mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-13 05:35:36 +01:00
changed CveDB to a singeton
This commit is contained in:
Jeremy Long
@@ -24,7 +24,10 @@ import java.io.FileInputStream;
|
||||
import java.io.FileOutputStream;
|
||||
import java.util.zip.ZipEntry;
|
||||
import java.util.zip.ZipInputStream;
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
import org.owasp.dependencycheck.data.nvdcve.CveDB;
|
||||
import org.owasp.dependencycheck.utils.Settings;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
@@ -41,9 +44,18 @@ public abstract class BaseDBTestCase extends BaseTest {
|
||||
|
||||
private final static Logger LOGGER = LoggerFactory.getLogger(BaseDBTestCase.class);
|
||||
|
||||
// @BeforeClass
|
||||
// public static void setUpClass() throws Exception {
|
||||
// BaseTest.setUpClass();
|
||||
// }
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
ensureDBExists();
|
||||
public void setUpDb() throws Exception {
|
||||
ensureDBExists();
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
public static void tearDownClass() throws Exception {
|
||||
CveDB.getInstance().closeDatabase();
|
||||
}
|
||||
|
||||
public static void ensureDBExists() throws Exception {
|
||||
|
||||
@@ -71,10 +71,8 @@ public class EngineIntegrationTest extends BaseDBTestCase {
|
||||
throw ex;
|
||||
}
|
||||
}
|
||||
CveDB cveDB = new CveDB();
|
||||
cveDB.open();
|
||||
CveDB cveDB = CveDB.getInstance();
|
||||
DatabaseProperties dbProp = cveDB.getDatabaseProperties();
|
||||
cveDB.close();
|
||||
ReportGenerator rg = new ReportGenerator("DependencyCheck", instance.getDependencies(), instance.getAnalyzers(), dbProp);
|
||||
rg.generateReports("./target/", "ALL");
|
||||
instance.cleanup();
|
||||
|
||||
@@ -60,10 +60,8 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
|
||||
*
|
||||
* @throws Exception if there is a problem
|
||||
*/
|
||||
@Override
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
super.setUp();
|
||||
analyzer = new CMakeAnalyzer();
|
||||
analyzer.setFilesMatched(true);
|
||||
analyzer.initialize();
|
||||
|
||||
@@ -54,10 +54,8 @@ public class ComposerLockAnalyzerTest extends BaseDBTestCase {
|
||||
*
|
||||
* @throws Exception thrown if there is a problem
|
||||
*/
|
||||
@Override
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
super.setUp();
|
||||
analyzer = new ComposerLockAnalyzer();
|
||||
analyzer.setFilesMatched(true);
|
||||
analyzer.initialize();
|
||||
|
||||
@@ -65,10 +65,8 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
|
||||
*
|
||||
* @throws Exception thrown if there is a problem
|
||||
*/
|
||||
@Override
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
super.setUp();
|
||||
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
|
||||
Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
|
||||
Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
|
||||
|
||||
@@ -47,15 +47,10 @@ public class CveDBIntegrationTest extends BaseDBTestCase {
|
||||
public void testOpen() {
|
||||
CveDB instance = null;
|
||||
try {
|
||||
instance = new CveDB();
|
||||
instance.open();
|
||||
instance = CveDB.getInstance();
|
||||
instance.commit();
|
||||
} catch (DatabaseException | SQLException ex) {
|
||||
fail(ex.getMessage());
|
||||
} finally {
|
||||
if (instance != null) {
|
||||
instance.close();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -64,19 +59,11 @@ public class CveDBIntegrationTest extends BaseDBTestCase {
|
||||
*/
|
||||
@Test
|
||||
public void testGetCPEs() throws Exception {
|
||||
CveDB instance = null;
|
||||
try {
|
||||
instance = new CveDB();
|
||||
