github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 00:03:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

bug fixes/replaced CVE datastore (lucene->H2)

Browse Source 
Former-commit-id: 51cd0f93a50b70b0722a139034f5e0dda416e803
This commit is contained in:
Jeremy Long
2013-01-06 12:04:27 -05:00
parent 67c0815d8a
commit 4861b1befe
103 changed files with 1890 additions and 10065 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/test/java/org/codesecure/dependencycheck/EngineIntegrationTest.java
View File

@@ -19,7 +19,7 @@ import static org.junit.Assert.*;
public class EngineIntegrationTest {
public EngineIntegrationTest() throws Exception {
org.codesecure.dependencycheck.data.nvdcve.BaseIndexTestCase.ensureIndexExists();
org.codesecure.dependencycheck.data.nvdcve.BaseDBTestCase.ensureDBExists();
org.codesecure.dependencycheck.data.cpe.BaseIndexTestCase.ensureIndexExists();
}

1
src/test/java/org/codesecure/dependencycheck/data/cpe/IndexTest.java
View File

@@ -65,7 +65,6 @@ public class IndexTest extends BaseIndexTestCase {
Directory result = index.getDirectory();
String exp = File.separatorChar + "target" + File.separatorChar + "data" + File.separatorChar + "cpe";
// TODO review the generated test code and remove the default call to fail.
assertTrue(result.toString().contains(exp));
}
}

49
src/test/java/org/codesecure/dependencycheck/data/nvdcve/BaseIndexTestCase.java → src/test/java/org/codesecure/dependencycheck/data/nvdcve/BaseDBTestCase.java
View File

@@ -21,19 +21,18 @@ import org.codesecure.dependencycheck.utils.Settings;
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public abstract class BaseIndexTestCase extends TestCase {
public BaseIndexTestCase(String testName) {
public abstract class BaseDBTestCase extends TestCase {
public BaseDBTestCase(String testName) {
super(testName);
}
@Override
protected void setUp() throws Exception {
super.setUp();
ensureIndexExists();
ensureDBExists();
}
protected static File getDataDirectory() throws IOException {
String fileName = Settings.getString(Settings.KEYS.CVE_INDEX);
String filePath = Index.class.getProtectionDomain().getCodeSource().getLocation().getPath();
@@ -42,14 +41,14 @@ public abstract class BaseIndexTestCase extends TestCase {
if (exePath.getName().toLowerCase().endsWith(".jar")) {
exePath = exePath.getParentFile();
} else {
exePath = new File( "." );
exePath = new File(".");
}
File path = new File(exePath.getCanonicalFile() + File.separator + fileName);
path = new File(path.getCanonicalPath());
return path;
}
public static void ensureIndexExists() throws Exception {
public static void ensureDBExists() throws Exception {
//String indexPath = Settings.getString(Settings.KEYS.CVE_INDEX);
String indexPath = getDataDirectory().getCanonicalPath();
java.io.File f = new File(indexPath);
@@ -58,7 +57,7 @@ public abstract class BaseIndexTestCase extends TestCase {
FileInputStream fis = null;
ZipInputStream zin = null;
try {
File path = new File(BaseIndexTestCase.class.getClassLoader().getResource("index.nvdcve.zip").getPath());
File path = new File(BaseDBTestCase.class.getClassLoader().getResource("db.nvdcve.zip").getPath());
fis = new FileInputStream(path);
zin = new ZipInputStream(new BufferedInputStream(fis));
ZipEntry entry;
@@ -77,40 +76,48 @@ public abstract class BaseIndexTestCase extends TestCase {
// oPath.mkdir();
// }
o.createNewFile();
fos = new FileOutputStream(o,false);
fos = new FileOutputStream(o, false);
dest = new BufferedOutputStream(fos, BUFFER);
byte data[] = new byte[BUFFER];
int count;
while ((count = zin.read(data, 0, BUFFER)) != -1) {
dest.write(data, 0, count);
dest.write(data, 0, count);
}
} catch (Exception ex) {
String ignore = ex.getMessage();
} catch (Exception ex) {
String ignore = ex.getMessage();
} finally {
try {
dest.flush();
dest.close();
dest = null;
} catch (Throwable ex) { String ignore = ex.getMessage(); }
} catch (Throwable ex) {
String ignore = ex.getMessage();
}
try {
fos.close();
fos = null;
} catch (Throwable ex) { String ignore = ex.getMessage(); }
} catch (Throwable ex) {
String ignore = ex.getMessage();
}
}
}
} finally {
try {
if (zin!=null) {
if (zin != null) {
zin.close();
}
zin = null;
} catch (Throwable ex) { String ignore = ex.getMessage(); }
} catch (Throwable ex) {
String ignore = ex.getMessage();
}
try {
if (fis!=null) {
if (fis != null) {
fis.close();
}
fis = null;
} catch (Throwable ex) { String ignore = ex.getMessage(); }
} catch (Throwable ex) {
String ignore = ex.getMessage();
}
}
}
}

