Added PythonPackageAnalyzer, for directly analyzing Python library, a.k.a.,

package, source code.


Former-commit-id: 3154ea4ecddd794cb3e7f3686972fd7a6cc2177c

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java

@@ -47,7 +47,8 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
 	}
 
 	/**
-	 * Test of getSupportedExtensions method, of class JarAnalyzer.
+	 * Test of getSupportedExtensions method, of class
+	 * PythonDistributionAnalyzer.
 	 */
 	@Test
 	public void testGetSupportedExtensions() {
@@ -57,7 +58,7 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
 				new HashSet<String>(Arrays.asList(expected)),
 				new PythonDistributionAnalyzer().getSupportedExtensions());
 	}
-	
+
 	/**
 	 * Test of supportsExtension method, of class PythonDistributionAnalyzer.
 	 */
@@ -76,9 +77,8 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
 				analyzer.supportsExtension("PKG-INFO"));
 	}
 
-
 	/**
-	 * Test of inspect method, of class JarAnalyzer.
+	 * Test of inspect method, of class PythonDistributionAnalyzer.
 	 *
 	 * @throws Exception
 	 *             is thrown when an exception occurs.
@@ -90,7 +90,7 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
 	}
 
 	/**
-	 * Test of inspect method, of class JarAnalyzer.
+	 * Test of inspect method, of class PythonDistributionAnalyzer.
 	 *
 	 * @throws Exception
 	 *             is thrown when an exception occurs.
@@ -121,34 +121,41 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
 
 	@Test
 	public void testAnalyzeEggInfoFolder() throws AnalysisException {
-		eggtestAssertions("python/site-packages/EggTest.egg-info/PKG-INFO");
+		eggtestAssertions(this,
+				"python/site-packages/EggTest.egg-info/PKG-INFO",
+				new PythonDistributionAnalyzer());
 	}
 
 	@Test
 	public void testAnalyzeEggArchive() throws AnalysisException {
-		eggtestAssertions("python/dist/EggTest-0.0.1-py2.7.egg");
+		eggtestAssertions(this, "python/dist/EggTest-0.0.1-py2.7.egg",
+				new PythonDistributionAnalyzer());
 	}
 
 	@Test
 	public void testAnalyzeEggArchiveNamedZip() throws AnalysisException {
-		eggtestAssertions("python/dist/EggTest-0.0.1-py2.7.zip");
+		eggtestAssertions(this, "python/dist/EggTest-0.0.1-py2.7.zip",
+				new PythonDistributionAnalyzer());
 	}
 
 	@Test
 	public void testAnalyzeEggFolder() throws AnalysisException {
-		eggtestAssertions("python/site-packages/EggTest-0.0.1-py2.7.egg/EGG-INFO/PKG-INFO");
+		eggtestAssertions(
+				this,
+				"python/site-packages/EggTest-0.0.1-py2.7.egg/EGG-INFO/PKG-INFO",
+				new PythonDistributionAnalyzer());
 	}
 
-	private void eggtestAssertions(final String resource)
-			throws AnalysisException {
+	public static void eggtestAssertions(Object context, final String resource,
+			Analyzer analyzer) throws AnalysisException {
 		final Dependency result = new Dependency(BaseTest.getResourceAsFile(
-				this, resource));
-		new PythonDistributionAnalyzer().analyze(result, null);
+				context, resource));
+		analyzer.analyze(result, null);
 		assertTrue("Expected vendor evidence to contain \"example\".", result
 				.getVendorEvidence().toString().contains("example"));
 		boolean found = false;
 		for (final Evidence e : result.getVersionEvidence()) {
-			if ("Version".equals(e.getName()) && "0.0.1".equals(e.getValue())) {
+			if ("0.0.1".equals(e.getValue())) {
 				found = true;
 				break;
 			}

