// oPath.mkdir();
// }
o.createNewFile();
- fos = new FileOutputStream(o,false);
+ fos = new FileOutputStream(o, false);
dest = new BufferedOutputStream(fos, BUFFER);
byte data[] = new byte[BUFFER];
int count;
while ((count = zin.read(data, 0, BUFFER)) != -1) {
- dest.write(data, 0, count);
+ dest.write(data, 0, count);
}
- } catch (Exception ex) {
- String ignore = ex.getMessage();
+ } catch (Exception ex) {
+ String ignore = ex.getMessage();
} finally {
try {
dest.flush();
dest.close();
dest = null;
- } catch (Throwable ex) { String ignore = ex.getMessage(); }
+ } catch (Throwable ex) {
+ String ignore = ex.getMessage();
+ }
try {
fos.close();
fos = null;
- } catch (Throwable ex) { String ignore = ex.getMessage(); }
+ } catch (Throwable ex) {
+ String ignore = ex.getMessage();
+ }
}
}
} finally {
try {
- if (zin!=null) {
+ if (zin != null) {
zin.close();
}
zin = null;
- } catch (Throwable ex) { String ignore = ex.getMessage(); }
+ } catch (Throwable ex) {
+ String ignore = ex.getMessage();
+ }
try {
- if (fis!=null) {
+ if (fis != null) {
fis.close();
}
fis = null;
- } catch (Throwable ex) { String ignore = ex.getMessage(); }
+ } catch (Throwable ex) {
+ String ignore = ex.getMessage();
+ }
}
}
}
diff --git a/src/test/java/org/codesecure/dependencycheck/data/nvdcve/IndexTest.java b/src/test/java/org/codesecure/dependencycheck/data/nvdcve/IndexTest.java
deleted file mode 100644
index 609d61e49..000000000
--- a/src/test/java/org/codesecure/dependencycheck/data/nvdcve/IndexTest.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * To change this template, choose Tools | Templates
- * and open the template in the editor.
- */
-package org.codesecure.dependencycheck.data.nvdcve;
-
-import java.io.File;
-import org.apache.lucene.store.Directory;
-import static org.junit.Assert.assertTrue;
-import org.junit.*;
-
-/**
- *
- * @author Jeremy
- */
-public class IndexTest extends BaseIndexTestCase {
-
- public IndexTest(String testName) {
- super(testName);
- }
-
- @BeforeClass
- public static void setUpClass() throws Exception {
- }
-
- @AfterClass
- public static void tearDownClass() throws Exception {
- }
-
- @Before
- public void setUp() {
- }
-
- @After
- public void tearDown() {
- }
-
- /**
- * Test of getDirectory method, of class Index.
- */
- @Test
- public void testGetDirectory() throws Exception {
- System.out.println("getDirectory");
- Index instance = new Index();
- String exp = File.separatorChar + "target" + File.separatorChar + "data" + File.separatorChar + "cve";
- Directory result = instance.getDirectory();
-
- assertTrue(result.toString().contains(exp));
- }
-}
diff --git a/src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/DatabaseUpdaterIntegrationTest.java b/src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/DatabaseUpdaterIntegrationTest.java
new file mode 100644
index 000000000..21d390de8
--- /dev/null
+++ b/src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/DatabaseUpdaterIntegrationTest.java
@@ -0,0 +1,48 @@
+/*
+ * To change this template, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.codesecure.dependencycheck.data.nvdcve.xml;
+
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/**
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class DatabaseUpdaterIntegrationTest {
+
+ public DatabaseUpdaterIntegrationTest() {
+ }
+
+ @BeforeClass
+ public static void setUpClass() throws Exception {
+ }
+
+ @AfterClass
+ public static void tearDownClass() throws Exception {
+ }
+
+ @Before
+ public void setUp() {
+ }
+
+ @After
+ public void tearDown() {
+ }
+
+ /**
+ * Test of update method, of class DatabaseUpdater.
+ * @throws Exception
+ */
+ @Test
+ public void testUpdate() throws Exception {
+ System.out.println("update");
+ DatabaseUpdater instance = new DatabaseUpdater();
+ instance.update();
+ }
+}
diff --git a/src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/IndexUpdaterIntegrationTest.java b/src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/IndexUpdaterIntegrationTest.java
deleted file mode 100644
index a132a332b..000000000
--- a/src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/IndexUpdaterIntegrationTest.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * To change this template, choose Tools | Templates
- * and open the template in the editor.
