From 49e8ee443cdc126af405a9453926915cda9100e3 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Fri, 13 Feb 2015 06:18:56 -0500 Subject: [PATCH] added generic methods to get references to resources to resolve issue #181 Former-commit-id: 465d3310b1ad5b54e49ab65e5e0e4b003f79998b --- .../org/owasp/dependencycheck/BaseTest.java | 30 +++++++++++++++++++ .../ArchiveAnalyzerIntegrationTest.java | 17 +++++++---- .../analyzer/AssemblyAnalyzerTest.java | 10 +++++-- .../analyzer/CPEAnalyzerIntegrationTest.java | 16 ++++++---- .../analyzer/FileNameAnalyzerTest.java | 7 +++-- .../analyzer/HintAnalyzerTest.java | 6 ++-- .../analyzer/JarAnalyzerTest.java | 9 ++++-- .../analyzer/JavaScriptAnalyzerTest.java | 9 ++++-- ...itySuppressionAnalyzerIntegrationTest.java | 7 +++-- .../data/nuget/XPathNuspecParserTest.java | 10 +++++-- .../data/nvdcve/DriverLoaderTest.java | 13 +++++--- .../update/NvdCveUpdaterIntegrationTest.java | 3 +- .../update/xml/NvdCve_1_2_HandlerTest.java | 4 ++- .../update/xml/NvdCve_2_0_HandlerTest.java | 4 ++- .../dependency/DependencyTest.java | 8 +++-- .../ReportGeneratorIntegrationTest.java | 13 ++++---- .../suppression/SuppressionHandlerTest.java | 7 +++-- .../suppression/SuppressionParserTest.java | 4 ++- .../suppression/SuppressionRuleTest.java | 7 +++-- 19 files changed, 136 insertions(+), 48 deletions(-) diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseTest.java index b294ee936..634665fac 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseTest.java @@ -15,7 +15,10 @@ */ package org.owasp.dependencycheck; +import java.io.File; +import java.io.InputStream; import org.junit.AfterClass; +import org.junit.Assume; import org.junit.BeforeClass; import org.owasp.dependencycheck.utils.Settings; @@ -34,4 +37,31 @@ public class BaseTest { public static void tearDownClass() throws Exception { Settings.cleanup(true); } + + /** + * Returns the given resource as an InputStream using the object's class loader. The org.junit.Assume API is used so that test + * cases are skipped if the resource is not available. + * + * @param o the object used to obtain a reference to the class loader + * @param resource the name of the resource to load + * @return the resource as an InputStream + */ + public static InputStream getResourceAsStream(Object o, String resource) { + getResourceAsFile(o, resource); + return o.getClass().getClassLoader().getResourceAsStream(resource); + } + + /** + * Returns the given resource as a File using the object's class loader. The org.junit.Assume API is used so that test cases + * are skipped if the resource is not available. + * + * @param o the object used to obtain a reference to the class loader + * @param resource the name of the resource to load + * @return the resource as an File + */ + public static File getResourceAsFile(Object o, String resource) { + File f = new File(o.getClass().getClassLoader().getResource(resource).getPath()); + Assume.assumeTrue(String.format("%n%n[SEVERE] Unable to load resource for test case: %s%n%n", resource), f.exists()); + return f; + } } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerIntegrationTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerIntegrationTest.java index 40934c674..9b07949da 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerIntegrationTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerIntegrationTest.java @@ -23,6 +23,7 @@ import java.util.Set; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import org.junit.Test; +import org.owasp.dependencycheck.BaseTest; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.data.cpe.AbstractDatabaseTestCase; import org.owasp.dependencycheck.dependency.Dependency; @@ -129,8 +130,8 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase { instance.supportsExtension("ear"); try { instance.initialize(); - - File file = new File(this.getClass().getClassLoader().getResource("daytrader-ear-2.1.7.ear").getPath()); + File file = BaseTest.getResourceAsFile(this, "daytrader-ear-2.1.7.ear"); + //File file = new File(this.getClass().getClassLoader().getResource("daytrader-ear-2.1.7.ear").getPath()); Dependency dependency = new Dependency(file); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false); @@ -162,7 +163,8 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase { instance.initialize(); //File file = new File(this.getClass().getClassLoader().getResource("file.tar").getPath()); - File file = new File(this.getClass().getClassLoader().getResource("stagedhttp-modified.tar").getPath()); + //File file = new File(this.getClass().getClassLoader().getResource("stagedhttp-modified.tar").getPath()); + File file = BaseTest.getResourceAsFile(this, "stagedhttp-modified.tar"); Dependency dependency = new Dependency(file); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false); @@ -191,7 +193,8 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase { try { instance.initialize(); - File file = new File(this.getClass().getClassLoader().getResource("file.tar.gz").getPath()); + //File file = new File(this.getClass().getClassLoader().getResource("file.tar.gz").getPath()); + File file = BaseTest.getResourceAsFile(this, "file.tar.gz"); //Dependency dependency = new Dependency(file); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false); @@ -243,7 +246,8 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase { try { instance.initialize(); - File file = new File(this.getClass().getClassLoader().getResource("file.tgz").getPath()); + //File file = new File(this.getClass().getClassLoader().getResource("file.tgz").getPath()); + File file = BaseTest.getResourceAsFile(this, "file.tgz"); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false); Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false); @@ -270,7 +274,8 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase { try { instance.initialize(); - File file = new File(this.getClass().getClassLoader().getResource("test.zip").getPath()); + //File file = new File(this.getClass().getClassLoader().getResource("test.zip").getPath()); + File file = BaseTest.getResourceAsFile(this, "test.zip"); Dependency dependency = new Dependency(file); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java index 2d7573c41..1e1e70685 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java @@ -78,7 +78,8 @@ public class AssemblyAnalyzerTest extends BaseTest { @Test public void testAnalysis() throws Exception { - File f = new File(AssemblyAnalyzerTest.class.getClassLoader().getResource("GrokAssembly.exe").getPath()); + //File f = new File(AssemblyAnalyzerTest.class.getClassLoader().getResource("GrokAssembly.exe").getPath()); + File f = BaseTest.getResourceAsFile(this, "GrokAssembly.exe"); Dependency d = new Dependency(f); analyzer.analyze(d, null); boolean foundVendor = false; @@ -100,7 +101,9 @@ public class AssemblyAnalyzerTest extends BaseTest { @Test public void testLog4Net() throws Exception { - File f = new File(AssemblyAnalyzerTest.class.getClassLoader().getResource("log4net.dll").getPath()); + //File f = new File(AssemblyAnalyzerTest.class.getClassLoader().getResource("log4net.dll").getPath()); + File f = BaseTest.getResourceAsFile(this, "log4net.dll"); + Dependency d = new Dependency(f); analyzer.analyze(d, null); assertTrue(d.getVersionEvidence().getEvidence().contains(new Evidence("grokassembly", "version", "1.2.13.0", Confidence.HIGHEST))); @@ -115,7 +118,8 @@ public class AssemblyAnalyzerTest extends BaseTest { // Tweak the log level so the warning doesn't show in the console Logger.getLogger(AssemblyAnalyzer.class.getName()).setLevel(Level.OFF); Logger.getLogger(Dependency.class.getName()).setLevel(Level.OFF); - File f = new File(AssemblyAnalyzerTest.class.getClassLoader().getResource("log4net.dll").getPath()); + //File f = new File(AssemblyAnalyzerTest.class.getClassLoader().getResource("log4net.dll").getPath()); + File f = BaseTest.getResourceAsFile(this, "log4net.dll"); File test = new File(f.getParent(), "nonexistent.dll"); Dependency d = new Dependency(test); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java index b52cb6139..ef319eb51 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java @@ -27,6 +27,7 @@ import org.apache.lucene.queryparser.classic.ParseException; import org.junit.Assert; import static org.junit.Assert.assertTrue; import org.junit.Test; +import org.owasp.dependencycheck.BaseTest; import