mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-20 00:04:27 +01:00
merge conflict resolved
This commit is contained in:
Jeremy Long
@@ -18,9 +18,12 @@
|
||||
package org.owasp.dependencycheck.analyzer;
|
||||
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import org.junit.Test;
|
||||
import org.owasp.dependencycheck.BaseDBTestCase;
|
||||
import org.owasp.dependencycheck.utils.Settings;
|
||||
|
||||
/**
|
||||
*
|
||||
@@ -34,15 +37,42 @@ public class AnalyzerServiceTest extends BaseDBTestCase {
|
||||
@Test
|
||||
public void testGetAnalyzers() {
|
||||
AnalyzerService instance = new AnalyzerService(Thread.currentThread().getContextClassLoader());
|
||||
Iterator<Analyzer> result = instance.getAnalyzers();
|
||||
List<Analyzer> result = instance.getAnalyzers();
|
||||
|
||||
boolean found = false;
|
||||
while (result.hasNext()) {
|
||||
Analyzer a = result.next();
|
||||
for (Analyzer a : result) {
|
||||
if ("Jar Analyzer".equals(a.getName())) {
|
||||
found = true;
|
||||
}
|
||||
}
|
||||
assertTrue("JarAnalyzer loaded", found);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test of getAnalyzers method, of class AnalyzerService.
|
||||
*/
|
||||
@Test
|
||||
public void testGetExperimentalAnalyzers() {
|
||||
Settings.setBoolean(Settings.KEYS.ANALYZER_EXPERIMENTAL_ENABLED, false);
|
||||
AnalyzerService instance = new AnalyzerService(Thread.currentThread().getContextClassLoader());
|
||||
List<Analyzer> result = instance.getAnalyzers();
|
||||
String experimental = "CMake Analyzer";
|
||||
boolean found = false;
|
||||
for (Analyzer a : result) {
|
||||
if (experimental.equals(a.getName())) {
|
||||
found = true;
|
||||
}
|
||||
}
|
||||
assertFalse("Experimental analyzer loaded when set to false", found);
|
||||
|
||||
Settings.setBoolean(Settings.KEYS.ANALYZER_EXPERIMENTAL_ENABLED, true);
|
||||
result = instance.getAnalyzers();
|
||||
found = false;
|
||||
for (Analyzer a : result) {
|
||||
if (experimental.equals(a.getName())) {
|
||||
found = true;
|
||||
}
|
||||
}
|
||||
assertTrue("Experimental analyzer not loaded when set to true", found);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -65,7 +65,7 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
|
||||
*/
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
Settings.initialize();
|
||||
Settings.initialize();
|
||||
analyzer = new RubyBundleAuditAnalyzer();
|
||||
analyzer.setFilesMatched(true);
|
||||
}
|
||||
@@ -77,7 +77,7 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
|
||||
*/
|
||||
@After
|
||||
public void tearDown() throws Exception {
|
||||
Settings.cleanup();
|
||||
Settings.cleanup();
|
||||
analyzer.close();
|
||||
analyzer = null;
|
||||
}
|
||||
@@ -105,7 +105,7 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
|
||||
*/
|
||||
@Test
|
||||
public void testAnalysis() throws AnalysisException, DatabaseException {
|
||||
try {
|
||||
try {
|
||||
analyzer.initialize();
|
||||
final String resource = "ruby/vulnerable/gems/rails-4.1.15/Gemfile.lock";
|
||||
final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, resource));
|
||||
@@ -139,7 +139,6 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
|
||||
final Engine engine = new Engine();
|
||||
analyzer.analyze(result, engine);
|
||||
|
||||
|
||||
Dependency dependency = engine.getDependencies().get(0);
|
||||
Vulnerability vulnerability = dependency.getVulnerabilities().first();
|
||||
assertEquals(vulnerability.getCvssScore(), 5.0f, 0.0);
|
||||
@@ -150,7 +149,6 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Test when Ruby bundle-audit is not available on the system.
|
||||
*
|
||||
@@ -158,17 +156,16 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
|
||||
*/
|
||||
@Test
|
||||
public void testMissingBundleAudit() throws AnalysisException, DatabaseException {
|
||||
//set a non-exist bundle-audit
|
||||
//set a non-exist bundle-audit
|
||||
Settings.setString(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_PATH, "phantom-bundle-audit");
|
||||
try {
|
||||
//initialize should fail.
|
||||
analyzer.initialize();
|
||||
} catch (Exception e) {
|
||||
//expected, so ignore.
|
||||
}
|
||||
finally {
|
||||
assertThat(analyzer.isEnabled(), is(false));
|
||||
LOGGER.info("phantom-bundle-audit is not available. Ruby Bundle Audit Analyzer is disabled as expected.");
|
||||
analyzer.initialize();
|
||||
} catch (Exception e) {
|
||||
//expected, so ignore.
|
||||
} finally {
|
||||
assertThat(analyzer.isEnabled(), is(false));
|
||||
LOGGER.info("phantom-bundle-audit is not available. Ruby Bundle Audit Analyzer is disabled as expected.");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -58,12 +58,6 @@ cve.url-2.0.base=https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml.gz
|
||||
cpe.validfordays=30
|
||||
cpe.url=http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz
|
||||
|
||||
# file type analyzer settings:
|
||||
analyzer.archive.enabled=true
|
||||
analyzer.jar.enabled=true
|
||||
analyzer.nuspec.enabled=true
|
||||
analyzer.assembly.enabled=true
|
||||
analyzer.composer.lock.enabled=true
|
||||
|
||||
# the URL for searching Nexus for SHA-1 hashes and whether it's enabled
|
||||
analyzer.nexus.enabled=true
|
||||
@@ -82,7 +76,7 @@ archive.scan.depth=3
|
||||
# use HEAD (default) or GET as HTTP request method for query timestamp
|
||||
downloader.quick.query.timestamp=true
|
||||
|
||||
|
||||
analyzer.experimental.enabled=true
|
||||
analyzer.jar.enabled=true
|
||||
analyzer.archive.enabled=true
|
||||
analyzer.node.package.enabled=true
|
||||
|
||||
Reference in New Issue
Block a user