github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 16:23:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

renamed modules and fixed errors with various lifecycle stages

Browse Source
This commit is contained in:
Jeremy Long
2018-01-25 06:54:01 -05:00
parent 3736161e39
commit 62a5db6b8b
740 changed files with 40 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

194
cli/src/test/java/org/owasp/dependencycheck/AppTest.java Normal file
View File

@@ -0,0 +1,194 @@
/*
* This file is part of dependency-check-core.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright (c) 2017 The OWASP Foundation. All Rights Reserved.
*/
package org.owasp.dependencycheck;
import static org.hamcrest.core.Is.is;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
import java.io.File;
import java.io.FileNotFoundException;
import java.net.URISyntaxException;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.cli.ParseException;
import org.apache.commons.cli.UnrecognizedOptionException;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.utils.Settings.KEYS;
/**
* Tests for the {@link AppTest} class.
*/
public class AppTest extends BaseTest {
/**
* Test rule for asserting exceptions and their contents.
*/
@Rule
public ExpectedException expectedException = ExpectedException.none();
/**
* Test of ensureCanonicalPath method, of class App.
*/
@Test
public void testEnsureCanonicalPath() {
String file = "../*.jar";
App instance = new App(getSettings());
String result = instance.ensureCanonicalPath(file);
assertFalse(result.contains(".."));
assertTrue(result.endsWith("*.jar"));
file = "../some/skip/../path/file.txt";
String expResult = "/some/path/file.txt";
result = instance.ensureCanonicalPath(file);
assertTrue("result=" + result, result.endsWith(expResult));
}
/**
* Assert that boolean properties can be set on the CLI and parsed into the
* {@link Settings}.
*
* @throws Exception the unexpected {@link Exception}.
*/
@Test
public void testPopulateSettings() throws Exception {
File prop = new File(this.getClass().getClassLoader().getResource("sample.properties").toURI().getPath());
String[] args = {"-P", prop.getAbsolutePath()};
Map<String, Boolean> expected = new HashMap<>();
expected.put(Settings.KEYS.AUTO_UPDATE, Boolean.FALSE);
expected.put(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, Boolean.TRUE);
assertTrue(testBooleanProperties(args, expected));
String[] args2 = {"-n"};
expected.put(Settings.KEYS.AUTO_UPDATE, Boolean.FALSE);
expected.put(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, Boolean.TRUE);
assertTrue(testBooleanProperties(args2, expected));
String[] args3 = {"-h"};
expected.put(Settings.KEYS.AUTO_UPDATE, Boolean.TRUE);
expected.put(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, Boolean.TRUE);
assertTrue(testBooleanProperties(args3, expected));
String[] args4 = {"--disableArchive"};
expected.put(Settings.KEYS.AUTO_UPDATE, Boolean.TRUE);
expected.put(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, Boolean.FALSE);
assertTrue(testBooleanProperties(args4, expected));
String[] args5 = {"-P", prop.getAbsolutePath(), "--disableArchive"};
expected.put(Settings.KEYS.AUTO_UPDATE, Boolean.FALSE);
expected.put(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, Boolean.FALSE);
assertTrue(testBooleanProperties(args5, expected));
prop = new File(this.getClass().getClassLoader().getResource("sample2.properties").toURI().getPath());
String[] args6 = {"-P", prop.getAbsolutePath(), "--disableArchive"};
expected.put(Settings.KEYS.AUTO_UPDATE, Boolean.TRUE);
expected.put(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, Boolean.FALSE);
assertTrue(testBooleanProperties(args6, expected));
String[] args7 = {"-P", prop.getAbsolutePath(), "--noupdate"};
expected.put(Settings.KEYS.AUTO_UPDATE, Boolean.FALSE);
expected.put(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, Boolean.FALSE);
assertTrue(testBooleanProperties(args7, expected));
String[] args8 = {"-P", prop.getAbsolutePath(), "--noupdate", "--disableArchive"};
expected.put(Settings.KEYS.AUTO_UPDATE, Boolean.FALSE);
expected.put(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, Boolean.FALSE);
assertTrue(testBooleanProperties(args8, expected));
}
/**
* Assert that an {@link UnrecognizedOptionException} is thrown when a
* property that is not supported is specified on the CLI.
*
* @throws Exception the unexpected {@link Exception}.
*/
@Test
public void testPopulateSettingsException() throws Exception {
String[] args = {"-invalidPROPERTY"};
expectedException.expect(UnrecognizedOptionException.class);
expectedException.expectMessage("Unrecognized option: -invalidPROPERTY");
testBooleanProperties(args, null);
}
/**
* Assert that a single suppression file can be set using the CLI.
*
* @throws Exception the unexpected {@link Exception}.
*/
@Test
public void testPopulatingSuppressionSettingsWithASingleFile() throws Exception {
// GIVEN CLI properties with the mandatory arguments
File prop = new File(this.getClass().getClassLoader().getResource("sample.properties").toURI().getPath());
// AND a single suppression file
String[] args = {"-P", prop.getAbsolutePath(), "--suppression", "another-file.xml"};
// WHEN parsing the CLI arguments
final CliParser cli = new CliParser(getSettings());
cli.parse(args);
final App classUnderTest = new App(getSettings());
classUnderTest.populateSettings(cli);
// THEN the suppression file is set in the settings for use in the application core
assertThat("Expected the suppression file to be set in the Settings", getSettings().getString(KEYS.SUPPRESSION_FILE), is("another-file.xml"));
}
/**
* Assert that multiple suppression files can be set using the CLI.
*
* @throws Exception the unexpected {@link Exception}.
*/
@Test
public void testPopulatingSuppressionSettingsWithMultipleFiles() throws Exception {
// GIVEN CLI properties with the mandatory arguments
File prop = new File(this.getClass().getClassLoader().getResource("sample.properties").toURI().getPath());
// AND a single suppression file
String[] args = {"-P", prop.getAbsolutePath(), "--suppression", "first-file.xml", "another-file.xml"};
// WHEN parsing the CLI arguments
final CliParser cli = new CliParser(getSettings());
cli.parse(args);
final App classUnderTest = new App(getSettings());
classUnderTest.populateSettings(cli);
// THEN the suppression file is set in the settings for use in the application core
assertThat("Expected the suppression files to be set in the Settings with a separator", getSettings().getString(KEYS.SUPPRESSION_FILE), is("first-file.xml,another-file.xml"));
}
private boolean testBooleanProperties(String[] args, Map<String, Boolean> expected) throws URISyntaxException, FileNotFoundException, ParseException, InvalidSettingException {
this.reloadSettings();
final CliParser cli = new CliParser(getSettings());
cli.parse(args);
App instance = new App(getSettings());
instance.populateSettings(cli);
boolean results = true;
for (Map.Entry<String, Boolean> entry : expected.entrySet()) {
results &= getSettings().getBoolean(entry.getKey()) == entry.getValue();
}
return results;
}
}