String vendor = "apache";
|
||||
String product = "struts";
|
||||
instance.open();
|
||||
Set<VulnerableSoftware> result = instance.getCPEs(vendor, product);
|
||||
assertTrue(result.size() > 5);
|
||||
} finally {
|
||||
if (instance != null) {
|
||||
instance.close();
|
||||
}
|
||||
}
|
||||
CveDB instance = CveDB.getInstance();
|
||||
String vendor = "apache";
|
||||
String product = "struts";
|
||||
Set<VulnerableSoftware> result = instance.getCPEs(vendor, product);
|
||||
assertTrue(result.size() > 5);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -84,18 +71,9 @@ public class CveDBIntegrationTest extends BaseDBTestCase {
|
||||
*/
|
||||
@Test
|
||||
public void testgetVulnerability() throws Exception {
|
||||
CveDB instance = null;
|
||||
try {
|
||||
instance = new CveDB();
|
||||
instance.open();
|
||||
Vulnerability result = instance.getVulnerability("CVE-2014-0094");
|
||||
assertEquals("The ParametersInterceptor in Apache Struts before 2.3.16.1 allows remote attackers to \"manipulate\" the ClassLoader via the class parameter, which is passed to the getClass method.", result.getDescription());
|
||||
|
||||
} finally {
|
||||
if (instance != null) {
|
||||
instance.close();
|
||||
}
|
||||
}
|
||||
CveDB instance = CveDB.getInstance();
|
||||
Vulnerability result = instance.getVulnerability("CVE-2014-0094");
|
||||
assertEquals("The ParametersInterceptor in Apache Struts before 2.3.16.1 allows remote attackers to \"manipulate\" the ClassLoader via the class parameter, which is passed to the getClass method.", result.getDescription());
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -104,42 +82,34 @@ public class CveDBIntegrationTest extends BaseDBTestCase {
|
||||
@Test
|
||||
public void testGetVulnerabilities() throws Exception {
|
||||
String cpeStr = "cpe:/a:apache:struts:2.1.2";
|
||||
CveDB instance = null;
|
||||
CveDB instance = CveDB.getInstance();
|
||||
List<Vulnerability> results;
|
||||
try {
|
||||
instance = new CveDB();
|
||||
instance.open();
|
||||
results = instance.getVulnerabilities(cpeStr);
|
||||
assertTrue(results.size() > 5);
|
||||
cpeStr = "cpe:/a:jruby:jruby:1.6.3";
|
||||
results = instance.getVulnerabilities(cpeStr);
|
||||
assertTrue(results.size() > 1);
|
||||
|
||||
boolean found = false;
|
||||
String expected = "CVE-2011-4838";
|
||||
for (Vulnerability v : results) {
|
||||
if (expected.equals(v.getName())) {
|
||||
found = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
assertTrue("Expected " + expected + ", but was not identified", found);
|
||||
results = instance.getVulnerabilities(cpeStr);
|
||||
assertTrue(results.size() > 5);
|
||||
cpeStr = "cpe:/a:jruby:jruby:1.6.3";
|
||||
results = instance.getVulnerabilities(cpeStr);
|
||||
assertTrue(results.size() > 1);
|
||||
|
||||
found = false;
|
||||
expected = "CVE-2012-5370";
|
||||
for (Vulnerability v : results) {
|
||||
if (expected.equals(v.getName())) {
|
||||
found = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
assertTrue("Expected " + expected + ", but was not identified", found);
|
||||
|
||||
} finally {
|
||||
if (instance != null) {
|
||||
instance.close();
|
||||
boolean found = false;
|
||||
String expected = "CVE-2011-4838";
|
||||
for (Vulnerability v : results) {
|
||||
if (expected.equals(v.getName())) {
|
||||
found = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
assertTrue("Expected " + expected + ", but was not identified", found);
|
||||
|
||||
found = false;
|
||||
expected = "CVE-2012-5370";
|
||||
for (Vulnerability v : results) {
|
||||
if (expected.equals(v.getName())) {
|
||||
found = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
assertTrue("Expected " + expected + ", but was not identified", found);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -147,61 +117,53 @@ public class CveDBIntegrationTest extends BaseDBTestCase {
|
||||
*/
|
||||
@Test
|
||||
public void testGetMatchingSoftware() throws Exception {
|
||||
CveDB instance = null;
|
||||
Map<String, Boolean> versions = new HashMap<String, Boolean>();
|
||||
CveDB instance = CveDB.getInstance();
|
||||
Map<String, Boolean> versions = new HashMap<>();
|
||||
DependencyVersion identifiedVersion = new DependencyVersion("1.0.1o");
|
||||
versions.put("cpe:/a:openssl:openssl:1.0.1e", Boolean.FALSE);
|
||||
try {
|
||||
instance = new CveDB();
|
||||
Entry<String, Boolean> results = instance.getMatchingSoftware(versions, "openssl", "openssl", identifiedVersion);
|
||||
assertNull(results);
|
||||
versions.put("cpe:/a:openssl:openssl:1.0.1p", Boolean.FALSE);
|
||||
results = instance.getMatchingSoftware(versions, "openssl", "openssl", identifiedVersion);
|
||||
assertNull(results);
|
||||
Entry<String, Boolean> results = instance.getMatchingSoftware(versions, "openssl", "openssl", identifiedVersion);
|
||||
assertNull(results);
|
||||
versions.put("cpe:/a:openssl:openssl:1.0.1p", Boolean.FALSE);
|
||||
results = instance.getMatchingSoftware(versions, "openssl", "openssl", identifiedVersion);
|
||||
assertNull(results);
|
||||
|
||||
versions.put("cpe:/a:openssl:openssl:1.0.1q", Boolean.TRUE);
|
||||
results = instance.getMatchingSoftware(versions, "openssl", "openssl", identifiedVersion);
|
||||
assertNotNull(results);
|
||||
assertEquals("cpe:/a:openssl:openssl:1.0.1q", results.getKey());
|
||||
versions.put("cpe:/a:openssl:openssl:1.0.1q", Boolean.TRUE);
|
||||
results = instance.getMatchingSoftware(versions, "openssl", "openssl", identifiedVersion);
|
||||
assertNotNull(results);
|
||||
assertEquals("cpe:/a:openssl:openssl:1.0.1q", results.getKey());
|
||||
|
||||
versions.clear();
|
||||
versions.clear();
|
||||
|
||||
versions.put("cpe:/a:springsource:spring_framework:3.2.5", Boolean.FALSE);
|
||||
versions.put("cpe:/a:springsource:spring_framework:3.2.6", Boolean.FALSE);
|
||||
versions.put("cpe:/a:springsource:spring_framework:3.2.7", Boolean.TRUE);
|
||||
versions.put("cpe:/a:springsource:spring_framework:3.2.5", Boolean.FALSE);
|
||||
versions.put("cpe:/a:springsource:spring_framework:3.2.6", Boolean.FALSE);
|
||||
versions.put("cpe:/a:springsource:spring_framework:3.2.7", Boolean.TRUE);
|
||||
|
||||
versions.put("cpe:/a:springsource:spring_framework:4.0.1", Boolean.TRUE);
|
||||
versions.put("cpe:/a:springsource:spring_framework:4.0.0:m1", Boolean.FALSE);
|
||||
versions.put("cpe:/a:springsource:spring_framework:4.0.0:m2", Boolean.FALSE);
|
||||
versions.put("cpe:/a:springsource:spring_framework:4.0.0:rc1", Boolean.FALSE);
|
||||
versions.put("cpe:/a:springsource:spring_framework:4.0.1", Boolean.TRUE);
|
||||
versions.put("cpe:/a:springsource:spring_framework:4.0.0:m1", Boolean.FALSE);
|
||||
versions.put("cpe:/a:springsource:spring_framework:4.0.0:m2", Boolean.FALSE);
|
||||
versions.put("cpe:/a:springsource:spring_framework:4.0.0:rc1", Boolean.FALSE);
|
||||
|
||||
identifiedVersion = new DependencyVersion("3.2.2");
|
||||
results = instance.getMatchingSoftware(versions, "springsource", "spring_framework", identifiedVersion);
|
||||
assertEquals("cpe:/a:springsource:spring_framework:3.2.7", results.getKey());
|
||||
assertTrue(results.getValue());
|
||||
identifiedVersion = new DependencyVersion("3.2.12");
|
||||
