github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-24 10:01:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

added generic methods to get references to resources to resolve issue #181

Browse Source 
Former-commit-id: 465d3310b1ad5b54e49ab65e5e0e4b003f79998b
This commit is contained in:
Jeremy Long
2015-02-13 06:18:56 -05:00
parent a5d8ce07d8
commit 49e8ee443c
19 changed files with 136 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseTest.java
View File

@@ -15,7 +15,10 @@
*/ */
package org.owasp.dependencycheck; package org.owasp.dependencycheck;
import java.io.File;
import java.io.InputStream;
import org.junit.AfterClass; import org.junit.AfterClass;
import org.junit.Assume;
import org.junit.BeforeClass; import org.junit.BeforeClass;
import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.utils.Settings;
@@ -34,4 +37,31 @@ public class BaseTest {
public static void tearDownClass() throws Exception { public static void tearDownClass() throws Exception {
Settings.cleanup(true); Settings.cleanup(true);
} }
/**
* Returns the given resource as an InputStream using the object's class loader. The org.junit.Assume API is used so that test
* cases are skipped if the resource is not available.
*
* @param o the object used to obtain a reference to the class loader
* @param resource the name of the resource to load
* @return the resource as an InputStream
*/
public static InputStream getResourceAsStream(Object o, String resource) {
getResourceAsFile(o, resource);
return o.getClass().getClassLoader().getResourceAsStream(resource);
}
/**
* Returns the given resource as a File using the object's class loader. The org.junit.Assume API is used so that test cases
* are skipped if the resource is not available.
*
* @param o the object used to obtain a reference to the class loader
* @param resource the name of the resource to load
* @return the resource as an File
*/
public static File getResourceAsFile(Object o, String resource) {
File f = new File(o.getClass().getClassLoader().getResource(resource).getPath());
Assume.assumeTrue(String.format("%n%n[SEVERE] Unable to load resource for test case: %s%n%n", resource), f.exists());
return f;
}
} }

17
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerIntegrationTest.java
View File

@@ -23,6 +23,7 @@ import java.util.Set;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import org.junit.Test; import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.cpe.AbstractDatabaseTestCase; import org.owasp.dependencycheck.data.cpe.AbstractDatabaseTestCase;
import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Dependency;
@@ -129,8 +130,8 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
instance.supportsExtension("ear"); instance.supportsExtension("ear");
try { try {
instance.initialize(); instance.initialize();
File file = BaseTest.getResourceAsFile(this, "daytrader-ear-2.1.7.ear");
File file = new File(this.getClass().getClassLoader().getResource("daytrader-ear-2.1.7.ear").getPath()); //File file = new File(this.getClass().getClassLoader().getResource("daytrader-ear-2.1.7.ear").getPath());
Dependency dependency = new Dependency(file); Dependency dependency = new Dependency(file);
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false); Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
@@ -162,7 +163,8 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
instance.initialize(); instance.initialize();
//File file = new File(this.getClass().getClassLoader().getResource("file.tar").getPath()); //File file = new File(this.getClass().getClassLoader().getResource("file.tar").getPath());
File file = new File(this.getClass().getClassLoader().getResource("stagedhttp-modified.tar").getPath()); //File file = new File(this.getClass().getClassLoader().getResource("stagedhttp-modified.tar").getPath());
File file = BaseTest.getResourceAsFile(this, "stagedhttp-modified.tar");
Dependency dependency = new Dependency(file); Dependency dependency = new Dependency(file);
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false); Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
@@ -191,7 +193,8 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
try { try {
instance.initialize(); instance.initialize();
File file = new File(this.getClass().getClassLoader().getResource("file.tar.gz").getPath()); //File file = new File(this.getClass().getClassLoader().getResource("file.tar.gz").getPath());
File file = BaseTest.getResourceAsFile(this, "file.tar.gz");
//Dependency dependency = new Dependency(file); //Dependency dependency = new Dependency(file);
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false); Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
@@ -243,7 +246,8 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
try { try {
instance.initialize(); instance.initialize();
File file = new File(this.getClass().getClassLoader().getResource("file.tgz").getPath()); //File file = new File(this.getClass().getClassLoader().getResource("file.tgz").getPath());
File file = BaseTest.getResourceAsFile(this, "file.tgz");
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false); Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false); Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
@@ -270,7 +274,8 @@ public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
try { try {
instance.initialize(); instance.initialize();
File file = new File(this.getClass().getClassLoader().getResource("test.zip").getPath()); //File file = new File(this.getClass().getClassLoader().getResource("test.zip").getPath());
File file = BaseTest.getResourceAsFile(this, "test.zip");
Dependency dependency = new Dependency(file); Dependency dependency = new Dependency(file);
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false); Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);