org.owasp.dependencycheck.data.cpe.AbstractDatabaseTestCase; import org.owasp.dependencycheck.data.cpe.IndexEntry; import org.owasp.dependencycheck.dependency.Confidence; @@ -110,7 +111,8 @@ public class CPEAnalyzerIntegrationTest extends AbstractDatabaseTestCase { */ public void callDetermineCPE_full(String depName, String expResult, CPEAnalyzer instance, FileNameAnalyzer fnAnalyzer, JarAnalyzer jarAnalyzer, HintAnalyzer hAnalyzer, FalsePositiveAnalyzer fp) throws Exception { - File file = new File(this.getClass().getClassLoader().getResource(depName).getPath()); + //File file = new File(this.getClass().getClassLoader().getResource(depName).getPath()); + File file = BaseTest.getResourceAsFile(this, depName); Dependency dep = new Dependency(file); @@ -137,7 +139,8 @@ public class CPEAnalyzerIntegrationTest extends AbstractDatabaseTestCase { */ @Test public void testDetermineCPE() throws Exception { - File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); + //File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); + File file = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar"); //File file = new File(this.getClass().getClassLoader().getResource("axis2-adb-1.4.1.jar").getPath()); Dependency struts = new Dependency(file); @@ -147,15 +150,18 @@ public class CPEAnalyzerIntegrationTest extends AbstractDatabaseTestCase { JarAnalyzer jarAnalyzer = new JarAnalyzer(); jarAnalyzer.analyze(struts, null); - File fileCommonValidator = new File(this.getClass().getClassLoader().getResource("commons-validator-1.4.0.jar").getPath()); + //File fileCommonValidator = new File(this.getClass().getClassLoader().getResource("commons-validator-1.4.0.jar").getPath()); + File fileCommonValidator = BaseTest.getResourceAsFile(this, "commons-validator-1.4.0.jar"); Dependency commonValidator = new Dependency(fileCommonValidator); jarAnalyzer.analyze(commonValidator, null); - File fileSpring = new File(this.getClass().getClassLoader().getResource("spring-core-2.5.5.jar").getPath()); + //File fileSpring = new File(this.getClass().getClassLoader().getResource("spring-core-2.5.5.jar").getPath()); + File fileSpring = BaseTest.getResourceAsFile(this, "spring-core-2.5.5.jar"); Dependency spring = new Dependency(fileSpring); jarAnalyzer.analyze(spring, null); - File fileSpring3 = new File(this.getClass().getClassLoader().getResource("spring-core-3.0.0.RELEASE.jar").getPath()); + //File fileSpring3 = new File(this.getClass().getClassLoader().getResource("spring-core-3.0.0.RELEASE.jar").getPath()); + File fileSpring3 = BaseTest.getResourceAsFile(this, "spring-core-3.0.0.RELEASE.jar"); Dependency spring3 = new Dependency(fileSpring3); jarAnalyzer.analyze(spring3, null); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzerTest.java index 9f908c9ae..f91dbf2a0 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzerTest.java @@ -21,6 +21,7 @@ import java.io.File; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import org.junit.Test; +import org.owasp.dependencycheck.BaseTest; import org.owasp.dependencycheck.dependency.Dependency; /** @@ -56,9 +57,11 @@ public class FileNameAnalyzerTest { */ @Test public void testAnalyze() throws Exception { - File struts = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); + //File struts = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); + File struts = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar"); Dependency resultStruts = new Dependency(struts); - File axis = new File(this.getClass().getClassLoader().getResource("axis2-adb-1.4.1.jar").getPath()); + //File axis = new File(this.getClass().getClassLoader().getResource("axis2-adb-1.4.1.jar").getPath()); + File axis = BaseTest.getResourceAsFile(this, "axis2-adb-1.4.1.jar"); Dependency resultAxis = new Dependency(axis); FileNameAnalyzer instance = new FileNameAnalyzer(); instance.analyze(resultStruts, null); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/HintAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/HintAnalyzerTest.java index 80608fdb4..6c514f169 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/HintAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/HintAnalyzerTest.java @@ -69,9 +69,11 @@ public class HintAnalyzerTest extends BaseTest { public void testAnalyze() throws Exception { HintAnalyzer instance = new HintAnalyzer(); - File guice = new File(this.getClass().getClassLoader().getResource("guice-3.0.jar").getPath()); + //File guice = new File(this.getClass().getClassLoader().getResource("guice-3.0.jar").getPath()); + File guice = BaseTest.getResourceAsFile(this, "guice-3.0.jar"); //Dependency guice = new Dependency(fileg); - File spring = new File(this.getClass().getClassLoader().getResource("spring-core-3.0.0.RELEASE.jar").getPath()); + //File spring = new File(this.getClass().getClassLoader().getResource("spring-core-3.0.0.RELEASE.jar").getPath()); + File spring = BaseTest.getResourceAsFile(this, "spring-core-3.0.0.RELEASE.jar"); //Dependency spring = new Dependency(files); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java index e57d8cf15..953a7ec1c 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java @@ -41,14 +41,16 @@ public class JarAnalyzerTest extends BaseTest { */ @Test public void testAnalyze() throws Exception { - File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); + //File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); + File file = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar"); Dependency result = new Dependency(file); JarAnalyzer instance = new JarAnalyzer(); instance.analyze(result, null); assertTrue(result.getVendorEvidence().toString().toLowerCase().contains("apache")); assertTrue(result.getVendorEvidence().getWeighting().contains("apache")); - file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath()); + //file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath()); + file = BaseTest.getResourceAsFile(this, "org.mortbay.jetty.jar"); result = new Dependency(file); instance.analyze(result, null); boolean found = false; @@ -81,7 +83,8 @@ public class JarAnalyzerTest extends BaseTest { } assertTrue("implementation-version of 4.2.27 not found in org.mortbay.jetty.jar", found); - file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jmx.jar").getPath()); + //file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jmx.jar").getPath()); + file = BaseTest.getResourceAsFile(this, "org.mortbay.jmx.jar"); result = new Dependency(file); instance.analyze(result, null); assertEquals("org.mortbar,jmx.jar has version evidence?", result.getVersionEvidence().size(), 0); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzerTest.java index cdb137e7d..83f897bfd 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzerTest.java @@ -84,9 +84,12 @@ public class JavaScriptAnalyzerTest extends BaseTest { */ @Test public void testAnalyze() throws Exception { - File jq6 = new File(this.getClass().getClassLoader().getResource("jquery-1.6.2.min.js").getPath()); - File jq10 = new File(this.getClass().getClassLoader().getResource("jquery-1.10.2.js").getPath()); - File jq10min = new File(this.getClass().getClassLoader().getResource("jquery-1.10.2.min.js").getPath()); + //File jq6 = new File(this.getClass().getClassLoader().getResource("jquery-1.6.2.min.js").getPath()); + File jq6 = BaseTest.getResourceAsFile(this, "jquery-1.6.2.min.js"); + //File jq10 = new File(this.getClass().getClassLoader().getResource("jquery-1.10.2.js").getPath()); + File jq10 = BaseTest.getResourceAsFile(this, "jquery-1.10.2.js"); + //File jq10min = new File(this.getClass().getClassLoader().getResource("jquery-1.10.2.min.js").getPath()); + File jq10min = BaseTest.getResourceAsFile(this, "jquery-1.10.2.min.js"); Dependency depJQ6 = new Dependency(jq6); Dependency depJQ10 = new Dependency(jq10); Dependency depJQ10min = new Dependency(jq10min); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/VulnerabilitySuppressionAnalyzerIntegrationTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/VulnerabilitySuppressionAnalyzerIntegrationTest.java index 26bddba31..e0ca76b92 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/VulnerabilitySuppressionAnalyzerIntegrationTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/VulnerabilitySuppressionAnalyzerIntegrationTest.java @@ -21,6 +21,7 @@ import java.io.File; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import org.junit.Test; +import