results = instance.getMatchingSoftware(versions, "springsource", "spring_framework", identifiedVersion);
|
||||
assertNull(results);
|
||||
identifiedVersion = new DependencyVersion("3.2.2");
|
||||
results = instance.getMatchingSoftware(versions, "springsource", "spring_framework", identifiedVersion);
|
||||
assertEquals("cpe:/a:springsource:spring_framework:3.2.7", results.getKey());
|
||||
assertTrue(results.getValue());
|
||||
identifiedVersion = new DependencyVersion("3.2.12");
|
||||
results = instance.getMatchingSoftware(versions, "springsource", "spring_framework", identifiedVersion);
|
||||
assertNull(results);
|
||||
|
||||
identifiedVersion = new DependencyVersion("4.0.0");
|
||||
results = instance.getMatchingSoftware(versions, "springsource", "spring_framework", identifiedVersion);
|
||||
assertEquals("cpe:/a:springsource:spring_framework:4.0.1", results.getKey());
|
||||
assertTrue(results.getValue());
|
||||
identifiedVersion = new DependencyVersion("4.1.0");
|
||||
results = instance.getMatchingSoftware(versions, "springsource", "spring_framework", identifiedVersion);
|
||||
assertNull(results);
|
||||
identifiedVersion = new DependencyVersion("4.0.0");
|
||||
results = instance.getMatchingSoftware(versions, "springsource", "spring_framework", identifiedVersion);
|
||||
assertEquals("cpe:/a:springsource:spring_framework:4.0.1", results.getKey());
|
||||
assertTrue(results.getValue());
|
||||
identifiedVersion = new DependencyVersion("4.1.0");
|
||||
results = instance.getMatchingSoftware(versions, "springsource", "spring_framework", identifiedVersion);
|
||||
assertNull(results);
|
||||
|
||||
versions.clear();
|
||||
versions.clear();
|
||||
|
||||
versions.put("cpe:/a:jruby:jruby:-", Boolean.FALSE);
|
||||
identifiedVersion = new DependencyVersion("1.6.3");
|
||||
results = instance.getMatchingSoftware(versions, "springsource", "spring_framework", identifiedVersion);
|
||||
assertNotNull(results);
|
||||
} finally {
|
||||
if (instance != null) {
|
||||
instance.close();
|
||||
}
|
||||
}
|
||||
versions.put("cpe:/a:jruby:jruby:-", Boolean.FALSE);
|
||||
identifiedVersion = new DependencyVersion("1.6.3");
|
||||
results = instance.getMatchingSoftware(versions, "springsource", "spring_framework", identifiedVersion);
|
||||
assertNotNull(results);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -40,9 +40,7 @@ public class CveDBMySQLTest extends BaseTest {
|
||||
@Test
|
||||
public void testOpen() {
|
||||
try {
|
||||
CveDB instance = new CveDB();
|
||||
instance.open();
|
||||
instance.close();
|
||||
CveDB instance = CveDB.getInstance();
|
||||
} catch (DatabaseException ex) {
|
||||
System.out.println("Unable to connect to the My SQL database; verify that the db server is running and that the schema has been generated");
|
||||
fail(ex.getMessage());
|
||||
@@ -54,18 +52,15 @@ public class CveDBMySQLTest extends BaseTest {
|
||||
*/
|
||||
@Test
|
||||
public void testGetCPEs() throws Exception {
|
||||
CveDB instance = new CveDB();
|
||||
CveDB instance = CveDB.getInstance();
|
||||
try {
|
||||
String vendor = "apache";
|
||||
String product = "struts";
|
||||
instance.open();
|
||||
String product = "struts";
|
||||
Set<VulnerableSoftware> result = instance.getCPEs(vendor, product);
|
||||
assertTrue("Has data been loaded into the MySQL DB? if not consider using the CLI to populate it", result.size() > 5);
|
||||
} catch (Exception ex) {
|
||||
System.out.println("Unable to access the My SQL database; verify that the db server is running and that the schema has been generated");
|
||||
throw ex;
|
||||
} finally {
|
||||