50
src/test/java/org/codesecure/dependencycheck/data/nvdcve/IndexTest.java
View File

@@ -1,50 +0,0 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.codesecure.dependencycheck.data.nvdcve;
import java.io.File;
import org.apache.lucene.store.Directory;
import static org.junit.Assert.assertTrue;
import org.junit.*;
/**
*
* @author Jeremy
*/
public class IndexTest extends BaseIndexTestCase {
public IndexTest(String testName) {
super(testName);
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of getDirectory method, of class Index.
*/
@Test
public void testGetDirectory() throws Exception {
System.out.println("getDirectory");
Index instance = new Index();
String exp = File.separatorChar + "target" + File.separatorChar + "data" + File.separatorChar + "cve";
Directory result = instance.getDirectory();
assertTrue(result.toString().contains(exp));
}
}

48
src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/DatabaseUpdaterIntegrationTest.java Normal file
View File

@@ -0,0 +1,48 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.codesecure.dependencycheck.data.nvdcve.xml;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
/**
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class DatabaseUpdaterIntegrationTest {
public DatabaseUpdaterIntegrationTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of update method, of class DatabaseUpdater.
* @throws Exception
*/
@Test
public void testUpdate() throws Exception {
System.out.println("update");
DatabaseUpdater instance = new DatabaseUpdater();
instance.update();
}
}

70
src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/IndexUpdaterIntegrationTest.java
View File

@@ -1,70 +0,0 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.codesecure.dependencycheck.data.nvdcve.xml;
import java.util.Map;
import org.codesecure.dependencycheck.data.nvdcve.BaseIndexTestCase;
import org.junit.*;
/**
*
* @author Jeremy
*/
public class IndexUpdaterIntegrationTest extends BaseIndexTestCase {
public IndexUpdaterIntegrationTest(String testName) {
super(testName);
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of retrieveCurrentTimestampFromWeb method, of class Index.
*/
@Test
public void testRetrieveCurrentTimestampFromWeb() throws Exception {
System.out.println("retrieveCurrentTimestampFromWeb");
IndexUpdater instance = new IndexUpdater();
Map<String, IndexUpdater.NvdCveUrl> result = instance.retrieveCurrentTimestampsFromWeb();
assertEquals(12, result.size());
}
/**
* Test of update method, of class Index.
*/
@Test
public void testUpdate() throws Exception {
System.out.println("update");
IndexUpdater instance = new IndexUpdater();
instance.update();
}
/**
* Test of updateNeeded method, of class Index.
*/
@Test
public void testUpdateNeeded() throws Exception {
System.out.println("updateNeeded");
IndexUpdater instance = new IndexUpdater();
instance.updateNeeded();
//if an exception is thrown this test fails. However, because it depends on the
// order of the tests what this will return I am just testing for the exception.
}
}

66
src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCveParserTest.java
View File

