From 4fc8dd59d2b67ebd678ec4b91b8367034e78c754 Mon Sep 17 00:00:00 2001 From: brianf Date: Mon, 25 Sep 2017 10:18:56 -0400 Subject: [PATCH] cleanup from reviews. Mostly formatting --- .../analyzer/CMakeAnalyzer.java | 2 +- .../analyzer/CocoaPodsAnalyzer.java | 12 +-- .../analyzer/ComposerLockAnalyzer.java | 29 ++++--- .../analyzer/NodePackageAnalyzer.java | 77 ++++++++++--------- .../analyzer/PythonDistributionAnalyzer.java | 18 ++--- .../analyzer/PythonPackageAnalyzer.java | 33 ++++---- .../analyzer/RubyGemspecAnalyzer.java | 30 ++++---- .../analyzer/SwiftPackageManagerAnalyzer.java | 39 +++++----- .../dependency/Dependency.java | 34 ++++---- .../analyzer/CMakeAnalyzerTest.java | 19 ++--- .../analyzer/ComposerLockAnalyzerTest.java | 2 +- 11 files changed, 142 insertions(+), 153 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java index 59e1d13bf..858f5dfde 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java @@ -154,7 +154,7 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer { @Override protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException { - dependency.setEcosystem(DEPENDENCY_ECOSYSTEM); + dependency.setEcosystem(DEPENDENCY_ECOSYSTEM); final File file = dependency.getActualFile(); final String name = file.getName(); String contents; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CocoaPodsAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CocoaPodsAnalyzer.java index c18ff8f26..62e6d5245 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CocoaPodsAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CocoaPodsAnalyzer.java @@ -43,11 +43,11 @@ import org.owasp.dependencycheck.utils.Settings; @Experimental public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer { - /** - * A descriptor for the type of dependencies processed or added by this analyzer - */ - public static final String DEPENDENCY_ECOSYSTEM = "CocoaPod"; - + /** + * A descriptor for the type of dependencies processed or added by this analyzer + */ + public static final String DEPENDENCY_ECOSYSTEM = "CocoaPod"; + /** * The logger. */ @@ -127,7 +127,7 @@ public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer { protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException { - dependency.setEcosystem(DEPENDENCY_ECOSYSTEM); + dependency.setEcosystem(DEPENDENCY_ECOSYSTEM); String contents; try { contents = FileUtils.readFileToString(dependency.getActualFile(), Charset.defaultCharset()); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.java index 9e69b18b9..acfbc0026 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.java @@ -46,11 +46,11 @@ import java.security.NoSuchAlgorithmException; @Experimental public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer { - /** - * A descriptor for the type of dependencies processed or added by this analyzer - */ - public static final String DEPENDENCY_ECOSYSTEM = "Composer"; - + /** + * A descriptor for the type of dependencies processed or added by this analyzer + */ + public static final String DEPENDENCY_ECOSYSTEM = "Composer"; + /** * The logger. */ @@ -117,10 +117,8 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer { final Dependency d = new Dependency(dependency.getActualFile()); final String filePath = String.format("%s:%s/%s/%s", dependency.getFilePath(), dep.getGroup(), dep.getProject(), dep.getVersion()); d.setName(dep.getProject()); - d.setVersion(dep.getVersion()); - - d.setEcosystem(DEPENDENCY_ECOSYSTEM); - + d.setVersion(dep.getVersion()); + d.setEcosystem(DEPENDENCY_ECOSYSTEM); final MessageDigest sha1 = getSha1MessageDigest(); d.setFilePath(filePath); d.setSha1sum(Checksum.getHex(sha1.digest(filePath.getBytes(Charset.defaultCharset())))); @@ -133,13 +131,12 @@ public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer { //make sure we only remove the main dependency if we went through this loop at least once. processedAtLeastOneDep = true; } - //remove the dependency at the end because it's referenced in the loop itself. - //double check the name to be sure we only remove the generic entry. - if (processedAtLeastOneDep && dependency.getDisplayFileName().equalsIgnoreCase("composer.lock")) { - LOGGER.debug("Removing main redundant dependency {}",dependency.getDisplayFileName()); - engine.getDependencies().remove(dependency); - - } + // remove the dependency at the end because it's referenced in the