10
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java
View File

@@ -78,7 +78,8 @@ public class AssemblyAnalyzerTest extends BaseTest {
@Test @Test
public void testAnalysis() throws Exception { public void testAnalysis() throws Exception {
File f = new File(AssemblyAnalyzerTest.class.getClassLoader().getResource("GrokAssembly.exe").getPath()); //File f = new File(AssemblyAnalyzerTest.class.getClassLoader().getResource("GrokAssembly.exe").getPath());
File f = BaseTest.getResourceAsFile(this, "GrokAssembly.exe");
Dependency d = new Dependency(f); Dependency d = new Dependency(f);
analyzer.analyze(d, null); analyzer.analyze(d, null);
boolean foundVendor = false; boolean foundVendor = false;
@@ -100,7 +101,9 @@ public class AssemblyAnalyzerTest extends BaseTest {
@Test @Test
public void testLog4Net() throws Exception { public void testLog4Net() throws Exception {
File f = new File(AssemblyAnalyzerTest.class.getClassLoader().getResource("log4net.dll").getPath()); //File f = new File(AssemblyAnalyzerTest.class.getClassLoader().getResource("log4net.dll").getPath());
File f = BaseTest.getResourceAsFile(this, "log4net.dll");
Dependency d = new Dependency(f); Dependency d = new Dependency(f);
analyzer.analyze(d, null); analyzer.analyze(d, null);
assertTrue(d.getVersionEvidence().getEvidence().contains(new Evidence("grokassembly", "version", "1.2.13.0", Confidence.HIGHEST))); assertTrue(d.getVersionEvidence().getEvidence().contains(new Evidence("grokassembly", "version", "1.2.13.0", Confidence.HIGHEST)));
@@ -115,7 +118,8 @@ public class AssemblyAnalyzerTest extends BaseTest {
// Tweak the log level so the warning doesn't show in the console // Tweak the log level so the warning doesn't show in the console
Logger.getLogger(AssemblyAnalyzer.class.getName()).setLevel(Level.OFF); Logger.getLogger(AssemblyAnalyzer.class.getName()).setLevel(Level.OFF);
Logger.getLogger(Dependency.class.getName()).setLevel(Level.OFF); Logger.getLogger(Dependency.class.getName()).setLevel(Level.OFF);
File f = new File(AssemblyAnalyzerTest.class.getClassLoader().getResource("log4net.dll").getPath()); //File f = new File(AssemblyAnalyzerTest.class.getClassLoader().getResource("log4net.dll").getPath());
File f = BaseTest.getResourceAsFile(this, "log4net.dll");
File test = new File(f.getParent(), "nonexistent.dll"); File test = new File(f.getParent(), "nonexistent.dll");
Dependency d = new Dependency(test); Dependency d = new Dependency(test);