- */
-package org.codesecure.dependencycheck.data.nvdcve.xml;
-
-
-import java.util.Map;
-import org.codesecure.dependencycheck.data.nvdcve.BaseIndexTestCase;
-import org.junit.*;
-
-/**
- *
- * @author Jeremy
- */
-public class IndexUpdaterIntegrationTest extends BaseIndexTestCase {
-
- public IndexUpdaterIntegrationTest(String testName) {
- super(testName);
- }
-
- @BeforeClass
- public static void setUpClass() throws Exception {
- }
-
- @AfterClass
- public static void tearDownClass() throws Exception {
- }
-
- @Before
- public void setUp() {
- }
-
- @After
- public void tearDown() {
- }
-
- /**
- * Test of retrieveCurrentTimestampFromWeb method, of class Index.
- */
- @Test
- public void testRetrieveCurrentTimestampFromWeb() throws Exception {
- System.out.println("retrieveCurrentTimestampFromWeb");
- IndexUpdater instance = new IndexUpdater();
- Map result = instance.retrieveCurrentTimestampsFromWeb();
- assertEquals(12, result.size());
- }
-
- /**
- * Test of update method, of class Index.
- */
- @Test
- public void testUpdate() throws Exception {
- System.out.println("update");
- IndexUpdater instance = new IndexUpdater();
- instance.update();
- }
-
- /**
- * Test of updateNeeded method, of class Index.
- */
- @Test
- public void testUpdateNeeded() throws Exception {
- System.out.println("updateNeeded");
- IndexUpdater instance = new IndexUpdater();
- instance.updateNeeded();
- //if an exception is thrown this test fails. However, because it depends on the
- // order of the tests what this will return I am just testing for the exception.
- }
-}
diff --git a/src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCveParserTest.java b/src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCveParserTest.java
deleted file mode 100644
index dbe4e320d..000000000
--- a/src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCveParserTest.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * To change this template, choose Tools | Templates
- * and open the template in the editor.
- */
-package org.codesecure.dependencycheck.data.nvdcve.xml;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-import org.apache.lucene.index.CorruptIndexException;
-import org.junit.After;
-import org.junit.AfterClass;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-import static org.junit.Assert.*;
-
-/**
- *
- * @author Jeremy Long (jeremy.long@gmail.com)
- */
-public class NvdCveParserTest {
-
- public NvdCveParserTest() {
- }
-
- @BeforeClass
- public static void setUpClass() throws Exception {
- }
-
- @AfterClass
- public static void tearDownClass() throws Exception {
- }
-
- @Before
- public void setUp() {
- }
-
- @After
- public void tearDown() {
- }
-
- /**
- * Test of parse method, of class NvdCveParser.
- */
- @Test
- public void testParse() throws InvalidDataException {
- NvdCveParser instance = null;
- try {
- System.out.println("parse");
- File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2.0-2012.xml").getPath());
- instance = new NvdCveParser();
- instance.openIndexWriter();
- instance.parse(file);
- } catch (CorruptIndexException ex) {
- throw new InvalidDataException("corrupt index", ex);
- } catch (IOException ex) {
- throw new InvalidDataException("IO Exception", ex);
- } finally {
- if (instance != null) {
- instance.close();
- }
- }
- }
-}
diff --git a/src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCveXmlFilterTest.java b/src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCveXmlFilterTest.java
deleted file mode 100644
index d7a82696e..000000000
--- a/src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCveXmlFilterTest.java
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * To change this template, choose Tools | Templates
- * and open the template in the editor.
- */
-package org.codesecure.dependencycheck.data.nvdcve.xml;
-//
-//import java.io.BufferedInputStream;
-//import java.io.DataInputStream;
-//import java.io.File;
-//import java.io.FileReader;
-//import java.io.IOException;
-//import java.io.InputStream;
-//import java.io.Reader;
-//import java.net.MalformedURLException;
-//import java.util.logging.Level;
-//import java.util.logging.Logger;
-//import javax.xml.bind.JAXBContext;
-//import javax.xml.bind.JAXBException;
-//import javax.xml.parsers.ParserConfigurationException;
-//import javax.xml.parsers.SAXParserFactory;
-//import org.apache.lucene.index.CorruptIndexException;
-//import org.codesecure.dependencycheck.data.nvdcve.InvalidDataException;
-//import org.codesecure.dependencycheck.data.nvdcve.generated.VulnerabilityType;
-//import org.junit.After;
-//import org.junit.AfterClass;
-//import org.junit.Before;
-//import org.junit.BeforeClass;
-//import org.junit.Test;
-//import static org.junit.Assert.*;
-//import org.xml.sax.Attributes;
-//import org.xml.sax.InputSource;
-//import org.xml.sax.Locator;
-//import org.xml.sax.SAXException;
-//import org.xml.sax.XMLReader;
-//
-///**
-// *
-// * @author Jeremy
-// */
-//public class NvdCveXmlFilterTest {
-//
-// public NvdCveXmlFilterTest() {
-// }
-//
-// @BeforeClass
-// public static void setUpClass() {
-// }
-//
-// @AfterClass
-// public static void tearDownClass() {
-// }
-//
-// @Before
-// public void setUp() {
-// }
-//
-// @After
-// public void tearDown() {
-// }
-//
-// /**
-// * Test of process method, of class NvdCveXmlFilter.