loop itself. + // double check the name to be sure we only remove the generic entry. + if (processedAtLeastOneDep && dependency.getDisplayFileName().equalsIgnoreCase("composer.lock")) { + LOGGER.debug("Removing main redundant dependency {}", dependency.getDisplayFileName()); + engine.getDependencies().remove(dependency); + } } catch (IOException ex) { LOGGER.warn("Error opening dependency {}", dependency.getActualFilePath()); } catch (ComposerException ce) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java index 8e4ea9d7f..07fdb7003 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java @@ -49,11 +49,11 @@ import org.owasp.dependencycheck.exception.InitializationException; @Experimental public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer { - /** - * A descriptor for the type of dependencies processed or added by this analyzer - */ - public static final String DEPENDENCY_ECOSYSTEM = "npm"; - + /** + * A descriptor for the type of dependencies processed or added by this analyzer + */ + public static final String DEPENDENCY_ECOSYSTEM = "npm"; + /** * The logger. */ @@ -125,39 +125,40 @@ public class NodePackageAnalyzer extends AbstractFileTypeAnalyzer { return Settings.KEYS.ANALYZER_NODE_PACKAGE_ENABLED; } - @Override - protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException { - dependency.setEcosystem(DEPENDENCY_ECOSYSTEM); - final File file = dependency.getActualFile(); - if (!file.isFile() || file.length()==0) { - return; - } - try (JsonReader jsonReader = Json.createReader(FileUtils.openInputStream(file))) { - final JsonObject json = jsonReader.readObject(); - final EvidenceCollection productEvidence = dependency.getProductEvidence(); - final EvidenceCollection vendorEvidence = dependency.getVendorEvidence(); - if (json.containsKey("name")) { - final Object value = json.get("name"); - if (value instanceof JsonString) { - final String valueString = ((JsonString) value).getString(); - productEvidence.addEvidence(PACKAGE_JSON, "name", valueString, Confidence.HIGHEST); - dependency.setName(valueString); - vendorEvidence.addEvidence(PACKAGE_JSON, "name_project", String.format("%s_project", valueString), Confidence.LOW); - } else { - LOGGER.warn("JSON value not string as expected: {}", value); - } - } - addToEvidence(json, productEvidence, "description"); - addToEvidence(json, vendorEvidence, "author"); - final String version = addToEvidence(json, dependency.getVersionEvidence(), "version"); - dependency.setVersion(version); - - } catch (JsonException e) { - LOGGER.warn("Failed to parse package.json file.", e); - } catch (IOException e) { - throw new AnalysisException("Problem occurred while reading dependency file.", e); - } - } + @Override + protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException { + dependency.setEcosystem(DEPENDENCY_ECOSYSTEM); + final File file = dependency.getActualFile(); + if (!file.isFile() || file.length() == 0) { + return; + } + try (JsonReader jsonReader = Json.createReader(FileUtils.openInputStream(file))) { + final JsonObject json = jsonReader.readObject(); + final EvidenceCollection productEvidence = dependency.getProductEvidence(); + final EvidenceCollection vendorEvidence = dependency.getVendorEvidence(); + if (json.containsKey("name")) { + final Object value = json.get("name"); + if (value instanceof JsonString) { + final String valueString = ((JsonString) value).getString(); + productEvidence.addEvidence(PACKAGE_JSON, "name", valueString, Confidence.HIGHEST); + dependency.setName(valueString); + vendorEvidence.addEvidence(PACKAGE_JSON, "name_project", String.format("%s_project", valueString), + Confidence.LOW); + } else { + LOGGER.warn("JSON value not string as expected: {}", value); + } + } + addToEvidence(json, productEvidence, "description"); + addToEvidence(json, vendorEvidence, "author"); + final String version = addToEvidence(json, dependency.getVersionEvidence(), "version"); + dependency.setVersion(version); + + } catch (JsonException e) { + LOGGER.warn("Failed to parse package.json file.", e); + } catch (IOException e) { + throw new AnalysisException("Problem occurred while reading dependency file.", e); + } + } /** * Adds information to an evidence collection from the node json diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java index d6002c5d4..6c2851e76 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java @@ -57,10 +57,10 @@ import java.util.concurrent.atomic.AtomicInteger; @Experimental public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer { - /** - * A descriptor for the type of dependencies processed or added by this analyzer - */ - public static final String DEPENDENCY_ECOSYSTEM = "Python.Dist"; + /** + * A descriptor for the type of dependencies processed or added by this analyzer + */ + public static final String DEPENDENCY_ECOSYSTEM = "Python.Dist"; /** * Name of egg metadata files to analyze. @@ -189,7 +189,7 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer { protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException { - dependency.setEcosystem(DEPENDENCY_ECOSYSTEM); + dependency.setEcosystem(DEPENDENCY_ECOSYSTEM); final File actualFile = dependency.getActualFile(); if (WHL_FILTER.accept(actualFile)) { collectMetadataFromArchiveFormat(dependency, DIST_INFO_FILTER, @@ -304,11 +304,9 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer { "Version", Confidence.HIGHEST); addPropertyToEvidence(headers, dependency.getProductEvidence(), "Name", Confidence.HIGHEST); - - dependency.setName(headers.getHeader("Name", null)); - dependency.setVersion(headers.getHeader("Version", null)); - - final String url = headers.getHeader("Home-page", null); + dependency.setName(headers.getHeader("Name", null)); + dependency.setVersion(headers.getHeader("Version", null)); + final String url = headers.getHeader("Home-page", null); final EvidenceCollection vendorEvidence = dependency .getVendorEvidence(); if (StringUtils.isNotBlank(url)) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java index 684b46b59..e4d357cb4 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java @@ -47,10 +47,10 @@ import org.owasp.dependencycheck.exception.InitializationException; public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer { /** - * A descriptor for the type of dependencies processed or added by this analyzer - */ - public static final String DEPENDENCY_ECOSYSTEM = "Python.Pkg"; - + * A descriptor for the type of dependencies processed or added by this analyzer + */ + public static final String DEPENDENCY_ECOSYSTEM = "Python.Pkg"; + /** * Used when compiling file scanning regex patterns. */ @@ -178,7 +178,7 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer { @Override protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException { - dependency.setEcosystem(DEPENDENCY_ECOSYSTEM); + dependency.setEcosystem(DEPENDENCY_ECOSYSTEM); final File file = dependency.getActualFile(); final File parent = file.getParentFile(); final String parentName = parent.getName(); @@ -186,7 +186,7 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer { //by definition, the containing folder of __init__.py is considered the package, even the file is empty: //"The __init__.py files are required to make Python treat the directories as containing packages" //see section "6.4 Packages" from https://docs.python.org/2/tutorial/modules.html; - dependency.setName(parentName); + dependency.setName(parentName); dependency.getProductEvidence().addEvidence(file.getName(), "PackageName", parentName, Confidence.HIGHEST); @@ -329,17 +329,16 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer { * @param confidence in evidence * @return whether evidence was found */ - private boolean gatherVersionEvidence(Pattern pattern, String contents, - String source, EvidenceCollection evidence, String name, - Confidence confidence,Dependency d) { - final Matcher matcher = pattern.matcher(contents); - final boolean found = matcher.find(); - if (found) { - evidence.addEvidence(source, name, matcher.group(4), confidence); - d.setVersion(matcher.group(4)); - } - return found; - } + private boolean gatherVersionEvidence(Pattern pattern, String contents, String source, EvidenceCollection evidence, + String name, Confidence confidence, Dependency d) { + final Matcher matcher = pattern.matcher(contents); + final boolean found = matcher.find(); + if (found) { + evidence.addEvidence(source, name, matcher.group(4), confidence); + d.setVersion(matcher.group(4)); + } + return found; + } @Override protected String getAnalyzerEnabledSettingKey() { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.java index 6256e83db..ed89d1b71 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.java @@ -49,10 +49,10 @@ import org.slf4j.LoggerFactory; public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer { /** - * A descriptor for the type of dependencies processed or added by this analyzer - */ - public static final String DEPENDENCY_ECOSYSTEM = "Ruby.Bundle"; - + * A descriptor for the type of dependencies processed or added by this analyzer + */ + public static final String DEPENDENCY_ECOSYSTEM = "Ruby.Bundle"; + /** * The logger. */ @@ -137,7 +137,7 @@ public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer { @Override protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException { - dependency.setEcosystem(DEPENDENCY_ECOSYSTEM); + dependency.setEcosystem(DEPENDENCY_ECOSYSTEM); String contents; try { contents = FileUtils.readFileToString(dependency.getActualFile(), Charset.defaultCharset()); @@ -153,10 +153,10 @@ public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer { final EvidenceCollection vendor = dependency.getVendorEvidence(); final EvidenceCollection product = dependency.getProductEvidence(); final String name = addStringEvidence(product, contents, blockVariable, "name", "name", Confidence.HIGHEST); - if (!name.isEmpty()) { - dependency.setName(name); - vendor.addEvidence(GEMSPEC, "name_project", name + "_project", Confidence.LOW); - } + if (!name.isEmpty()) { + dependency.setName(name); + vendor.addEvidence(GEMSPEC, "name_project", name + "_project", Confidence.LOW); + } addStringEvidence(product, contents, blockVariable, "summary", "summary", Confidence.LOW); addStringEvidence(vendor, contents, blockVariable, "author", "authors?", Confidence.HIGHEST); @@ -164,17 +164,15 @@ public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer { addStringEvidence(vendor, contents, blockVariable, "homepage", "homepage", Confidence.HIGHEST); addStringEvidence(vendor, contents, blockVariable, "license", "licen[cs]es?", Confidence.HIGHEST); - final String value = addStringEvidence(dependency.getVersionEvidence(), contents, - blockVariable, "version", "version", Confidence.HIGHEST); + final String value = addStringEvidence(dependency.getVersionEvidence(), contents, blockVariable, "version", + "version", Confidence.HIGHEST); if (value.length() < 1) { addEvidenceFromVersionFile(dependency.getActualFile(), dependency.getVersionEvidence()); } - else - { - dependency.setVersion(value); - } + else { + dependency.setVersion(value); + } } - setPackagePath(dependency); } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/SwiftPackageManagerAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/SwiftPackageManagerAnalyzer.java index 076ad9178..744f9a3df 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/SwiftPackageManagerAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/SwiftPackageManagerAnalyzer.java @@ -43,11 +43,11 @@ import org.owasp.dependencycheck.utils.Settings; @Experimental public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer { - /** - * A descriptor for the type of dependencies processed or added by this analyzer - */ - public static final String DEPENDENCY_ECOSYSTEM = "Swift.PM"; - + /** + * A descriptor for the type of dependencies processed or added by this analyzer + */ + public static final String DEPENDENCY_ECOSYSTEM = "Swift.PM"; + /** * The name of the analyzer. */ @@ -124,8 +124,8 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer { protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException { - dependency.setEcosystem(DEPENDENCY_ECOSYSTEM); - + dependency.setEcosystem(DEPENDENCY_ECOSYSTEM); + String contents; try { contents = FileUtils.readFileToString(dependency.getActualFile(), Charset.defaultCharset()); @@ -143,18 +143,19 @@ public class SwiftPackageManagerAnalyzer extends AbstractFileTypeAnalyzer { final EvidenceCollection product = dependency.getProductEvidence(); final EvidenceCollection vendor = dependency.getVendorEvidence(); - //SPM is currently under development for SWIFT 3. Its current metadata includes package name and dependencies. - //Future interesting metadata: version, license, homepage, author, summary, etc. - final String name = addStringEvidence(product, packageDescription, "name", "name", Confidence.HIGHEST); - if (name != null && !name.isEmpty()) { - vendor.addEvidence(SPM_FILE_NAME, "name_project", name, Confidence.HIGHEST); - dependency.setName(name); - } - else - { - //if we can't get the name from the