16
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java
View File

@@ -27,6 +27,7 @@ import org.apache.lucene.queryparser.classic.ParseException;
import org.junit.Assert; import org.junit.Assert;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import org.junit.Test; import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.data.cpe.AbstractDatabaseTestCase; import org.owasp.dependencycheck.data.cpe.AbstractDatabaseTestCase;
import org.owasp.dependencycheck.data.cpe.IndexEntry; import org.owasp.dependencycheck.data.cpe.IndexEntry;
import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Confidence;
@@ -110,7 +111,8 @@ public class CPEAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
*/ */
public void callDetermineCPE_full(String depName, String expResult, CPEAnalyzer instance, FileNameAnalyzer fnAnalyzer, JarAnalyzer jarAnalyzer, HintAnalyzer hAnalyzer, FalsePositiveAnalyzer fp) throws Exception { public void callDetermineCPE_full(String depName, String expResult, CPEAnalyzer instance, FileNameAnalyzer fnAnalyzer, JarAnalyzer jarAnalyzer, HintAnalyzer hAnalyzer, FalsePositiveAnalyzer fp) throws Exception {
File file = new File(this.getClass().getClassLoader().getResource(depName).getPath()); //File file = new File(this.getClass().getClassLoader().getResource(depName).getPath());
File file = BaseTest.getResourceAsFile(this, depName);
Dependency dep = new Dependency(file); Dependency dep = new Dependency(file);
@@ -137,7 +139,8 @@ public class CPEAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
*/ */
@Test @Test
public void testDetermineCPE() throws Exception { public void testDetermineCPE() throws Exception {
File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); //File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
File file = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar");
//File file = new File(this.getClass().getClassLoader().getResource("axis2-adb-1.4.1.jar").getPath()); //File file = new File(this.getClass().getClassLoader().getResource("axis2-adb-1.4.1.jar").getPath());
Dependency struts = new Dependency(file); Dependency struts = new Dependency(file);
@@ -147,15 +150,18 @@ public class CPEAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
JarAnalyzer jarAnalyzer = new JarAnalyzer(); JarAnalyzer jarAnalyzer = new JarAnalyzer();
jarAnalyzer.analyze(struts, null); jarAnalyzer.analyze(struts, null);
File fileCommonValidator = new File(this.getClass().getClassLoader().getResource("commons-validator-1.4.0.jar").getPath()); //File fileCommonValidator = new File(this.getClass().getClassLoader().getResource("commons-validator-1.4.0.jar").getPath());
File fileCommonValidator = BaseTest.getResourceAsFile(this, "commons-validator-1.4.0.jar");
Dependency commonValidator = new Dependency(fileCommonValidator); Dependency commonValidator = new Dependency(fileCommonValidator);
jarAnalyzer.analyze(commonValidator, null); jarAnalyzer.analyze(commonValidator, null);
File fileSpring = new File(this.getClass().getClassLoader().getResource("spring-core-2.5.5.jar").getPath()); //File fileSpring = new File(this.getClass().getClassLoader().getResource("spring-core-2.5.5.jar").getPath());
File fileSpring = BaseTest.getResourceAsFile(this, "spring-core-2.5.5.jar");
Dependency spring = new Dependency(fileSpring); Dependency spring = new Dependency(fileSpring);
jarAnalyzer.analyze(spring, null); jarAnalyzer.analyze(spring, null);
File fileSpring3 = new File(this.getClass().getClassLoader().getResource("spring-core-3.0.0.RELEASE.jar").getPath()); //File fileSpring3 = new File(this.getClass().getClassLoader().getResource("spring-core-3.0.0.RELEASE.jar").getPath());
File fileSpring3 = BaseTest.getResourceAsFile(this, "spring-core-3.0.0.RELEASE.jar");
Dependency spring3 = new Dependency(fileSpring3); Dependency spring3 = new Dependency(fileSpring3);
jarAnalyzer.analyze(spring3, null); jarAnalyzer.analyze(spring3, null);

7
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzerTest.java
View File

@@ -21,6 +21,7 @@ import java.io.File;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import org.junit.Test; import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Dependency;
/** /**
@@ -56,9 +57,11 @@ public class FileNameAnalyzerTest {
*/ */
@Test @Test
public void testAnalyze() throws Exception { public void testAnalyze() throws Exception {
File struts = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); //File struts = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
File struts = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar");
Dependency resultStruts = new Dependency(struts); Dependency resultStruts = new Dependency(struts);
File axis = new File(this.getClass().getClassLoader().getResource("axis2-adb-1.4.1.jar").getPath()); //File axis = new File(this.getClass().getClassLoader().getResource("axis2-adb-1.4.1.jar").getPath());
File axis = BaseTest.getResourceAsFile(this, "axis2-adb-1.4.1.jar");
Dependency resultAxis = new Dependency(axis); Dependency resultAxis = new Dependency(axis);
FileNameAnalyzer instance = new FileNameAnalyzer(); FileNameAnalyzer instance = new FileNameAnalyzer();
instance.analyze(resultStruts, null); instance.analyze(resultStruts, null);

6
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/HintAnalyzerTest.java
View File

@@ -69,9 +69,11 @@ public class HintAnalyzerTest extends BaseTest {
public void testAnalyze() throws Exception { public void testAnalyze() throws Exception {
HintAnalyzer instance = new HintAnalyzer(); HintAnalyzer instance = new HintAnalyzer();
File guice = new File(this.getClass().getClassLoader().getResource("guice-3.0.jar").getPath()); //File guice = new File(this.getClass().getClassLoader().getResource("guice-3.0.jar").getPath());
File guice = BaseTest.getResourceAsFile(this, "guice-3.0.jar");
//Dependency guice = new Dependency(fileg); //Dependency guice = new Dependency(fileg);
File spring = new File(this.getClass().getClassLoader().getResource("spring-core-3.0.0.RELEASE.jar").getPath()); //File spring = new File(this.getClass().getClassLoader().getResource("spring-core-3.0.0.RELEASE.jar").getPath());
File spring = BaseTest.getResourceAsFile(this, "spring-core-3.0.0.RELEASE.jar");
//Dependency spring = new Dependency(files); //Dependency spring = new Dependency(files);
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false); Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);