instance.close();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -75,16 +70,13 @@ public class CveDBMySQLTest extends BaseTest {
|
||||
@Test
|
||||
public void testGetVulnerabilities() throws Exception {
|
||||
String cpeStr = "cpe:/a:apache:struts:2.1.2";
|
||||
CveDB instance = new CveDB();
|
||||
CveDB instance = CveDB.getInstance();
|
||||
try {
|
||||
instance.open();
|
||||
List<Vulnerability> result = instance.getVulnerabilities(cpeStr);
|
||||
assertTrue(result.size() > 5);
|
||||
} catch (Exception ex) {
|
||||
System.out.println("Unable to access the My SQL database; verify that the db server is running and that the schema has been generated");
|
||||
throw ex;
|
||||
} finally {
|
||||
instance.close();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -36,19 +36,11 @@ public class DatabasePropertiesIntegrationTest extends BaseDBTestCase {
|
||||
*/
|
||||
@Test
|
||||
public void testIsEmpty() throws Exception {
|
||||
CveDB cveDB = null;
|
||||
try {
|
||||
cveDB = new CveDB();
|
||||
cveDB.open();
|
||||
DatabaseProperties instance = cveDB.getDatabaseProperties();
|
||||
assertNotNull(instance);
|
||||
//no exception means the call worked... whether or not it is empty depends on if the db is new
|
||||
//assertEquals(expResult, result);
|
||||
} finally {
|
||||
if (cveDB != null) {
|
||||
cveDB.close();
|
||||
}
|
||||
}
|
||||
CveDB cveDB = CveDB.getInstance();
|
||||
DatabaseProperties instance = cveDB.getDatabaseProperties();
|
||||
assertNotNull(instance);
|
||||
//no exception means the call worked... whether or not it is empty depends on if the db is new
|
||||
//assertEquals(expResult, result);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -61,24 +53,12 @@ public class DatabasePropertiesIntegrationTest extends BaseDBTestCase {
|
||||
long expected = 1337;
|
||||
updatedValue.setId(key);
|
||||
updatedValue.setTimestamp(expected);
|
||||
CveDB cveDB = null;
|
||||
try {
|
||||
cveDB = new CveDB();
|
||||
cveDB.open();
|
||||
DatabaseProperties instance = cveDB.getDatabaseProperties();
|
||||
instance.save(updatedValue);
|
||||
//reload the properties
|
||||
cveDB.close();
|
||||
cveDB = new CveDB();
|
||||
cveDB.open();
|
||||
instance = cveDB.getDatabaseProperties();
|
||||
long results = Long.parseLong(instance.getProperty("NVD CVE " + key));
|
||||
assertEquals(expected, results);
|
||||
} finally {
|
||||
if (cveDB != null) {
|
||||
cveDB.close();
|
||||
}
|
||||
}
|
||||
CveDB cveDB = CveDB.getInstance();
|
||||
DatabaseProperties instance = cveDB.getDatabaseProperties();
|
||||
instance.save(updatedValue);
|
||||
instance = cveDB.reloadProperties();
|
||||
long results = Long.parseLong(instance.getProperty("NVD CVE " + key));
|
||||
assertEquals(expected, results);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -88,19 +68,11 @@ public class DatabasePropertiesIntegrationTest extends BaseDBTestCase {
|
||||
public void testGetProperty_String_String() throws Exception {
|
||||
String key = "doesn't exist";
|
||||
String defaultValue = "default";
|
||||
CveDB cveDB = null;
|
||||
try {
|
||||
cveDB = new CveDB();
|
||||
cveDB.open();
|
||||
DatabaseProperties instance = cveDB.getDatabaseProperties();
|
||||
String expResult = "default";
|
||||
String result = instance.getProperty(key, defaultValue);
|
||||
assertEquals(expResult, result);
|
||||
} finally {
|
||||
if (cveDB != null) {
|
||||
cveDB.close();
|
||||
}
|
||||
}
|
||||
CveDB cveDB = CveDB.getInstance();
|
||||
DatabaseProperties instance = cveDB.getDatabaseProperties();
|
||||
String expResult = "default";
|
||||
String result = instance.getProperty(key, defaultValue);
|
||||