62
cli/src/test/java/org/owasp/dependencycheck/BaseTest.java Normal file
View File

@@ -0,0 +1,62 @@
/*
* Copyright 2014 OWASP.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.owasp.dependencycheck;
import org.junit.After;
import org.junit.Before;
import org.owasp.dependencycheck.utils.Settings;
/**
*
* @author Jeremy Long
*/
public class BaseTest {
/**
* The configured settings.
*/
private Settings settings;
/**
* Initialize the {@link Settings}.
*/
@Before
public void setUp() {
settings = new Settings();
}
/**
* Clean the {@link Settings}.
*/
@After
public void tearDown() {
settings.cleanup(true);
}
/**
* Returns the settings for the test cases.
*
* @return
*/
protected Settings getSettings() {
return settings;
}
protected void reloadSettings() {
tearDown();
setUp();
}
}

309
cli/src/test/java/org/owasp/dependencycheck/CliParserTest.java Normal file
View File

@@ -0,0 +1,309 @@
/*
* This file is part of Dependency-Check.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.PrintStream;
import org.apache.commons.cli.ParseException;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.owasp.dependencycheck.utils.Settings;
/**
*
* @author Jeremy Long
*/
public class CliParserTest extends BaseTest {
/**
* Test of parse method, of class CliParser.
*
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testParse() throws Exception {
String[] args = {};
PrintStream out = System.out;
ByteArrayOutputStream baos = new ByteArrayOutputStream();
System.setOut(new PrintStream(baos));
CliParser instance = new CliParser(getSettings());
instance.parse(args);
Assert.assertFalse(instance.isGetVersion());
Assert.assertFalse(instance.isGetHelp());
Assert.assertFalse(instance.isRunScan());
}
/**
* Test of parse method with help arg, of class CliParser.
*
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testParse_help() throws Exception {
String[] args = {"-help"};
PrintStream out = System.out;
CliParser instance = new CliParser(getSettings());
instance.parse(args);
Assert.assertFalse(instance.isGetVersion());
Assert.assertTrue(instance.isGetHelp());
Assert.assertFalse(instance.isRunScan());
}
/**
* Test of parse method with version arg, of class CliParser.
*
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testParse_version() throws Exception {
String[] args = {"-version"};
CliParser instance = new CliParser(getSettings());
instance.parse(args);
Assert.assertTrue(instance.isGetVersion());
Assert.assertFalse(instance.isGetHelp());
Assert.assertFalse(instance.isRunScan());
}
/**
* Test of parse method with failOnCVSS without an argument
*
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testParse_failOnCVSSNoArg() throws Exception {
String[] args = {"--failOnCVSS"};
CliParser instance = new CliParser(getSettings());
try {
instance.parse(args);
} catch (ParseException ex) {
Assert.assertTrue(ex.getMessage().contains("Missing argument"));
}
Assert.assertFalse(instance.isGetVersion());
Assert.assertFalse(instance.isGetHelp());
Assert.assertFalse(instance.isRunScan());
}
/**
* Test of parse method with failOnCVSS invalid argument. It should default to 11
*
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testParse_failOnCVSSInvalidArgument() throws Exception {
String[] args = {"--failOnCVSS","bad"};
CliParser instance = new CliParser(getSettings());
instance.parse(args);
Assert.assertEquals("Default should be 11", 11, instance.getFailOnCVSS());
Assert.assertFalse(instance.isGetVersion());
Assert.assertFalse(instance.isGetHelp());
Assert.assertFalse(instance.isRunScan());
}
/**
* Test of parse method with failOnCVSS invalid argument. It should default to 11
*
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testParse_failOnCVSSValidArgument() throws Exception {
String[] args = {"--failOnCVSS","6"};
CliParser instance = new CliParser(getSettings());
instance.parse(args);
Assert.assertEquals(6, instance.getFailOnCVSS());
Assert.assertFalse(instance.isGetVersion());
Assert.assertFalse(instance.isGetHelp());
Assert.assertFalse(instance.isRunScan());
}
/**