9
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java
View File

@@ -41,14 +41,16 @@ public class JarAnalyzerTest extends BaseTest {
*/ */
@Test @Test
public void testAnalyze() throws Exception { public void testAnalyze() throws Exception {
File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); //File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
File file = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar");
Dependency result = new Dependency(file); Dependency result = new Dependency(file);
JarAnalyzer instance = new JarAnalyzer(); JarAnalyzer instance = new JarAnalyzer();
instance.analyze(result, null); instance.analyze(result, null);
assertTrue(result.getVendorEvidence().toString().toLowerCase().contains("apache")); assertTrue(result.getVendorEvidence().toString().toLowerCase().contains("apache"));
assertTrue(result.getVendorEvidence().getWeighting().contains("apache")); assertTrue(result.getVendorEvidence().getWeighting().contains("apache"));
file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath()); //file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath());
file = BaseTest.getResourceAsFile(this, "org.mortbay.jetty.jar");
result = new Dependency(file); result = new Dependency(file);
instance.analyze(result, null); instance.analyze(result, null);
boolean found = false; boolean found = false;
@@ -81,7 +83,8 @@ public class JarAnalyzerTest extends BaseTest {
} }
assertTrue("implementation-version of 4.2.27 not found in org.mortbay.jetty.jar", found); assertTrue("implementation-version of 4.2.27 not found in org.mortbay.jetty.jar", found);
file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jmx.jar").getPath()); //file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jmx.jar").getPath());
file = BaseTest.getResourceAsFile(this, "org.mortbay.jmx.jar");
result = new Dependency(file); result = new Dependency(file);
instance.analyze(result, null); instance.analyze(result, null);
assertEquals("org.mortbar,jmx.jar has version evidence?", result.getVersionEvidence().size(), 0); assertEquals("org.mortbar,jmx.jar has version evidence?", result.getVersionEvidence().size(), 0);

9
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzerTest.java
View File

@@ -84,9 +84,12 @@ public class JavaScriptAnalyzerTest extends BaseTest {
*/ */
@Test @Test
public void testAnalyze() throws Exception { public void testAnalyze() throws Exception {
File jq6 = new File(this.getClass().getClassLoader().getResource("jquery-1.6.2.min.js").getPath()); //File jq6 = new File(this.getClass().getClassLoader().getResource("jquery-1.6.2.min.js").getPath());
File jq10 = new File(this.getClass().getClassLoader().getResource("jquery-1.10.2.js").getPath()); File jq6 = BaseTest.getResourceAsFile(this, "jquery-1.6.2.min.js");
File jq10min = new File(this.getClass().getClassLoader().getResource("jquery-1.10.2.min.js").getPath()); //File jq10 = new File(this.getClass().getClassLoader().getResource("jquery-1.10.2.js").getPath());
File jq10 = BaseTest.getResourceAsFile(this, "jquery-1.10.2.js");
//File jq10min = new File(this.getClass().getClassLoader().getResource("jquery-1.10.2.min.js").getPath());
File jq10min = BaseTest.getResourceAsFile(this, "jquery-1.10.2.min.js");
Dependency depJQ6 = new Dependency(jq6); Dependency depJQ6 = new Dependency(jq6);
Dependency depJQ10 = new Dependency(jq10); Dependency depJQ10 = new Dependency(jq10);
Dependency depJQ10min = new Dependency(jq10min); Dependency depJQ10min = new Dependency(jq10min);

7
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/VulnerabilitySuppressionAnalyzerIntegrationTest.java
View File