-// */
-// @Test
-// public void testFilter() throws InvalidDataException {
-// Indexer indexer = null;
-// try {
-// System.out.println("filter");
-//
-// SAXParserFactory factory = SAXParserFactory.newInstance();
-// factory.setNamespaceAware(true);
-// XMLReader reader = factory.newSAXParser().getXMLReader();
-//
-// JAXBContext context = JAXBContext.newInstance("org.codesecure.dependencycheck.data.nvdcve.generated");
-// NvdCveXmlFilter filter = new NvdCveXmlFilter(context);
-//
-// indexer = new Indexer();
-// indexer.openIndexWriter();
-//
-// filter.registerSaveDelegate(indexer);
-//
-// reader.setContentHandler(filter);
-// File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2.0-2012.xml").getPath());
-// Reader fileReader = new FileReader(file);
-// InputSource is = new InputSource(fileReader);
-// reader.parse(is);
-// } catch (JAXBException ex) {
-// throw new InvalidDataException("JAXBException", ex);
-// } catch (SAXException ex) {
-// throw new InvalidDataException("SAXException", ex);
-// } catch (ParserConfigurationException ex) {
-// throw new InvalidDataException("ParserConfigurationException", ex);
-// } catch (CorruptIndexException ex) {
-// throw new InvalidDataException("CorruptIndexException", ex);
-// } catch (IOException ex) {
-// throw new InvalidDataException("IOException", ex);
-// } finally {
-// if (indexer != null) {
-// indexer.close();
-// }
-// }
-// }
-//}
diff --git a/src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCve_1_2_HandlerTest.java b/src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCve_1_2_HandlerTest.java
new file mode 100644
index 000000000..93820cebc
--- /dev/null
+++ b/src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCve_1_2_HandlerTest.java
@@ -0,0 +1,57 @@
+/*
+ * To change this template, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.codesecure.dependencycheck.data.nvdcve.xml;
+
+import java.io.File;
+import java.util.List;
+import java.util.Map;
+import javax.xml.parsers.SAXParser;
+import javax.xml.parsers.SAXParserFactory;
+import org.codesecure.dependencycheck.dependency.VulnerableSoftware;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+/**
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class NvdCve_1_2_HandlerTest {
+
+ public NvdCve_1_2_HandlerTest() {
+ }
+
+ @BeforeClass
+ public static void setUpClass() throws Exception {
+ }
+
+ @AfterClass
+ public static void tearDownClass() throws Exception {
+ }
+
+ @Before
+ public void setUp() {
+ }
+
+ @After
+ public void tearDown() {
+ }
+
+ @Test
+ public void testParse() throws Exception {
+ SAXParserFactory factory = SAXParserFactory.newInstance();
+ SAXParser saxParser = factory.newSAXParser();
+
+ File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2012.xml").getPath());
+
+ NvdCve12Handler instance = new NvdCve12Handler();
+ saxParser.parse(file, instance);
+ Map> results = instance.getVulnerabilities();
+ assertTrue("No vulnerable software identified with a previous version in 2012 CVE 1.2?", !results.isEmpty());
+ }
+}
diff --git a/src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCve_2_0_HandlerTest.java b/src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCve_2_0_HandlerTest.java
new file mode 100644
index 000000000..28c4bf8e4
--- /dev/null
+++ b/src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCve_2_0_HandlerTest.java
@@ -0,0 +1,63 @@
+/*
+ * To change this template, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.codesecure.dependencycheck.data.nvdcve.xml;
+
+import java.io.File;
+import javax.xml.parsers.SAXParser;
+import javax.xml.parsers.SAXParserFactory;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+/**
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class NvdCve_2_0_HandlerTest {
+
+ public NvdCve_2_0_HandlerTest() {
+ }
+
+ @BeforeClass
+ public static void setUpClass() throws Exception {
+ }
+
+ @AfterClass
+ public static void tearDownClass() throws Exception {
+ }
+
+ @Before
+ public void setUp() {
+ }
+
+ @After
+ public void tearDown() {
+ }
+
+ @Test
+ public void testParse() {
+ Exception results = null;
+ try {
+ SAXParserFactory factory = SAXParserFactory.newInstance();