* Test of parse method with jar and cpe args, of class CliParser.
*
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testParse_unknown() throws Exception {
String[] args = {"-unknown"};
PrintStream out = System.out;
PrintStream err = System.err;
ByteArrayOutputStream baos_out = new ByteArrayOutputStream();
ByteArrayOutputStream baos_err = new ByteArrayOutputStream();
System.setOut(new PrintStream(baos_out));
System.setErr(new PrintStream(baos_err));
CliParser instance = new CliParser(getSettings());
try {
instance.parse(args);
} catch (ParseException ex) {
Assert.assertTrue(ex.getMessage().contains("Unrecognized option"));
}
Assert.assertFalse(instance.isGetVersion());
Assert.assertFalse(instance.isGetHelp());
Assert.assertFalse(instance.isRunScan());
}
/**
* Test of parse method with scan arg, of class CliParser.
*
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testParse_scan() throws Exception {
String[] args = {"-scan"};
CliParser instance = new CliParser(getSettings());
try {
instance.parse(args);
} catch (ParseException ex) {
Assert.assertTrue(ex.getMessage().contains("Missing argument"));
}
Assert.assertFalse(instance.isGetVersion());
Assert.assertFalse(instance.isGetHelp());
Assert.assertFalse(instance.isRunScan());
}
/**
* Test of parse method with jar arg, of class CliParser.
*
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testParse_scan_unknownFile() throws Exception {
String[] args = {"-scan", "jar.that.does.not.exist", "-app", "test"};
CliParser instance = new CliParser(getSettings());
try {
instance.parse(args);
} catch (FileNotFoundException ex) {
Assert.assertTrue(ex.getMessage().contains("Invalid 'scan' argument"));
}
Assert.assertFalse(instance.isGetVersion());
Assert.assertFalse(instance.isGetHelp());
Assert.assertFalse(instance.isRunScan());
}
/**
* Test of parse method with jar arg, of class CliParser.
*
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testParse_scan_withFileExists() throws Exception {
File path = new File(this.getClass().getClassLoader().getResource("checkSumTest.file").toURI().getPath());
String[] args = {"-scan", path.getCanonicalPath(), "-out", "./", "-app", "test"};
CliParser instance = new CliParser(getSettings());
instance.parse(args);
Assert.assertEquals(path.getCanonicalPath(), instance.getScanFiles()[0]);
Assert.assertFalse(instance.isGetVersion());
Assert.assertFalse(instance.isGetHelp());
Assert.assertTrue(instance.isRunScan());
}
/**
* Test of printVersionInfo, of class CliParser.
*
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testParse_printVersionInfo() throws Exception {
PrintStream out = System.out;
ByteArrayOutputStream baos = new ByteArrayOutputStream();
System.setOut(new PrintStream(baos));
CliParser instance = new CliParser(getSettings());
instance.printVersionInfo();
try {
baos.flush();
String text = (new String(baos.toByteArray())).toLowerCase();
String[] lines = text.split(System.getProperty("line.separator"));
Assert.assertEquals(1, lines.length);
Assert.assertTrue(text.contains("version"));
Assert.assertTrue(!text.contains("unknown"));
} catch (IOException ex) {
System.setOut(out);
Assert.fail("CliParser.printVersionInfo did not write anything to system.out.");
} finally {
System.setOut(out);
}
}
/**
* Test of printHelp, of class CliParser.
*
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testParse_printHelp() throws Exception {
PrintStream out = System.out;
ByteArrayOutputStream baos = new ByteArrayOutputStream();
System.setOut(new PrintStream(baos));
CliParser instance = new CliParser(getSettings());
String[] args = {"-h"};
instance.parse(args);
instance.printHelp();
args[0] = "-ah";
instance.parse(args);
instance.printHelp();
try {
baos.flush();
String text = (new String(baos.toByteArray()));
String[] lines = text.split(System.getProperty("line.separator"));
Assert.assertTrue(lines[0].startsWith("usage: "));
Assert.assertTrue((lines.length > 2));
} catch (IOException ex) {
System.setOut(out);
Assert.fail("CliParser.printVersionInfo did not write anything to system.out.");
} finally {
System.setOut(out);
}
}
}