@@ -21,6 +21,7 @@ import java.io.File;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import org.junit.Test; import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.cpe.AbstractDatabaseTestCase; import org.owasp.dependencycheck.data.cpe.AbstractDatabaseTestCase;
import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Dependency;
@@ -61,8 +62,10 @@ public class VulnerabilitySuppressionAnalyzerIntegrationTest extends AbstractDat
@Test @Test
public void testAnalyze() throws Exception { public void testAnalyze() throws Exception {
File file = new File(this.getClass().getClassLoader().getResource("commons-fileupload-1.2.1.jar").getPath()); //File file = new File(this.getClass().getClassLoader().getResource("commons-fileupload-1.2.1.jar").getPath());
File suppression = new File(this.getClass().getClassLoader().getResource("commons-fileupload-1.2.1.suppression.xml").getPath()); File file = BaseTest.getResourceAsFile(this, "commons-fileupload-1.2.1.jar");
//File suppression = new File(this.getClass().getClassLoader().getResource("commons-fileupload-1.2.1.suppression.xml").getPath());
File suppression = BaseTest.getResourceAsFile(this, "commons-fileupload-1.2.1.suppression.xml");
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false); Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false); Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);

10
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nuget/XPathNuspecParserTest.java
View File

@@ -18,6 +18,7 @@
package org.owasp.dependencycheck.data.nuget; package org.owasp.dependencycheck.data.nuget;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.InputStream; import java.io.InputStream;
import java.io.PrintStream; import java.io.PrintStream;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
@@ -39,7 +40,8 @@ public class XPathNuspecParserTest extends BaseTest {
@Test @Test
public void testGoodDocument() throws Exception { public void testGoodDocument() throws Exception {
NuspecParser parser = new XPathNuspecParser(); NuspecParser parser = new XPathNuspecParser();
InputStream is = XPathNuspecParserTest.class.getClassLoader().getResourceAsStream("log4net.2.0.3.nuspec"); //InputStream is = XPathNuspecParserTest.class.getClassLoader().getResourceAsStream("log4net.2.0.3.nuspec");
InputStream is = BaseTest.getResourceAsStream(this, "log4net.2.0.3.nuspec");
NugetPackage np = parser.parse(is); NugetPackage np = parser.parse(is);
assertEquals("log4net", np.getId()); assertEquals("log4net", np.getId());
assertEquals("2.0.3", np.getVersion()); assertEquals("2.0.3", np.getVersion());
@@ -57,7 +59,8 @@ public class XPathNuspecParserTest extends BaseTest {
@Test(expected = NuspecParseException.class) @Test(expected = NuspecParseException.class)
public void testMissingDocument() throws Exception { public void testMissingDocument() throws Exception {
NuspecParser parser = new XPathNuspecParser(); NuspecParser parser = new XPathNuspecParser();
InputStream is = XPathNuspecParserTest.class.getClassLoader().getResourceAsStream("dependencycheck.properties"); //InputStream is = XPathNuspecParserTest.class.getClassLoader().getResourceAsStream("dependencycheck.properties");
InputStream is = BaseTest.getResourceAsStream(this, "dependencycheck.properties");
//hide the fatal message from the core parser //hide the fatal message from the core parser
final ByteArrayOutputStream myOut = new ByteArrayOutputStream(); final ByteArrayOutputStream myOut = new ByteArrayOutputStream();
@@ -74,7 +77,8 @@ public class XPathNuspecParserTest extends BaseTest {
@Test(expected = NuspecParseException.class) @Test(expected = NuspecParseException.class)
public void testNotNuspec() throws Exception { public void testNotNuspec() throws Exception {
NuspecParser parser = new XPathNuspecParser(); NuspecParser parser = new XPathNuspecParser();
InputStream is = XPathNuspecParserTest.class.getClassLoader().getResourceAsStream("suppressions.xml"); //InputStream is = XPathNuspecParserTest.class.getClassLoader().getResourceAsStream("suppressions.xml");
InputStream is = BaseTest.getResourceAsStream(this, "suppressions.xml");
NugetPackage np = parser.parse(is); NugetPackage np = parser.parse(is);
} }
} }

13
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DriverLoaderTest.java
View File