+ SAXParser saxParser = factory.newSAXParser();
+
+ File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2.0-2012.xml").getPath());
+
+ NvdCve20Handler instance = new NvdCve20Handler();
+
+ saxParser.parse(file, instance);
+ } catch (Exception ex) {
+ results = ex;
+ }
+ assertTrue("Exception thrown during parse of 2012 CVE version 2.0?", results == null);
+ if (results != null) {
+ System.err.println(results);
+ }
+
+ }
+}
diff --git a/src/test/java/org/codesecure/dependencycheck/reporting/ReportGeneratorTest.java b/src/test/java/org/codesecure/dependencycheck/reporting/ReportGeneratorTest.java
index 0da36f5b1..fff8b7b69 100644
--- a/src/test/java/org/codesecure/dependencycheck/reporting/ReportGeneratorTest.java
+++ b/src/test/java/org/codesecure/dependencycheck/reporting/ReportGeneratorTest.java
@@ -4,28 +4,19 @@
*/
package org.codesecure.dependencycheck.reporting;
-import org.codesecure.dependencycheck.dependency.Evidence;
-import java.util.List;
-import java.util.ArrayList;
-import java.io.File;
-import org.codesecure.dependencycheck.dependency.Dependency;
-import java.util.HashMap;
import org.codesecure.dependencycheck.data.cpe.BaseIndexTestCase;
-import java.util.Map;
-import org.codesecure.dependencycheck.dependency.Evidence.Confidence;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
-import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class ReportGeneratorTest extends BaseIndexTestCase {
-
+
public ReportGeneratorTest(String testName) {
super(testName);
}
@@ -37,12 +28,12 @@ public class ReportGeneratorTest extends BaseIndexTestCase {
@AfterClass
public static void tearDownClass() throws Exception {
}
-
+
@Before
@Override
public void setUp() {
}
-
+
@After
@Override
public void tearDown() {
@@ -66,16 +57,16 @@ public class ReportGeneratorTest extends BaseIndexTestCase {
// d.setFileName("FileName.jar");
// d.setActualFilePath("lib/FileName.jar");
// d.addCPEentry("cpe://a:/some:cpe:1.0");
-//
+//
// List dependencies = new ArrayList();
// d.getProductEvidence().addEvidence("jar","filename","test", Confidence.HIGH);
// d.getProductEvidence().addEvidence("manifest","vendor","test", Confidence.HIGH);
-//
+//
// for (Evidence e : d.getProductEvidence().iterator(Confidence.HIGH)) {
// String t = e.getValue();
// }
// dependencies.add(d);
-//
+//
// Dependency d2 = new Dependency();
// d2.setFileName("Another.jar");
// d2.setActualFilePath("lib/Another.jar");
@@ -84,26 +75,26 @@ public class ReportGeneratorTest extends BaseIndexTestCase {
// d2.addCPEentry("cpe://a:/another:cpe:1.2");
// d2.getProductEvidence().addEvidence("jar","filename","another.jar", Confidence.HIGH);
// d2.getProductEvidence().addEvidence("manifest","vendor","Company A", Confidence.MEDIUM);
-//
+//
// for (Evidence e : d2.getProductEvidence().iterator(Confidence.HIGH)) {
// String t = e.getValue();
// }
-//
+//
// dependencies.add(d2);
-//
+//
// Dependency d3 = new Dependency();
// d3.setFileName("Third.jar");
// d3.setActualFilePath("lib/Third.jar");
// d3.getProductEvidence().addEvidence("jar","filename","third.jar", Confidence.HIGH);
-//
+//
// for (Evidence e : d3.getProductEvidence().iterator(Confidence.HIGH)) {
// String t = e.getValue();
// }
-//
+//
// dependencies.add(d3);
-//
+//
// properties.put("dependencies",dependencies);
-//
+//
// ReportGenerator instance = new ReportGenerator();
// instance.generateReport(templateName, writeTo, properties);
//TODO add an assertion here...
diff --git a/src/test/resources/nvdcve-2.0-2012.xml.REMOVED.git-id b/src/test/resources/nvdcve-2.0-2012.xml.REMOVED.git-id
index 08ab89628..974e414d7 100644
--- a/src/test/resources/nvdcve-2.0-2012.xml.REMOVED.git-id
+++ b/src/test/resources/nvdcve-2.0-2012.xml.REMOVED.git-id
@@ -1 +1 @@
-e87a8b468d0d9a139c46cc0e0b94577f7f6fb06f
\ No newline at end of file
+9b5390434d0c6bbf79b5b64c94bff06f497f780c
\ No newline at end of file
diff --git a/src/test/resources/nvdcve-2012.xml.REMOVED.git-id b/src/test/resources/nvdcve-2012.xml.REMOVED.git-id
new file mode 100644
index 000000000..1f786bc02
--- /dev/null
+++ b/src/test/resources/nvdcve-2012.xml.REMOVED.git-id
@@ -0,0 +1 @@
+f2ff6066ee3da30900f068dae7819e3bbf5a0618
\ No newline at end of file