1
cli/src/test/resources/checkSumTest.file Normal file
View File

@@ -0,0 +1 @@
this is a test file used to check the checksums.

33
cli/src/test/resources/sample.properties Normal file
View File

@@ -0,0 +1,33 @@
autoupdate=false
somethingmadeup=test
analyzer.experimental.enabled=false
analyzer.jar.enabled=true
analyzer.archive.enabled=true
analyzer.node.package.enabled=true
analyzer.composer.lock.enabled=true
analyzer.python.distribution.enabled=true
analyzer.python.package.enabled=true
analyzer.ruby.gemspec.enabled=true
analyzer.autoconf.enabled=true
analyzer.cmake.enabled=true
analyzer.assembly.enabled=true
analyzer.nuspec.enabled=true
analyzer.openssl.enabled=true
analyzer.central.enabled=true
analyzer.nexus.enabled=false
analyzer.cocoapods.enabled=true
analyzer.swift.package.manager.enabled=true
#whether the nexus analyzer uses the proxy
analyzer.nexus.proxy=true
analyzer.cpe.enabled=true
analyzer.cpesuppression.enabled=true
analyzer.dependencybundling.enabled=true
analyzer.dependencymerging.enabled=true
analyzer.falsepositive.enabled=true
analyzer.filename.enabled=true
analyzer.hint.enabled=true
analyzer.nvdcve.enabled=true
analyzer.vulnerabilitysuppression.enabled=true
updater.nvdcve.enabled=true
updater.versioncheck.enabled=true
analyzer.versionfilter.enabled=true

33
cli/src/test/resources/sample2.properties Normal file
View File

@@ -0,0 +1,33 @@
autoupdate=true
analyzer.experimental.enabled=true
analyzer.jar.enabled=false
analyzer.archive.enabled=false
analyzer.node.package.enabled=false
analyzer.composer.lock.enabled=false
analyzer.python.distribution.enabled=false
analyzer.python.package.enabled=false
analyzer.ruby.gemspec.enabled=false
analyzer.autoconf.enabled=false
analyzer.cmake.enabled=false
analyzer.assembly.enabled=false
analyzer.nuspec.enabled=false
analyzer.openssl.enabled=false
analyzer.central.enabled=false
analyzer.nexus.enabled=true
analyzer.cocoapods.enabled=false
analyzer.swift.package.manager.enabled=false
#whether the nexus analyzer uses the proxy
analyzer.nexus.proxy=false
analyzer.cpe.enabled=false
analyzer.cpesuppression.enabled=false
analyzer.dependencybundling.enabled=false
analyzer.dependencymerging.enabled=false
analyzer.falsepositive.enabled=false
analyzer.filename.enabled=false
analyzer.hint.enabled=false
analyzer.nvdcve.enabled=false
analyzer.vulnerabilitysuppression.enabled=false
updater.nvdcve.enabled=false
updater.versioncheck.enabled=false
analyzer.versionfilter.enabled=false