@@ -27,6 +27,7 @@ import static org.junit.Assert.assertTrue;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass; import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
/** /**
* *
@@ -85,7 +86,8 @@ public class DriverLoaderTest {
public void testLoad_String_String() throws Exception { public void testLoad_String_String() throws Exception {
String className = "com.mysql.jdbc.Driver"; String className = "com.mysql.jdbc.Driver";
//we know this is in target/test-classes //we know this is in target/test-classes
File testClassPath = (new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath())).getParentFile(); //File testClassPath = (new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath())).getParentFile();
File testClassPath = BaseTest.getResourceAsFile(this, "org.mortbay.jetty.jar").getParentFile();
File driver = new File(testClassPath, "../../src/test/resources/mysql-connector-java-5.1.27-bin.jar"); File driver = new File(testClassPath, "../../src/test/resources/mysql-connector-java-5.1.27-bin.jar");
assertTrue("MySQL Driver JAR file not found in src/test/resources?", driver.isFile()); assertTrue("MySQL Driver JAR file not found in src/test/resources?", driver.isFile());
@@ -108,7 +110,8 @@ public class DriverLoaderTest {
public void testLoad_String_String_multiple_paths() throws Exception { public void testLoad_String_String_multiple_paths() throws Exception {
final String className = "com.mysql.jdbc.Driver"; final String className = "com.mysql.jdbc.Driver";
//we know this is in target/test-classes //we know this is in target/test-classes
final File testClassPath = (new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath())).getParentFile(); //final File testClassPath = (new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath())).getParentFile();
final File testClassPath = BaseTest.getResourceAsFile(this, "org.mortbay.jetty.jar").getParentFile();
final File dir1 = new File(testClassPath, "../../src/test/"); final File dir1 = new File(testClassPath, "../../src/test/");
final File dir2 = new File(testClassPath, "../../src/test/resources/"); final File dir2 = new File(testClassPath, "../../src/test/resources/");
final String paths = String.format("%s" + File.pathSeparator + "%s", dir1.getAbsolutePath(), dir2.getAbsolutePath()); final String paths = String.format("%s" + File.pathSeparator + "%s", dir1.getAbsolutePath(), dir2.getAbsolutePath());
@@ -130,7 +133,8 @@ public class DriverLoaderTest {
public void testLoad_String_String_badClassName() throws Exception { public void testLoad_String_String_badClassName() throws Exception {
String className = "com.mybad.jdbc.Driver"; String className = "com.mybad.jdbc.Driver";
//we know this is in target/test-classes //we know this is in target/test-classes
File testClassPath = (new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath())).getParentFile(); //File testClassPath = (new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath())).getParentFile();
File testClassPath = BaseTest.getResourceAsFile(this, "org.mortbay.jetty.jar").getParentFile();
File driver = new File(testClassPath, "../../src/test/resources/mysql-connector-java-5.1.27-bin.jar"); File driver = new File(testClassPath, "../../src/test/resources/mysql-connector-java-5.1.27-bin.jar");
assertTrue("MySQL Driver JAR file not found in src/test/resources?", driver.isFile()); assertTrue("MySQL Driver JAR file not found in src/test/resources?", driver.isFile());
@@ -144,7 +148,8 @@ public class DriverLoaderTest {
public void testLoad_String_String_badPath() throws Exception { public void testLoad_String_String_badPath() throws Exception {
String className = "com.mysql.jdbc.Driver"; String className = "com.mysql.jdbc.Driver";
//we know this is in target/test-classes //we know this is in target/test-classes
File testClassPath = (new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath())).getParentFile(); //File testClassPath = (new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath())).getParentFile();
File testClassPath = BaseTest.getResourceAsFile(this, "org.mortbay.jetty.jar").getParentFile();
File driver = new File(testClassPath, "../../src/test/bad/mysql-connector-java-5.1.27-bin.jar"); File driver = new File(testClassPath, "../../src/test/bad/mysql-connector-java-5.1.27-bin.jar");
Driver d = DriverLoader.load(className, driver.getAbsolutePath()); Driver d = DriverLoader.load(className, driver.getAbsolutePath());
} }

3
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/NvdCveUpdaterIntegrationTest.java
View File

@@ -34,7 +34,8 @@ public class NvdCveUpdaterIntegrationTest extends BaseTest {
public void setUp() throws Exception { public void setUp() throws Exception {
int year = Calendar.getInstance().get(Calendar.YEAR); int year = Calendar.getInstance().get(Calendar.YEAR);
if (year <= 2014) { if (year <= 2014) {
File f = new File(NvdCveUpdaterIntegrationTest.class.getClassLoader().getResource("nvdcve-2.0-2014.xml").getPath()); //File f = new File(NvdCveUpdaterIntegrationTest.class.getClassLoader().getResource("nvdcve-2.0-2014.xml").getPath());
File f = BaseTest.getResourceAsFile(this, "nvdcve-2.0-2014.xml");
String baseURL = f.toURI().toURL().toString(); String baseURL = f.toURI().toURL().toString();
String modified12 = baseURL.replace("nvdcve-2.0-2014.xml", "nvdcve-modified.xml"); String modified12 = baseURL.replace("nvdcve-2.0-2014.xml", "nvdcve-modified.xml");
String modified20 = baseURL.replace("nvdcve-2.0-2014.xml", "nvdcve-2.0-modified.xml"); String modified20 = baseURL.replace("nvdcve-2.0-2014.xml", "nvdcve-2.0-modified.xml");