assertEquals(expResult, result);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -109,20 +81,12 @@ public class DatabasePropertiesIntegrationTest extends BaseDBTestCase {
|
||||
@Test
|
||||
public void testGetProperty_String() throws DatabaseException {
|
||||
String key = "version";
|
||||
CveDB cveDB = null;
|
||||
try {
|
||||
cveDB = new CveDB();
|
||||
cveDB.open();
|
||||
DatabaseProperties instance = cveDB.getDatabaseProperties();
|
||||
String result = instance.getProperty(key);
|
||||
double version = Double.parseDouble(result);
|
||||
assertTrue(version >= 2.8);
|
||||
assertTrue(version <= 10);
|
||||
} finally {
|
||||
if (cveDB != null) {
|
||||
cveDB.close();
|
||||
}
|
||||
}
|
||||
CveDB cveDB = CveDB.getInstance();
|
||||
DatabaseProperties instance = cveDB.getDatabaseProperties();
|
||||
String result = instance.getProperty(key);
|
||||
double version = Double.parseDouble(result);
|
||||
assertTrue(version >= 2.8);
|
||||
assertTrue(version <= 10);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -130,17 +94,9 @@ public class DatabasePropertiesIntegrationTest extends BaseDBTestCase {
|
||||
*/
|
||||
@Test
|
||||
public void testGetProperties() throws DatabaseException {
|
||||
CveDB cveDB = null;
|
||||
try {
|
||||
cveDB = new CveDB();
|
||||
cveDB.open();
|
||||
DatabaseProperties instance = cveDB.getDatabaseProperties();
|
||||
Properties result = instance.getProperties();
|
||||
assertTrue(result.size() > 0);
|
||||
} finally {
|
||||
if (cveDB != null) {
|
||||
cveDB.close();
|
||||
}
|
||||
}
|
||||
CveDB cveDB = CveDB.getInstance();
|
||||
DatabaseProperties instance = cveDB.getDatabaseProperties();
|
||||
Properties result = instance.getProperties();
|
||||
assertTrue(result.size() > 0);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,108 +0,0 @@
|
||||
/*
|
||||
* This file is part of dependency-check-core.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* Copyright (c) 2015 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.owasp.dependencycheck.data.update;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.owasp.dependencycheck.BaseDBTestCase;
|
||||
import org.owasp.dependencycheck.data.nvdcve.CveDB;
|
||||
import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
|
||||
import org.owasp.dependencycheck.data.update.exception.UpdateException;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.junit.Assert.fail;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long
|
||||
*/
|
||||
public class BaseUpdaterTest extends BaseDBTestCase {
|
||||
|
||||
/**
|
||||
* Test of getCveDB method, of class BaseUpdater.
|
||||
*/
|
||||
@Test
|
||||
public void testGetCveDB() {
|
||||
BaseUpdater instance = new BaseUpdaterImpl();
|
||||
CveDB expResult = null;
|
||||
CveDB result = instance.getCveDB();
|
||||
assertEquals(expResult, result);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test of getProperties method, of class BaseUpdater.
|
||||
*
|
||||
* @throws org.owasp.dependencycheck.data.update.exception.UpdateException
|
||||
* thrown if there is an error getting the properties
|
||||
*/
|
||||
@Test
|
||||
public void testGetProperties() throws UpdateException {
|
||||
BaseUpdater instance = null;
|
||||
try {
|
||||
instance = new BaseUpdaterImpl();
|
||||
instance.openDataStores();
|
||||
|
||||
DatabaseProperties result = instance.getProperties();
|
||||
assertTrue(result.getProperties().keySet().size() > 1);
|
||||
} finally {
|
||||
if (instance != null) {
|
||||
instance.closeDataStores();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Test of closeDataStores method, of class BaseUpdater.