org.owasp.dependencycheck.BaseTest; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.data.cpe.AbstractDatabaseTestCase; import org.owasp.dependencycheck.dependency.Dependency; @@ -61,8 +62,10 @@ public class VulnerabilitySuppressionAnalyzerIntegrationTest extends AbstractDat @Test public void testAnalyze() throws Exception { - File file = new File(this.getClass().getClassLoader().getResource("commons-fileupload-1.2.1.jar").getPath()); - File suppression = new File(this.getClass().getClassLoader().getResource("commons-fileupload-1.2.1.suppression.xml").getPath()); + //File file = new File(this.getClass().getClassLoader().getResource("commons-fileupload-1.2.1.jar").getPath()); + File file = BaseTest.getResourceAsFile(this, "commons-fileupload-1.2.1.jar"); + //File suppression = new File(this.getClass().getClassLoader().getResource("commons-fileupload-1.2.1.suppression.xml").getPath()); + File suppression = BaseTest.getResourceAsFile(this, "commons-fileupload-1.2.1.suppression.xml"); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false); Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nuget/XPathNuspecParserTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nuget/XPathNuspecParserTest.java index fd23162bb..e38b52c6b 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nuget/XPathNuspecParserTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nuget/XPathNuspecParserTest.java @@ -18,6 +18,7 @@ package org.owasp.dependencycheck.data.nuget; import java.io.ByteArrayOutputStream; +import java.io.File; import java.io.InputStream; import java.io.PrintStream; import static org.junit.Assert.assertEquals; @@ -39,7 +40,8 @@ public class XPathNuspecParserTest extends BaseTest { @Test public void testGoodDocument() throws Exception { NuspecParser parser = new XPathNuspecParser(); - InputStream is = XPathNuspecParserTest.class.getClassLoader().getResourceAsStream("log4net.2.0.3.nuspec"); + //InputStream is = XPathNuspecParserTest.class.getClassLoader().getResourceAsStream("log4net.2.0.3.nuspec"); + InputStream is = BaseTest.getResourceAsStream(this, "log4net.2.0.3.nuspec"); NugetPackage np = parser.parse(is); assertEquals("log4net", np.getId()); assertEquals("2.0.3", np.getVersion()); @@ -57,7 +59,8 @@ public class XPathNuspecParserTest extends BaseTest { @Test(expected = NuspecParseException.class) public void testMissingDocument() throws Exception { NuspecParser parser = new XPathNuspecParser(); - InputStream is = XPathNuspecParserTest.class.getClassLoader().getResourceAsStream("dependencycheck.properties"); + //InputStream is = XPathNuspecParserTest.class.getClassLoader().getResourceAsStream("dependencycheck.properties"); + InputStream is = BaseTest.getResourceAsStream(this, "dependencycheck.properties"); //hide the fatal message from the core parser final ByteArrayOutputStream myOut = new ByteArrayOutputStream(); @@ -74,7 +77,8 @@ public class XPathNuspecParserTest extends BaseTest { @Test(expected = NuspecParseException.class) public void testNotNuspec() throws Exception { NuspecParser parser = new XPathNuspecParser(); - InputStream is = XPathNuspecParserTest.class.getClassLoader().getResourceAsStream("suppressions.xml"); + //InputStream is = XPathNuspecParserTest.class.getClassLoader().getResourceAsStream("suppressions.xml"); + InputStream is = BaseTest.getResourceAsStream(this, "suppressions.xml"); NugetPackage np = parser.parse(is); } } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DriverLoaderTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DriverLoaderTest.java index 410fba3e0..e09e5c969 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DriverLoaderTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DriverLoaderTest.java @@ -27,6 +27,7 @@ import static org.junit.Assert.assertTrue; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; +import org.owasp.dependencycheck.BaseTest; /** * @@ -85,7 +86,8 @@ public class DriverLoaderTest { public void testLoad_String_String() throws Exception { String className = "com.mysql.jdbc.Driver"; //we know this is in target/test-classes - File testClassPath = (new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath())).getParentFile(); + //File testClassPath = (new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath())).getParentFile(); + File