github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-21 08:39:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'stevespringett-master' of github.com:jeremylong/DependencyCheck into stevespringett-master

Browse Source
This commit is contained in:
Jeremy Long
2017-06-02 06:45:47 -04:00
parent 4293cce282 8206aa9bfd
commit 52b2b4794e
2 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/NspSearch.java
View File

@@ -27,6 +27,7 @@ import java.net.URL;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.utils.URLConnectionFactory; import org.owasp.dependencycheck.utils.URLConnectionFactory;
import org.slf4j.Logger; import org.slf4j.Logger;
@@ -81,9 +82,10 @@ public class NspSearch {
* *
* @param packageJson the package.json file retrieved from the Dependency * @param packageJson the package.json file retrieved from the Dependency
* @return a List of zero or more Advisory object * @return a List of zero or more Advisory object
* @throws AnalysisException if Node Security Platform is unable to analyze the package
* @throws IOException if it's unable to connect to Node Security Platform * @throws IOException if it's unable to connect to Node Security Platform
*/ */
public List<Advisory> submitPackage(JsonObject packageJson) throws IOException { public List<Advisory> submitPackage(JsonObject packageJson) throws AnalysisException, IOException {
try { try {
List<Advisory> result = new ArrayList<>(); List<Advisory> result = new ArrayList<>();
byte[] packageDatabytes = packageJson.toString().getBytes(StandardCharsets.UTF_8); byte[] packageDatabytes = packageJson.toString().getBytes(StandardCharsets.UTF_8);
@@ -136,6 +138,10 @@ public class NspSearch {
} }
} }
} }
} else if (conn.getResponseCode() == 400) {
LOGGER.debug("Invalid payload submitted to Node Security Platform. Received response code: {} {}",
conn.getResponseCode(), conn.getResponseMessage());
throw new AnalysisException("Could not perform NSP analysis. Invalid payload submitted to Node Security Platform.");
} else { } else {
LOGGER.debug("Could not connect to Node Security Platform. Received response code: {} {}", LOGGER.debug("Could not connect to Node Security Platform. Received response code: {} {}",
conn.getResponseCode(), conn.getResponseMessage()); conn.getResponseCode(), conn.getResponseMessage());

13
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nsp/NspSearchTest.java
View File

@@ -21,6 +21,7 @@ import org.junit.Assert;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.owasp.dependencycheck.BaseTest; import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@@ -28,12 +29,10 @@ import javax.json.Json;
import javax.json.JsonObject; import javax.json.JsonObject;
import javax.json.JsonObjectBuilder; import javax.json.JsonObjectBuilder;
import javax.json.JsonReader; import javax.json.JsonReader;
import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.net.URL; import java.net.URL;
import java.util.List; import java.util.List;
import static org.junit.Assume.assumeFalse; import static org.junit.Assume.assumeFalse;
import static org.junit.Assume.assumeTrue;
import org.owasp.dependencycheck.utils.URLConnectionFailureException; import org.owasp.dependencycheck.utils.URLConnectionFailureException;
public class NspSearchTest extends BaseTest { public class NspSearchTest extends BaseTest {
@@ -59,13 +58,13 @@ public class NspSearchTest extends BaseTest {
final List<Advisory> advisories = searcher.submitPackage(nspPayload); final List<Advisory> advisories = searcher.submitPackage(nspPayload);
Assert.assertTrue(advisories.size() > 0); Assert.assertTrue(advisories.size() > 0);
} catch (Exception ex) { } catch (Exception ex) {
assumeFalse(ex instanceof URLConnectionFailureException assumeFalse(ex instanceof URLConnectionFailureException
&& ex.getMessage().contains("Unable to connect to ")); && ex.getMessage().contains("Unable to connect to "));
throw ex; throw ex;
} }
} }
@Test @Test(expected = AnalysisException.class)
public void testNspSearchNegative() throws Exception { public void testNspSearchNegative() throws Exception {
InputStream in = BaseTest.getResourceAsStream(this, "nsp/package.json"); InputStream in = BaseTest.getResourceAsStream(this, "nsp/package.json");
try (JsonReader jsonReader = Json.createReader(in)) { try (JsonReader jsonReader = Json.createReader(in)) {
@@ -73,9 +72,9 @@ public class NspSearchTest extends BaseTest {
final JsonObject sanitizedJson = SanitizePackage.sanitize(packageJson); final JsonObject sanitizedJson = SanitizePackage.sanitize(packageJson);
searcher.submitPackage(sanitizedJson); searcher.submitPackage(sanitizedJson);
} catch (Exception ex) { } catch (Exception ex) {
assumeFalse(ex instanceof URLConnectionFailureException assumeFalse(ex instanceof URLConnectionFailureException
&& ex.getMessage().contains("Unable to connect to ")); && ex.getMessage().contains("Unable to connect to "));
throw ex; throw ex;
} }
} }