@@ -1,66 +0,0 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.codesecure.dependencycheck.data.nvdcve.xml;
import java.io.File;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.lucene.index.CorruptIndexException;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class NvdCveParserTest {
public NvdCveParserTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of parse method, of class NvdCveParser.
*/
@Test
public void testParse() throws InvalidDataException {
NvdCveParser instance = null;
try {
System.out.println("parse");
File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2.0-2012.xml").getPath());
instance = new NvdCveParser();
instance.openIndexWriter();
instance.parse(file);
} catch (CorruptIndexException ex) {
throw new InvalidDataException("corrupt index", ex);
} catch (IOException ex) {
throw new InvalidDataException("IO Exception", ex);
} finally {
if (instance != null) {
instance.close();
}
}
}
}

103
src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCveXmlFilterTest.java
View File

@@ -1,103 +0,0 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.codesecure.dependencycheck.data.nvdcve.xml;
//
//import java.io.BufferedInputStream;
//import java.io.DataInputStream;
//import java.io.File;
//import java.io.FileReader;
//import java.io.IOException;
//import java.io.InputStream;
//import java.io.Reader;
//import java.net.MalformedURLException;
//import java.util.logging.Level;
//import java.util.logging.Logger;
//import javax.xml.bind.JAXBContext;
//import javax.xml.bind.JAXBException;
//import javax.xml.parsers.ParserConfigurationException;
//import javax.xml.parsers.SAXParserFactory;
//import org.apache.lucene.index.CorruptIndexException;
//import org.codesecure.dependencycheck.data.nvdcve.InvalidDataException;
//import org.codesecure.dependencycheck.data.nvdcve.generated.VulnerabilityType;
//import org.junit.After;
//import org.junit.AfterClass;
//import org.junit.Before;
//import org.junit.BeforeClass;
//import org.junit.Test;
//import static org.junit.Assert.*;
//import org.xml.sax.Attributes;
//import org.xml.sax.InputSource;
//import org.xml.sax.Locator;
//import org.xml.sax.SAXException;
//import org.xml.sax.XMLReader;
//
///**
// *
// * @author Jeremy
// */
//public class NvdCveXmlFilterTest {
//
// public NvdCveXmlFilterTest() {
// }
//
// @BeforeClass
// public static void setUpClass() {
// }
//
// @AfterClass
// public static void tearDownClass() {
// }
//
// @Before
// public void setUp() {
// }
//
// @After
// public void tearDown() {
// }
//
// /**
// * Test of process method, of class NvdCveXmlFilter.
// */
// @Test
// public void testFilter() throws InvalidDataException {
// Indexer indexer = null;
// try {
// System.out.println("filter");
//
// SAXParserFactory factory = SAXParserFactory.newInstance();
// factory.setNamespaceAware(true);
// XMLReader reader = factory.newSAXParser().getXMLReader();
//
// JAXBContext context = JAXBContext.newInstance("org.codesecure.dependencycheck.data.nvdcve.generated");
// NvdCveXmlFilter filter = new NvdCveXmlFilter(context);
//
// indexer = new Indexer();
// indexer.openIndexWriter();
//
// filter.registerSaveDelegate(indexer);
//
// reader.setContentHandler(filter);
// File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2.0-2012.xml").getPath());
// Reader fileReader = new FileReader(file);
// InputSource is = new InputSource(fileReader);
// reader.parse(is);
// } catch (JAXBException ex) {
// throw new InvalidDataException("JAXBException", ex);
// } catch (SAXException ex) {
// throw new InvalidDataException("SAXException", ex);
// } catch (ParserConfigurationException ex) {
// throw new InvalidDataException("ParserConfigurationException", ex);
// } catch (CorruptIndexException ex) {
// throw new InvalidDataException("CorruptIndexException", ex);
// } catch (IOException ex) {
// throw new InvalidDataException("IOException", ex);
// } finally {
// if (indexer != null) {
// indexer.close();
// }
// }
// }
//}

57
src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCve_1_2_HandlerTest.java Normal file
View File

@@ -0,0 +1,57 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.codesecure.dependencycheck.data.nvdcve.xml;
import java.io.File;
import java.util.List;
import java.util.Map;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import org.codesecure.dependencycheck.dependency.VulnerableSoftware;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class NvdCve_1_2_HandlerTest {
public NvdCve_1_2_HandlerTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
@Test
public void testParse() throws Exception {
SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser saxParser = factory.newSAXParser();
File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2012.xml").getPath());
NvdCve12Handler instance = new NvdCve12Handler();
saxParser.parse(file, instance);
Map<String, List<VulnerableSoftware>> results = instance.getVulnerabilities();
assertTrue("No vulnerable software identified with a previous version in 2012 CVE 1.2?", !results.isEmpty());
}
}

