Merge branch 'master' of github.com:jeremylong/DependencyCheck

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java

@@ -73,6 +73,10 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
      * The temp value for GrokAssembly.exe
      */
     private File grokAssemblyExe = null;
+    /**
+     * The temp value for GrokAssembly.exe.config
+     */
+    private File grokAssemblyConfig = null;
     /**
      * Logger
      */
@@ -109,6 +113,13 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
     @Override
     public void analyzeDependency(Dependency dependency, Engine engine)
             throws AnalysisException {
+
+        File test = new File(dependency.getActualFilePath());
+        if (!test.isFile()) {
+            throw new AnalysisException(String.format("%s does not exist and cannot be analyzed by dependency-check",
+                    dependency.getActualFilePath()));
+        }
+
         if (grokAssemblyExe == null) {
             LOGGER.warn("GrokAssembly didn't get deployed");
             return;
@@ -201,22 +212,24 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
     @Override
     public void initializeFileTypeAnalyzer() throws InitializationException {
         final File tempFile;
-        final String cfg;
+        final File cfgFile;
         try {
             tempFile = File.createTempFile("GKA", ".exe", Settings.getTempDirectory());
-            cfg = tempFile.getPath() + ".config";
+            cfgFile = new File(tempFile.getPath() + ".config");
         } catch (IOException ex) {
             setEnabled(false);
             throw new InitializationException("Unable to create temporary file for the assembly analyzer", ex);
         }
         try (FileOutputStream fos = new FileOutputStream(tempFile);
                 InputStream is = FileUtils.getResourceAsStream("GrokAssembly.exe");
-            FileOutputStream fosCfg = new FileOutputStream(cfg);
+                FileOutputStream fosCfg = new FileOutputStream(cfgFile);
                 InputStream isCfg = FileUtils.getResourceAsStream("GrokAssembly.exe.config")) {
+            IOUtils.copy(is, fos);
             grokAssemblyExe = tempFile;
             LOGGER.debug("Extracted GrokAssembly.exe to {}", grokAssemblyExe.getPath());
             IOUtils.copy(isCfg, fosCfg);
-            LOGGER.debug("Extracted GrokAssembly.exe.config to {}", cfg);
+            grokAssemblyConfig = cfgFile;
+            LOGGER.debug("Extracted GrokAssembly.exe.config to {}", cfgFile);
         } catch (IOException ioe) {
             this.setEnabled(false);
             LOGGER.warn("Could not extract GrokAssembly.exe: {}", ioe.getMessage());
@@ -287,6 +300,15 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
             LOGGER.debug("Can't delete temporary GrokAssembly.exe");
             grokAssemblyExe.deleteOnExit();
         }
+        try {
+            if (grokAssemblyConfig != null && !grokAssemblyConfig.delete()) {
+                LOGGER.debug("Unable to delete temporary GrokAssembly.exe.config; attempting delete on exit");
+                grokAssemblyConfig.deleteOnExit();
+            }
+        } catch (SecurityException se) {
+            LOGGER.debug("Can't delete temporary GrokAssembly.exe.config");
+            grokAssemblyConfig.deleteOnExit();
+        }
     }
 
     /**

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java

@@ -18,7 +18,14 @@
 package org.owasp.dependencycheck.analyzer;
 
 import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.apache.commons.io.IOUtils;
 import org.junit.After;
+
+import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
@@ -33,6 +40,7 @@ import org.owasp.dependencycheck.dependency.Confidence;
 import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.dependency.Evidence;
 import org.owasp.dependencycheck.exception.InitializationException;
+import org.owasp.dependencycheck.utils.FileUtils;
 import org.owasp.dependencycheck.utils.Settings;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -62,7 +70,7 @@ public class AssemblyAnalyzerTest extends BaseTest {
             analyzer = new AssemblyAnalyzer();
             analyzer.accept(new File("test.dll")); // trick into "thinking it is active"
             analyzer.initialize();
-            Assume.assumeTrue("Mono is not installed, skipping tests.", analyzer.buildArgumentList() == null);
+            assertGrokAssembly();
         } catch (Exception e) {
             if (e.getMessage().contains("Could not execute .NET AssemblyAnalyzer")) {
                 LOGGER.warn("Exception setting up AssemblyAnalyzer. Tests will be incomplete");
@@ -73,6 +81,39 @@ public class AssemblyAnalyzerTest extends BaseTest {
         }
     }
 
+    private void assertGrokAssembly() throws IOException {
+        // There must be an .exe and a .config files created in the temp
+        // directory and they must match the resources they were created from.
+        File grokAssemblyExeFile = null;
+        File grokAssemblyConfigFile = null;
+        
+        File tempDirectory = Settings.getTempDirectory();
+        for (File file : tempDirectory.listFiles()) {
+            String filename = file.getName();
+            if (filename.startsWith("GKA") && filename.endsWith(".exe")) {
+                grokAssemblyExeFile = file;
+                break;
+            }
+        }
+        assertTrue("The GrokAssembly executable was not created.", grokAssemblyExeFile.isFile());
+        grokAssemblyConfigFile = new File(grokAssemblyExeFile.getPath() + ".config");
+        assertTrue("The GrokAssembly config was not created.", grokAssemblyConfigFile.isFile());
+
+        assertFileContent("The GrokAssembly executable has incorrect content.", "GrokAssembly.exe",
+                grokAssemblyExeFile);
+        assertFileContent("The GrokAssembly config has incorrect content.", "GrokAssembly.exe.config",
+                grokAssemblyConfigFile);
+    }
+
+    private void assertFileContent(String message, String expectedResourceName, File actualFile) throws IOException {
+        try (InputStream expectedStream = FileUtils.getResourceAsStream(expectedResourceName);
+                InputStream actualStream = new FileInputStream(actualFile)) {
+            byte[] expectedBytes = IOUtils.toByteArray(expectedStream);
+            byte[] actualBytes = IOUtils.toByteArray(actualStream);
+            assertArrayEquals(message, expectedBytes, actualBytes);
+        }
+    }
+
     /**
      * Tests to make sure the name is correct.
      */
@@ -130,7 +171,7 @@ public class AssemblyAnalyzerTest extends BaseTest {
             analyzer.analyze(d, null);
             fail("Expected an AnalysisException");
         } catch (AnalysisException ae) {
-            assertEquals("File does not exist", ae.getMessage());
+            assertTrue(ae.getMessage().contains("nonexistent.dll does not exist and cannot be analyzed by dependency-check"));
         } finally {
             System.setProperty(LOG_KEY, oldProp);
         }
@@ -179,6 +220,6 @@ public class AssemblyAnalyzerTest extends BaseTest {
 
     @After
     public void tearDown() throws Exception {
-        analyzer.close();
+        analyzer.closeAnalyzer();
     }
 }