4
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/xml/NvdCve_1_2_HandlerTest.java
View File

@@ -28,6 +28,7 @@ import static org.junit.Assert.assertTrue;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass; import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.dependency.VulnerableSoftware; import org.owasp.dependencycheck.dependency.VulnerableSoftware;
/** /**
@@ -60,7 +61,8 @@ public class NvdCve_1_2_HandlerTest {
SAXParserFactory factory = SAXParserFactory.newInstance(); SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser saxParser = factory.newSAXParser(); SAXParser saxParser = factory.newSAXParser();
File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2012.xml").getPath()); //File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2012.xml").getPath());
File file = BaseTest.getResourceAsFile(this, "nvdcve-2012.xml");
NvdCve12Handler instance = new NvdCve12Handler(); NvdCve12Handler instance = new NvdCve12Handler();
saxParser.parse(file, instance); saxParser.parse(file, instance);

4
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/xml/NvdCve_2_0_HandlerTest.java
View File

@@ -26,6 +26,7 @@ import static org.junit.Assert.assertTrue;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass; import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
/** /**
* *
@@ -59,7 +60,8 @@ public class NvdCve_2_0_HandlerTest {
SAXParserFactory factory = SAXParserFactory.newInstance(); SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser saxParser = factory.newSAXParser(); SAXParser saxParser = factory.newSAXParser();
File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2.0-2012.xml").getPath()); //File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2.0-2012.xml").getPath());
File file = BaseTest.getResourceAsFile(this, "nvdcve-2.0-2012.xml");
NvdCve20Handler instance = new NvdCve20Handler(); NvdCve20Handler instance = new NvdCve20Handler();

8
dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java
View File

@@ -28,6 +28,7 @@ import static org.junit.Assert.assertTrue;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass; import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.data.nexus.MavenArtifact; import org.owasp.dependencycheck.data.nexus.MavenArtifact;
/** /**
@@ -152,7 +153,9 @@ public class DependencyTest {
*/ */
@Test @Test
public void testGetMd5sum() { public void testGetMd5sum() {
File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); //File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
File file = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar");
Dependency instance = new Dependency(file); Dependency instance = new Dependency(file);
//assertEquals("89CE9E36AA9A9E03F1450936D2F4F8DD0F961F8B", result.getSha1sum()); //assertEquals("89CE9E36AA9A9E03F1450936D2F4F8DD0F961F8B", result.getSha1sum());
String expResult = "C30B57142E1CCBC1EFD5CD15F307358F"; String expResult = "C30B57142E1CCBC1EFD5CD15F307358F";
@@ -176,7 +179,8 @@ public class DependencyTest {
*/ */
@Test @Test
public void testGetSha1sum() { public void testGetSha1sum() {
File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); //File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
File file = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar");
Dependency instance = new Dependency(file); Dependency instance = new Dependency(file);
String expResult = "89CE9E36AA9A9E03F1450936D2F4F8DD0F961F8B"; String expResult = "89CE9E36AA9A9E03F1450936D2F4F8DD0F961F8B";
String result = instance.getSha1sum(); String result = instance.getSha1sum();

13
dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorIntegrationTest.java
View File

@@ -105,8 +105,8 @@ public class ReportGeneratorIntegrationTest extends BaseTest {
} }
/** /**
* Generates an XML report containing known vulnerabilities and realistic data and validates the generated XML * Generates an XML report containing known vulnerabilities and realistic data and validates the generated XML document
* document against the XSD. * against the XSD.
* *
* @throws Exception * @throws Exception
*/ */
@@ -120,9 +120,12 @@ public class ReportGeneratorIntegrationTest extends BaseTest {
} }
String writeTo = "target/test-reports/Report.xml"; String writeTo = "target/test-reports/Report.xml";
File struts = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); //File struts = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
File axis = new File(this.getClass().getClassLoader().getResource("axis2-adb-1.4.1.jar").getPath()); File struts = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar");
File jetty = new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath()); //File axis = new File(this.getClass().getClassLoader().getResource("axis2-adb-1.4.1.jar").getPath());
File axis = BaseTest.getResourceAsFile(this, "axis2-adb-1.4.1.jar");
//File jetty = new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath());
File jetty = BaseTest.getResourceAsFile(this, "org.mortbay.jetty.jar");
boolean autoUpdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE); boolean autoUpdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE);
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false); Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);