meta, then assume the name is the name of the parent folder containing the package.swift file. - dependency.setName(dependency.getActualFile().getParentFile().getName()); - } + // SPM is currently under development for SWIFT 3. Its current metadata includes + // package name and dependencies. + // Future interesting metadata: version, license, homepage, author, summary, + // etc. + final String name = addStringEvidence(product, packageDescription, "name", "name", Confidence.HIGHEST); + if (name != null && !name.isEmpty()) { + vendor.addEvidence(SPM_FILE_NAME, "name_project", name, Confidence.HIGHEST); + dependency.setName(name); + } else { + // if we can't get the name from the meta, then assume the name is the name of + // the parent folder containing the package.swift file. + dependency.setName(dependency.getActualFile().getParentFile().getName()); + } } setPackagePath(dependency); } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java index 6c4e792c5..7e8048507 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java @@ -304,22 +304,18 @@ public class Dependency implements Serializable, Comparable { * * @return the file name to display */ - public String getDisplayFileName() { - if (displayName == null) { - if(name != null) { - if (version != null) { - return name + ":" + version; - } - else { - return name; - } - } - else { - return this.fileName; - } - } - return this.displayName; - } + public String getDisplayFileName() { + if (displayName != null) { + return displayName; + } + if (name == null) { + return fileName; + } + if (version == null) { + return name; + } + return name + ":" + version; + } /** *

@@ -880,7 +876,8 @@ public class Dependency implements Serializable, Comparable { } /** - * @param version the version to set + * @param version + * the version to set */ public void setVersion(String version) { this.version = version; @@ -894,7 +891,8 @@ public class Dependency implements Serializable, Comparable { } /** - * @param ecosystem the ecosystem to set + * @param ecosystem + * the ecosystem to set */ public void setEcosystem(String ecosystem) { this.ecosystem = ecosystem; diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java index b47d7be5c..3a83621fb 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java @@ -139,17 +139,15 @@ public class CMakeAnalyzerTest extends BaseDBTestCase { analyzer.analyze(result, null); //this one finds nothing so it falls through to the filename. Can we do better? - assertEquals("OpenCVDetectPython.cmake",result.getDisplayFileName()); - - + assertEquals("OpenCVDetectPython.cmake",result.getDisplayFileName()); } - private void assertProductEvidence(Dependency result, String product) { - assertEquals(product,result.getName()); - assertTrue("Expected product evidence to contain \"" + product + "\".", - result.getProductEvidence().toString().contains(product)); - assertEquals(CMakeAnalyzer.DEPENDENCY_ECOSYSTEM,result.getEcosystem()); - } + private void assertProductEvidence(Dependency result, String product) { + assertEquals(product, result.getName()); + assertTrue("Expected product evidence to contain \"" + product + "\".", + result.getProductEvidence().toString().contains(product)); + assertEquals(CMakeAnalyzer.DEPENDENCY_ECOSYSTEM, result.getEcosystem()); + } /** * Test whether expected version evidence is gathered from OpenCV's third party cmake files. @@ -170,8 +168,7 @@ public class CMakeAnalyzerTest extends BaseDBTestCase { assertEquals("Number of additional dependencies should be 4.", 4, dependencies.size()); final Dependency last = dependencies.get(3); assertProductEvidence(last, "libavresample"); - assertVersionEvidence(last, "1.0.1"); - + assertVersionEvidence(last, "1.0.1"); } private void assertVersionEvidence(Dependency result, String version) { diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzerTest.java index 046267c7a..790cef2f7 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzerTest.java @@ -101,7 +101,7 @@ public class ComposerLockAnalyzerTest extends BaseDBTestCase { final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "composer.lock")); - ///test that we don't remove the parent if it's not redundant by name + //test that we don't remove the parent if it's not redundant by name result.setDisplayFileName("NotComposer.Lock"); engine.getDependencies().add(result); analyzer.analyze(result, engine);