63
src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCve_2_0_HandlerTest.java Normal file
View File

@@ -0,0 +1,63 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.codesecure.dependencycheck.data.nvdcve.xml;
import java.io.File;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class NvdCve_2_0_HandlerTest {
public NvdCve_2_0_HandlerTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
@Test
public void testParse() {
Exception results = null;
try {
SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser saxParser = factory.newSAXParser();
File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2.0-2012.xml").getPath());
NvdCve20Handler instance = new NvdCve20Handler();
saxParser.parse(file, instance);
} catch (Exception ex) {
results = ex;
}
assertTrue("Exception thrown during parse of 2012 CVE version 2.0?", results == null);
if (results != null) {
System.err.println(results);
}
}
}

35
src/test/java/org/codesecure/dependencycheck/reporting/ReportGeneratorTest.java
View File

@@ -4,28 +4,19 @@
*/
package org.codesecure.dependencycheck.reporting;
import org.codesecure.dependencycheck.dependency.Evidence;
import java.util.List;
import java.util.ArrayList;
import java.io.File;
import org.codesecure.dependencycheck.dependency.Dependency;
import java.util.HashMap;
import org.codesecure.dependencycheck.data.cpe.BaseIndexTestCase;
import java.util.Map;
import org.codesecure.dependencycheck.dependency.Evidence.Confidence;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class ReportGeneratorTest extends BaseIndexTestCase {
public ReportGeneratorTest(String testName) {
super(testName);
}
@@ -37,12 +28,12 @@ public class ReportGeneratorTest extends BaseIndexTestCase {
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
@Override
public void setUp() {
}
@After
@Override
public void tearDown() {
@@ -66,16 +57,16 @@ public class ReportGeneratorTest extends BaseIndexTestCase {
// d.setFileName("FileName.jar");
// d.setActualFilePath("lib/FileName.jar");
// d.addCPEentry("cpe://a:/some:cpe:1.0");
//
//
// List<Dependency> dependencies = new ArrayList<Dependency>();
// d.getProductEvidence().addEvidence("jar","filename","<test>test", Confidence.HIGH);
// d.getProductEvidence().addEvidence("manifest","vendor","<test>test", Confidence.HIGH);
//
//
// for (Evidence e : d.getProductEvidence().iterator(Confidence.HIGH)) {
// String t = e.getValue();
// }
// dependencies.add(d);
//
//
// Dependency d2 = new Dependency();
// d2.setFileName("Another.jar");
// d2.setActualFilePath("lib/Another.jar");
@@ -84,26 +75,26 @@ public class ReportGeneratorTest extends BaseIndexTestCase {
// d2.addCPEentry("cpe://a:/another:cpe:1.2");
// d2.getProductEvidence().addEvidence("jar","filename","another.jar", Confidence.HIGH);
// d2.getProductEvidence().addEvidence("manifest","vendor","Company A", Confidence.MEDIUM);
//
//
// for (Evidence e : d2.getProductEvidence().iterator(Confidence.HIGH)) {
// String t = e.getValue();
// }
//
//
// dependencies.add(d2);
//
//
// Dependency d3 = new Dependency();
// d3.setFileName("Third.jar");
// d3.setActualFilePath("lib/Third.jar");
// d3.getProductEvidence().addEvidence("jar","filename","third.jar", Confidence.HIGH);
//
//
// for (Evidence e : d3.getProductEvidence().iterator(Confidence.HIGH)) {
// String t = e.getValue();
// }
//
//
// dependencies.add(d3);
//
//
// properties.put("dependencies",dependencies);
//
//
// ReportGenerator instance = new ReportGenerator();
// instance.generateReport(templateName, writeTo, properties);
//TODO add an assertion here...