7
dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionHandlerTest.java
View File

@@ -31,6 +31,7 @@ import static org.junit.Assert.assertTrue;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass; import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.xml.sax.InputSource; import org.xml.sax.InputSource;
import org.xml.sax.XMLReader; import org.xml.sax.XMLReader;
@@ -66,9 +67,11 @@ public class SuppressionHandlerTest {
*/ */
@Test @Test
public void testHandler() throws Exception { public void testHandler() throws Exception {
File file = new File(this.getClass().getClassLoader().getResource("suppressions.xml").getPath()); //File file = new File(this.getClass().getClassLoader().getResource("suppressions.xml").getPath());
File file = BaseTest.getResourceAsFile(this, "suppressions.xml");
File schema = new File(this.getClass().getClassLoader().getResource("schema/suppression.xsd").getPath()); //File schema = new File(this.getClass().getClassLoader().getResource("schema/suppression.xsd").getPath());
File schema = BaseTest.getResourceAsFile(this, "schema/suppression.xsd");
SuppressionHandler handler = new SuppressionHandler(); SuppressionHandler handler = new SuppressionHandler();
SAXParserFactory factory = SAXParserFactory.newInstance(); SAXParserFactory factory = SAXParserFactory.newInstance();

4
dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionParserTest.java
View File

@@ -25,6 +25,7 @@ import static org.junit.Assert.assertTrue;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass; import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
/** /**
* Test of the suppression parser. * Test of the suppression parser.
@@ -57,7 +58,8 @@ public class SuppressionParserTest {
*/ */
@Test @Test
public void testParseSuppressionRules() throws Exception { public void testParseSuppressionRules() throws Exception {
File file = new File(this.getClass().getClassLoader().getResource("suppressions.xml").getPath()); //File file = new File(this.getClass().getClassLoader().getResource("suppressions.xml").getPath());
File file = BaseTest.getResourceAsFile(this, "suppressions.xml");
SuppressionParser instance = new SuppressionParser(); SuppressionParser instance = new SuppressionParser();
List result = instance.parseSuppressionRules(file); List result = instance.parseSuppressionRules(file);
assertTrue(result.size() > 3); assertTrue(result.size() > 3);

7
dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionRuleTest.java
View File

@@ -28,6 +28,7 @@ import static org.junit.Assert.assertTrue;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass; import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Identifier; import org.owasp.dependencycheck.dependency.Identifier;
import org.owasp.dependencycheck.dependency.Vulnerability; import org.owasp.dependencycheck.dependency.Vulnerability;
@@ -422,7 +423,8 @@ public class SuppressionRuleTest {
*/ */
@Test @Test
public void testProcess() { public void testProcess() {
File struts = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath()); //File struts = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
File struts = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar");
Dependency dependency = new Dependency(struts); Dependency dependency = new Dependency(struts);
dependency.addIdentifier("cpe", "cpe:/a:microsoft:.net_framework:4.5", "some url not needed for this test"); dependency.addIdentifier("cpe", "cpe:/a:microsoft:.net_framework:4.5", "some url not needed for this test");
String sha1 = dependency.getSha1sum(); String sha1 = dependency.getSha1sum();
@@ -501,7 +503,8 @@ public class SuppressionRuleTest {
*/ */
@Test @Test
public void testProcessGAV() { public void testProcessGAV() {
File spring = new File(this.getClass().getClassLoader().getResource("spring-security-web-3.0.0.RELEASE.jar").getPath()); //File spring = new File(this.getClass().getClassLoader().getResource("spring-security-web-3.0.0.RELEASE.jar").getPath());
File spring = BaseTest.getResourceAsFile(this, "spring-security-web-3.0.0.RELEASE.jar");
Dependency dependency = new Dependency(spring); Dependency dependency = new Dependency(spring);
dependency.addIdentifier("cpe", "cpe:/a:vmware:springsource_spring_framework:3.0.0", "some url not needed for this test"); dependency.addIdentifier("cpe", "cpe:/a:vmware:springsource_spring_framework:3.0.0", "some url not needed for this test");
dependency.addIdentifier("cpe", "cpe:/a:springsource:spring_framework:3.0.0", "some url not needed for this test"); dependency.addIdentifier("cpe", "cpe:/a:springsource:spring_framework:3.0.0", "some url not needed for this test");