|
||||
*/
|
||||
@Test
|
||||
public void testCloseDataStores() {
|
||||
BaseUpdater instance = null;
|
||||
try {
|
||||
instance = new BaseUpdaterImpl();
|
||||
instance.openDataStores();
|
||||
} catch (UpdateException ex) {
|
||||
fail(ex.getMessage());
|
||||
} finally {
|
||||
if (instance != null) {
|
||||
instance.closeDataStores();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Test of openDataStores method, of class BaseUpdater.
|
||||
*/
|
||||
@Test
|
||||
public void testOpenDataStores() {
|
||||
BaseUpdater instance = null;
|
||||
try {
|
||||
instance = new BaseUpdaterImpl();
|
||||
instance.openDataStores();
|
||||
} catch (UpdateException ex) {
|
||||
fail(ex.getMessage());
|
||||
} finally {
|
||||
if (instance != null) {
|
||||
instance.closeDataStores();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public class BaseUpdaterImpl extends BaseUpdater {
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,40 +0,0 @@
|
||||
/*
|
||||
* This file is part of dependency-check-core.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* Copyright (c) 2015 The OWASP Foundatio. All Rights Reserved.
|
||||
*/
|
||||
package org.owasp.dependencycheck.data.update;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.owasp.dependencycheck.BaseTest;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author jeremy
|
||||
*/
|
||||
public class CpeUpdaterIntegrationTest extends BaseTest {
|
||||
|
||||
/**
|
||||
* Test of update method, of class CpeUpdater.
|
||||
*/
|
||||
@Test
|
||||
public void testUpdate() throws Exception {
|
||||
//commented out as the current code base does not utilize the CpeU[pdater.
|
||||
|
||||
// CpeUpdater instance = new CpeUpdater();
|
||||
// instance.update();
|
||||
}
|
||||
|
||||
}
|
||||
@@ -21,6 +21,7 @@ import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.fail;
|
||||
import org.junit.Test;
|
||||
import org.owasp.dependencycheck.BaseTest;
|
||||
import org.owasp.dependencycheck.data.nvdcve.CveDB;
|
||||
import org.owasp.dependencycheck.data.update.exception.UpdateException;
|
||||
import org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve;
|
||||
|
||||
@@ -28,7 +29,7 @@ import org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve;
|
||||
*
|
||||
* @author Jeremy Long
|
||||
*/
|
||||
public class NvdCveUpdaterIntegrationTest extends BaseTest {
|
||||
public class NvdCveUpdaterIntegrationTest extends BaseTest {
|
||||
|
||||
public NvdCveUpdater getUpdater() {
|
||||
NvdCveUpdater instance = new NvdCveUpdater();
|
||||
@@ -55,12 +56,7 @@ import org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve;
|
||||
@Test
|
||||
public void testUpdatesNeeded() throws Exception {
|
||||
NvdCveUpdater instance = getUpdater();
|
||||
try {
|
||||
instance.openDataStores();
|
||||
UpdateableNvdCve result = instance.getUpdatesNeeded();
|
||||
assertNotNull(result);
|
||||
} finally {
|
||||
instance.closeDataStores();
|
||||
}
|
||||
UpdateableNvdCve result = instance.getUpdatesNeeded();
|
||||
assertNotNull(result);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -144,10 +144,8 @@ public class ReportGeneratorIntegrationTest extends BaseDBTestCase {
|
||||
engine.scan(jetty);
|
||||
engine.analyzeDependencies();
|
||||
|
||||
CveDB cveDB = new CveDB();
|
||||
cveDB.open();
|
||||
CveDB cveDB = CveDB.getInstance();
|
||||
DatabaseProperties dbProp = cveDB.getDatabaseProperties();
|
||||
cveDB.close();
|
||||
|
||||
ReportGenerator generator = new ReportGenerator("Test Report", engine.getDependencies(), engine.getAnalyzers(), dbProp);
|
||||
generator.generateReport(templateName, writeTo);
|
||||
|
||||
Reference in New Issue
Block a user