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzerTest.java

@@ -0,0 +1,73 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2015 Institute for Defense Analyses. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.analyzer;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.util.Arrays;
+import java.util.HashSet;
+
+import org.apache.commons.lang.StringUtils;
+import org.junit.Test;
+import org.owasp.dependencycheck.BaseTest;
+import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
+
+/**
+ * Unit tests for PythonPackageAnalyzer.
+ *
+ * @author Dale Visser <dvisser@ida.org>
+ */
+public class PythonPackageAnalyzerTest extends BaseTest {
+
+	/**
+	 * Test of getName method, of class PythonPackageAnalyzer.
+	 */
+	@Test
+	public void testGetName() {
+		assertEquals("Analyzer name wrong.", "Python Distribution Analyzer",
+				new PythonDistributionAnalyzer().getName());
+	}
+
+	/**
+	 * Test of getSupportedExtensions method, of class PythonPackageAnalyzer.
+	 */
+	@Test
+	public void testGetSupportedExtensions() {
+		final String[] expected = { "py" };
+		assertEquals("Supported extensions should just have the following: "
+				+ StringUtils.join(expected, ", "),
+				new HashSet<String>(Arrays.asList(expected)),
+				new PythonPackageAnalyzer().getSupportedExtensions());
+	}
+
+	/**
+	 * Test of supportsExtension method, of class PythonPackageAnalyzer.
+	 */
+	@Test
+	public void testSupportsExtension() {
+		assertTrue("Should support \"py\" extension.",
+				new PythonPackageAnalyzer().supportsExtension("py"));
+	}
+
+	@Test
+	public void testAnalyzeSourceMetadata() throws AnalysisException {
+		PythonDistributionAnalyzerTest.eggtestAssertions(this,
+				"python/eggtest/__init__.py", new PythonPackageAnalyzer());
+	}
+}

dependency-check-core/src/test/resources/python/eggtest/__about__.py

@@ -0,0 +1,9 @@
+__all__ = ["__title__", "__summary__", "__uri__", "__version__", "__author__",
+	"__email__" ]
+
+__title__ = "EggTest"
+__summary__ = "Simple project for producing an .egg."
+__uri__ = "http://example.org/eggtest"
+__version__ = "0.0.1"
+__author__ = "Dale Visser"
+__email__ = "dvisser@ida.org"

dependency-check-core/src/test/resources/python/setup.py

@@ -1,9 +1,11 @@
 from setuptools import setup
 
-setup(name = 'EggTest',
+about = {}
+execfile('eggtest/__about__.py', about)
+setup(name = about['__title__'],
       packages = ['eggtest'],
-      version = '0.0.1',
-      description = 'Simple project for producing an .egg.',
-      url = 'http://example.org/eggtest',
-      author = 'Dale Visser',
-      author_email = 'dvisser@ida.org')
+      version = about['__version__'],
+      description = about['__summary__'],
+      url = about['__uri__'],
+      author = about['__author__'],
+      author_email = about['__email__'])

dependency-check-core/src/test/resources/python/site-packages/EggTest-0.0.1-py2.7.egg/EGG-INFO/SOURCES.txt

@@ -3,5 +3,6 @@ EggTest.egg-info/PKG-INFO
 EggTest.egg-info/SOURCES.txt
 EggTest.egg-info/dependency_links.txt
 EggTest.egg-info/top_level.txt
+eggtest/__about__.py
 eggtest/__init__.py
 eggtest/main.py

dependency-check-core/src/test/resources/python/site-packages/EggTest-0.0.1-py2.7.egg/eggtest/__about__.py

@@ -0,0 +1,9 @@
+__all__ = ["__title__", "__summary__", "__uri__", "__version__", "__author__",
+	"__email__" ]
+
+__title__ = "EggTest"
+__summary__ = "Simple project for producing an .egg."
+__uri__ = "http://example.org/eggtest"
+__version__ = "0.0.1"
+__author__ = "Dale Visser"
+__email__ = "dvisser@ida.org"