github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-04-30 20:24:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #798 from markrekveld/engine-modes

Browse Source 
Adds engine execution modes to separate evidence collection from analysis. The default case is to use both evidence collection and analysis.
This commit is contained in:
Jeremy Long
2017-07-19 06:28:05 -04:00
committed by GitHub
parent 91b1d5cbde b762d8e664
commit 5703a44ab5
5 changed files with 271 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineModeIT.java Normal file
View File

@@ -0,0 +1,102 @@
package org.owasp.dependencycheck;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;
import org.junit.rules.TestName;
import org.owasp.dependencycheck.analyzer.AnalysisPhase;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.utils.Settings;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.List;
import static org.hamcrest.CoreMatchers.notNullValue;
import static org.hamcrest.CoreMatchers.nullValue;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.core.Is.is;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
/**
* @author Mark Rekveld
*/
public class EngineModeIT extends BaseTest {
@Rule
public TemporaryFolder tempDir = new TemporaryFolder();
@Rule
public TestName testName = new TestName();
@Before
public void setUp() throws Exception {
Settings.setString(Settings.KEYS.DATA_DIRECTORY, tempDir.newFolder().getAbsolutePath());
}
@Test
public void testEvidenceCollectionAndEvidenceProcessingModes() throws Exception {
List<Dependency> dependencies;
try (Engine engine = new Engine(Engine.Mode.EVIDENCE_COLLECTION)) {
assertDatabase(false);
for (AnalysisPhase phase : Engine.Mode.EVIDENCE_COLLECTION.phases) {
assertThat(engine.getAnalyzers(phase), is(notNullValue()));
}
for (AnalysisPhase phase : Engine.Mode.EVIDENCE_PROCESSING.phases) {
assertThat(engine.getAnalyzers(phase), is(nullValue()));
}
File file = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar");
engine.scan(file);
engine.analyzeDependencies();
dependencies = engine.getDependencies();
assertThat(dependencies.size(), is(1));
Dependency dependency = dependencies.get(0);
assertTrue(dependency.getVendorEvidence().toString().toLowerCase().contains("apache"));
assertTrue(dependency.getVendorEvidence().getWeighting().contains("apache"));
assertTrue(dependency.getVulnerabilities().isEmpty());
}
try (Engine engine = new Engine(Engine.Mode.EVIDENCE_PROCESSING)) {
assertDatabase(true);
for (AnalysisPhase phase : Engine.Mode.EVIDENCE_PROCESSING.phases) {
assertThat(engine.getAnalyzers(phase), is(notNullValue()));
}
for (AnalysisPhase phase : Engine.Mode.EVIDENCE_COLLECTION.phases) {
assertThat(engine.getAnalyzers(phase), is(nullValue()));
}
engine.setDependencies(dependencies);
engine.analyzeDependencies();
Dependency dependency = dependencies.get(0);
assertFalse(dependency.getVulnerabilities().isEmpty());
}
}
@Test
public void testStandaloneMode() throws Exception {
try (Engine engine = new Engine(Engine.Mode.STANDALONE)) {
assertDatabase(true);
for (AnalysisPhase phase : Engine.Mode.STANDALONE.phases) {
assertThat(engine.getAnalyzers(phase), is(notNullValue()));
}
File file = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar");
engine.scan(file);
engine.analyzeDependencies();
List<Dependency> dependencies = engine.getDependencies();
assertThat(dependencies.size(), is(1));
Dependency dependency = dependencies.get(0);
assertTrue(dependency.getVendorEvidence().toString().toLowerCase().contains("apache"));
assertTrue(dependency.getVendorEvidence().getWeighting().contains("apache"));
assertFalse(dependency.getVulnerabilities().isEmpty());
}
}
private void assertDatabase(boolean exists) throws Exception {
Path directory = Settings.getDataDirectory().toPath();
assertThat(Files.exists(directory), is(true));
assertThat(Files.isDirectory(directory), is(true));
Path database = directory.resolve(Settings.getString(Settings.KEYS.DB_FILE_NAME));
assertThat(Files.exists(database), is(exists));
}
}

28
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AnalyzerServiceTest.java
View File

@@ -17,13 +17,18 @@
*/
package org.owasp.dependencycheck.analyzer;
import java.util.List;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import org.junit.Test;
import org.owasp.dependencycheck.BaseDBTestCase;
import org.owasp.dependencycheck.utils.Settings;
import java.util.List;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import static org.owasp.dependencycheck.analyzer.AnalysisPhase.FINAL;
import static org.owasp.dependencycheck.analyzer.AnalysisPhase.INITIAL;
/**
*
* @author Jeremy Long
@@ -46,7 +51,22 @@ public class AnalyzerServiceTest extends BaseDBTestCase {
}
assertTrue("JarAnalyzer loaded", found);
}
/**
* Test of getAnalyzers method, of class AnalyzerService.
*/
@Test
public void testGetAnalyzers_SpecificPhases() throws Exception {
AnalyzerService instance = new AnalyzerService(Thread.currentThread().getContextClassLoader());
List<Analyzer> result = instance.getAnalyzers(INITIAL, FINAL);
for (Analyzer a : result) {
if (a.getAnalysisPhase() != INITIAL && a.getAnalysisPhase() != FINAL) {
fail("Only expecting analyzers for phases " + INITIAL + " and " + FINAL);
}
}
}
/**
* Test of getAnalyzers method, of class AnalyzerService.
*/