github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 07:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Squashed commit of the following:

Browse Source 
commit 1d1a06a5ae7ea4f6e3adbf5a4b8163eba50562a3
Author: Will Stranathan <will@thestranathans.com>
Date:   Wed Mar 26 22:59:15 2014 -0400

    Updated unit tests and logging

commit bb00174e62c9657809d6e5a9cde7c7308d905593
Author: Will Stranathan <will@thestranathans.com>
Date:   Wed Mar 26 22:20:28 2014 -0400

    Updated GrokAssembly to not fail if the vendor can't be gotten

commit 27f7c9366acca8abbff9c6e9fa9ce1a1329da887
Author: Will Stranathan <will@thestranathans.com>
Date:   Wed Mar 26 22:18:33 2014 -0400

    Updated unit test to not care about version number


Former-commit-id: e700a5f81b7b0f6d6ccf392e846723e67fff591c
This commit is contained in:
Will Stranathan
2014-03-26 23:02:17 -04:00
parent 1a2a3d1945
commit 69ebb53a05
3 changed files with 61 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java
View File

@@ -71,7 +71,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
/**
* Logger
*/
private static final Logger LOG = Logger.getLogger(AbstractAnalyzer.class.getName());
private static final Logger LOG = Logger.getLogger(AssemblyAnalyzer.class.getName());
/**
* Builds the beginnings of a List for ProcessBuilder
@@ -113,6 +113,19 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
final ProcessBuilder pb = new ProcessBuilder(args);
try {
final Process proc = pb.start();
int rc = 0;
try {
rc = proc.waitFor();
} catch (InterruptedException ie) {
return;
}
if (rc == 3) {
LOG.info(dependency.getActualFilePath() + " is not a valid assembly");
return;
} else if (rc != 0) {
LOG.warning("Return code " + rc + " from GrokAssembly");
}
final Document doc = builder.parse(proc.getInputStream());
final XPath xpath = XPathFactory.newInstance().newXPath();

BIN
dependency-check-core/src/main/resources/GrokAssembly.exe
View File

Binary file not shown.

55
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java
View File

@@ -17,14 +17,17 @@
*/
package org.owasp.dependencycheck.analyzer;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import static org.junit.Assume.assumeFalse;
import java.io.File;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.junit.After;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import org.junit.Assume;
import static org.junit.Assume.assumeFalse;
import org.junit.Before;
import org.junit.Test;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
@@ -75,7 +78,21 @@ public class AssemblyAnalyzerTest {
File f = new File(AssemblyAnalyzerTest.class.getClassLoader().getResource("GrokAssembly.exe").getPath());
Dependency d = new Dependency(f);
analyzer.analyze(d, null);
assertTrue(d.getVersionEvidence().getEvidence().contains(new Evidence("grokassembly", "version", "1.0.5176.23901", Confidence.HIGHEST)));
boolean foundVendor = false;
for (Evidence e : d.getVendorEvidence().getEvidence("grokassembly", "vendor")) {
if ("OWASP".equals(e.getValue())) {
foundVendor = true;
}
}
assertTrue(foundVendor);
boolean foundProduct = false;
for (Evidence e : d.getProductEvidence().getEvidence("grokassembly", "product")) {
if ("GrokAssembly".equals(e.getValue())) {
foundProduct = true;
}
}
assertTrue(foundProduct);
}
@Test
@@ -88,15 +105,29 @@ public class AssemblyAnalyzerTest {
assertTrue(d.getProductEvidence().getEvidence().contains(new Evidence("grokassembly", "product", "log4net", Confidence.HIGH)));
}
@Test(expected = AnalysisException.class)
public void testNonexistent() throws Exception {
@Test
public void testNonexistent() {
Level oldLevel = Logger.getLogger(AssemblyAnalyzer.class.getName()).getLevel();
Level oldDependency = Logger.getLogger(Dependency.class.getName()).getLevel();
// Tweak the log level so the warning doesn't show in the console
Logger.getLogger(AssemblyAnalyzer.class.getName()).setLevel(Level.OFF);
Logger.getLogger(Dependency.class.getName()).setLevel(Level.OFF);
File f = new File(AssemblyAnalyzerTest.class.getClassLoader().getResource("log4net.dll").getPath());
File test = new File(f.getParent(), "nonexistent.dll");
Dependency d = new Dependency(test);
analyzer.analyze(d, null);
try {
analyzer.analyze(d, null);
fail("Expected an AnalysisException");
} catch (AnalysisException ae) {
assertEquals("File does not exist", ae.getMessage());
} finally {
Logger.getLogger(AssemblyAnalyzer.class.getName()).setLevel(oldLevel);
Logger.getLogger(Dependency.class.getName()).setLevel(oldDependency);
}
}
@Test(expected = AnalysisException.class)
@Test
public void testWithSettingMono() throws Exception {
//This test doesn't work on Windows.
@@ -113,12 +144,20 @@ public class AssemblyAnalyzerTest {
Settings.setString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, "/yooser/bine/mono");
}
Level oldLevel = Logger.getLogger(AssemblyAnalyzer.class.getName()).getLevel();
try {
// Tweak the logging to swallow the warning when testing
Logger.getLogger(AssemblyAnalyzer.class.getName()).setLevel(Level.OFF);
// Have to make a NEW analyzer because during setUp, it would have gotten the correct one
AssemblyAnalyzer aanalyzer = new AssemblyAnalyzer();
aanalyzer.supportsExtension("dll");
aanalyzer.initialize();
fail("Expected an AnalysisException");
} catch (AnalysisException ae) {
assertEquals("An error occured with the .NET AssemblyAnalyzer", ae.getMessage());
} finally {
// Recover the logger
Logger.getLogger(AssemblyAnalyzer.class.getName()).setLevel(oldLevel);
// Now recover the way we came in. If we had to set a System property, delete it. Otherwise,
// reset the old value
if (oldValue == null) {