testClassPath = BaseTest.getResourceAsFile(this, "org.mortbay.jetty.jar").getParentFile(); File driver = new File(testClassPath, "../../src/test/resources/mysql-connector-java-5.1.27-bin.jar"); assertTrue("MySQL Driver JAR file not found in src/test/resources?", driver.isFile()); @@ -108,7 +110,8 @@ public class DriverLoaderTest { public void testLoad_String_String_multiple_paths() throws Exception { final String className = "com.mysql.jdbc.Driver"; //we know this is in target/test-classes - final File testClassPath = (new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath())).getParentFile(); + //final File testClassPath = (new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath())).getParentFile(); + final File testClassPath = BaseTest.getResourceAsFile(this, "org.mortbay.jetty.jar").getParentFile(); final File dir1 = new File(testClassPath, "../../src/test/"); final File dir2 = new File(testClassPath, "../../src/test/resources/"); final String paths = String.format("%s" + File.pathSeparator + "%s", dir1.getAbsolutePath(), dir2.getAbsolutePath()); @@ -130,7 +133,8 @@ public class DriverLoaderTest { public void testLoad_String_String_badClassName() throws Exception { String className = "com.mybad.jdbc.Driver"; //we know this is in target/test-classes - File testClassPath = (new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath())).getParentFile(); + //File testClassPath = (new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath())).getParentFile(); + File testClassPath = BaseTest.getResourceAsFile(this, "org.mortbay.jetty.jar").getParentFile(); File driver = new File(testClassPath, "../../src/test/resources/mysql-connector-java-5.1.27-bin.jar"); assertTrue("MySQL Driver JAR file not found in src/test/resources?", driver.isFile()); @@ -144,7 +148,8 @@ public class DriverLoaderTest { public void testLoad_String_String_badPath() throws Exception { String className = "com.mysql.jdbc.Driver"; //we know this is in target/test-classes - File testClassPath = (new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath())).getParentFile(); + //File testClassPath = (new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath())).getParentFile(); + File testClassPath = BaseTest.getResourceAsFile(this, "org.mortbay.jetty.jar").getParentFile(); File driver = new File(testClassPath, "../../src/test/bad/mysql-connector-java-5.1.27-bin.jar"); Driver d = DriverLoader.load(className, driver.getAbsolutePath()); } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/NvdCveUpdaterIntegrationTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/NvdCveUpdaterIntegrationTest.java index 24863e04b..f3e13388f 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/NvdCveUpdaterIntegrationTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/NvdCveUpdaterIntegrationTest.java @@ -34,7 +34,8 @@ public class NvdCveUpdaterIntegrationTest extends BaseTest { public void setUp() throws Exception { int year = Calendar.getInstance().get(Calendar.YEAR); if (year <= 2014) { - File f = new File(NvdCveUpdaterIntegrationTest.class.getClassLoader().getResource("nvdcve-2.0-2014.xml").getPath()); + //File f = new File(NvdCveUpdaterIntegrationTest.class.getClassLoader().getResource("nvdcve-2.0-2014.xml").getPath()); + File f = BaseTest.getResourceAsFile(this, "nvdcve-2.0-2014.xml"); String baseURL = f.toURI().toURL().toString(); String modified12 = baseURL.replace("nvdcve-2.0-2014.xml", "nvdcve-modified.xml"); String modified20 = baseURL.replace("nvdcve-2.0-2014.xml", "nvdcve-2.0-modified.xml"); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/xml/NvdCve_1_2_HandlerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/xml/NvdCve_1_2_HandlerTest.java index 178211569..b4342d5bd 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/xml/NvdCve_1_2_HandlerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/xml/NvdCve_1_2_HandlerTest.java @@ -28,6 +28,7 @@ import static org.junit.Assert.assertTrue; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; +import org.owasp.dependencycheck.BaseTest; import org.owasp.dependencycheck.dependency.VulnerableSoftware; /** @@ -60,7 +61,8 @@ public class NvdCve_1_2_HandlerTest { SAXParserFactory factory = SAXParserFactory.newInstance(); SAXParser saxParser = factory.newSAXParser(); - File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2012.xml").getPath()); + //File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2012.xml").getPath()); + File file = BaseTest.getResourceAsFile(this, "nvdcve-2012.xml"); NvdCve12Handler instance = new NvdCve12Handler(); saxParser.parse(file, instance); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/xml/NvdCve_2_0_HandlerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/xml/NvdCve_2_0_HandlerTest.java index db003ee66..1ab52fbff 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/xml/NvdCve_2_0_HandlerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/xml/NvdCve_2_0_HandlerTest.java @@ -26,6 +26,7 @@ import static org.junit.Assert.assertTrue; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; +import org.owasp.dependencycheck.BaseTest; /** * @@ -59,7 +60,8 @@ public class NvdCve_2_0_HandlerTest { SAXParserFactory factory = SAXParserFactory.newInstance(); SAXParser saxParser = factory.newSAXParser(); - File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2.0-2012.xml").getPath()); + //File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2.0-2012.xml").getPath()); + File file = BaseTest.getResourceAsFile(this, "nvdcve-2.0-2012.xml"); NvdCve20Handler instance = new NvdCve20Handler(); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java index a3062ac0a..d66055e06 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java @@ -28,6 +28,7 @@ import static org.junit.Assert.assertTrue; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; +import org.owasp.dependencycheck.BaseTest; import org.owasp.dependencycheck.data.nexus.MavenArtifact; /** @@ -152,7 +153,9 @@ public class DependencyTest { */ @Test public void testGetMd5sum() { - File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); + //File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); + File file = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar"); + Dependency instance = new Dependency(file); //assertEquals("89CE9E36AA9A9E03F1450936D2F4F8DD0F961F8B", result.getSha1sum()); String expResult = "C30B57142E1CCBC1EFD5CD15F307358F"; @@ -176,7 +179,8 @@ public class DependencyTest { */ @Test public void testGetSha1sum() { - File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); + //File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); + File file = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar"); Dependency instance = new Dependency(file); String expResult = "89CE9E36AA9A9E03F1450936D2F4F8DD0F961F8B"; String result = instance.getSha1sum(); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorIntegrationTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorIntegrationTest.java index ac213659c..8ceb23748 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorIntegrationTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorIntegrationTest.java @@ -105,8 +105,8 @@ public class ReportGeneratorIntegrationTest extends BaseTest { } /** - * Generates an XML report containing known vulnerabilities and realistic data and validates the generated XML - * document against the XSD. + * Generates an XML report containing known vulnerabilities and realistic data and validates the generated XML document + * against the XSD. * * @throws Exception */ @@ -120,9 +120,12 @@ public class ReportGeneratorIntegrationTest extends BaseTest { } String writeTo = "target/test-reports/Report.xml"; - File struts = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); - File axis = new File(this.getClass().getClassLoader().getResource("axis2-adb-1.4.1.jar").getPath()); - File jetty = new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath()); + //File struts = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); + File struts = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar"); + //File axis = new File(this.getClass().getClassLoader().getResource("axis2-adb-1.4.1.jar").getPath()); + File axis = BaseTest.getResourceAsFile(this, "axis2-adb-1.4.1.jar"); + //File jetty = new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath()); + File jetty = BaseTest.getResourceAsFile(this, "org.mortbay.jetty.jar"); boolean autoUpdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionHandlerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionHandlerTest.java index ea678aad3..4b3e25210 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionHandlerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionHandlerTest.java @@ -31,6 +31,7 @@ import static org.junit.Assert.assertTrue; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; +import org.owasp.dependencycheck.BaseTest; import org.xml.sax.InputSource; import org.xml.sax.XMLReader; @@ -66,9 +67,11 @@ public class SuppressionHandlerTest { */ @Test public void testHandler() throws Exception { - File file = new File(this.getClass().getClassLoader().getResource("suppressions.xml").getPath()); + //File file = new File(this.getClass().getClassLoader().getResource("suppressions.xml").getPath()); + File file = BaseTest.getResourceAsFile(this, "suppressions.xml"); - File schema = new File(this.getClass().getClassLoader().getResource("schema/suppression.xsd").getPath()); + //File schema = new File(this.getClass().getClassLoader().getResource("schema/suppression.xsd").getPath()); + File schema = BaseTest.getResourceAsFile(this, "schema/suppression.xsd"); SuppressionHandler handler = new SuppressionHandler(); SAXParserFactory factory = SAXParserFactory.newInstance(); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionParserTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionParserTest.java index fd6c0e930..83a86c19f 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionParserTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionParserTest.java @@ -25,6 +25,7 @@ import static org.junit.Assert.assertTrue; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; +import org.owasp.dependencycheck.BaseTest; /** * Test of the suppression parser. @@ -57,7 +58,8 @@ public class SuppressionParserTest { */ @Test public void testParseSuppressionRules() throws Exception { - File file = new File(this.getClass().getClassLoader().getResource("suppressions.xml").getPath()); + //File file = new File(this.getClass().getClassLoader().getResource("suppressions.xml").getPath()); + File file = BaseTest.getResourceAsFile(this, "suppressions.xml"); SuppressionParser instance = new SuppressionParser(); List result = instance.parseSuppressionRules(file); assertTrue(result.size() > 3); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionRuleTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionRuleTest.java index 46f0edf0b..5c65b6614 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionRuleTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionRuleTest.java @@ -28,6 +28,7 @@ import static org.junit.Assert.assertTrue; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; +import org.owasp.dependencycheck.BaseTest; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Identifier; import org.owasp.dependencycheck.dependency.Vulnerability; @@ -422,7 +423,8 @@ public class SuppressionRuleTest { */ @Test public void testProcess() { - File struts = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); + //File struts = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); + File struts = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar"); Dependency dependency = new Dependency(struts); dependency.addIdentifier("cpe", "cpe:/a:microsoft:.net_framework:4.5", "some url not needed for this test"); String sha1 = dependency.getSha1sum(); @@ -501,7 +503,8 @@ public class SuppressionRuleTest { */ @Test public void testProcessGAV() { - File spring = new File(this.getClass().getClassLoader().getResource("spring-security-web-3.0.0.RELEASE.jar").getPath()); + //File spring = new File(this.getClass().getClassLoader().getResource("spring-security-web-3.0.0.RELEASE.jar").getPath()); + File spring = BaseTest.getResourceAsFile(this, "spring-security-web-3.0.0.RELEASE.jar"); Dependency dependency = new Dependency(spring); dependency.addIdentifier("cpe", "cpe:/a:vmware:springsource_spring_framework:3.0.0", "some url not needed for this test"); dependency.addIdentifier("cpe", "cpe:/a:springsource:spring_framework:3.0.0", "some url not needed for this test");