Converted to XPath instead of SAX

Former-commit-id: e6062e1b9497a7134b6923f7f85e1fe3f18cefcc
2026-02-25 03:45:16 +01:00 · 2014-01-26 22:11:11 -05:00
parent 17e3e51607
commit 78f7152f6c
8 changed files with 489 additions and 274 deletions
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nuget/XPathNuspecParserTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nuget/XPathNuspecParserTest.java
@@ -0,0 +1,73 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2014 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.data.nuget;
+
+import java.io.InputStream;
+
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+
+/**
+ * 
+ * @author willstranathan
+ *
+ */
+public class XPathNuspecParserTest {
+    /**
+     * Test all the valid components.
+     * 
+     * @throws Exception if anything goes sideways.
+     */
+    @Test
+    public void testGoodDocument() throws Exception {
+        NuspecParser parser = new XPathNuspecParser();
+        InputStream is = XPathNuspecParserTest.class.getClassLoader().getResourceAsStream("log4net.2.0.3.nuspec");
+        NugetPackage np = parser.parse(is);
+        assertEquals("log4net", np.getId());
+        assertEquals("2.0.3", np.getVersion());
+        assertEquals("log4net [1.2.13]", np.getTitle());
+        assertEquals("Apache Software Foundation", np.getAuthors());
+        assertEquals("Apache Software Foundation", np.getOwners());
+        assertEquals("http://logging.apache.org/log4net/license.html", np.getLicenseUrl());
+    }
+    
+    /**
+     * Expect a NuspecParseException when what we pass isn't even XML.
+     * 
+     * @throws Exception we expect this.
+     */
+    @Test(expected=NuspecParseException.class)
+    public void testMissingDocument() throws Exception {
+        NuspecParser parser = new XPathNuspecParser();
+        InputStream is = XPathNuspecParserTest.class.getClassLoader().getResourceAsStream("dependencycheck.properties");
+        NugetPackage np = parser.parse(is);
+    }
+    
+    /**
+     * Expect a NuspecParseException when it's valid XML, but not a Nuspec.
+     * 
+     * @throws Exception we expect this.
+     */
+    @Test(expected=NuspecParseException.class)
+    public void testNotNuspec() throws Exception {
+        NuspecParser parser = new XPathNuspecParser();
+        InputStream is = XPathNuspecParserTest.class.getClassLoader().getResourceAsStream("suppressions.xml");
+        NugetPackage np = parser.parse(is);
+    }
+}
--- a/dependency-check-core/src/test/resources/log4net.2.0.3.nuspec
+++ b/dependency-check-core/src/test/resources/log4net.2.0.3.nuspec
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2010/07/nuspec.xsd">
+  <metadata>
+    <id>log4net</id>
+    <version>2.0.3</version>
+    <title>log4net [1.2.13]</title>
+    <authors>Apache Software Foundation</authors>
+    <owners>Apache Software Foundation</owners>
+    <licenseUrl>http://logging.apache.org/log4net/license.html</licenseUrl>
+    <projectUrl>http://logging.apache.org/log4net/</projectUrl>
+    <requireLicenseAcceptance>false</requireLicenseAcceptance>
+    <description>log4net is a tool to help the programmer output log statements to a variety of output targets. In case of problems with an application, it is helpful to enable logging so that the problem can be located. With log4net it is possible to enable logging at runtime without modifying the application binary. The log4net package is designed so that log statements can remain in shipped code without incurring a high performance cost. It follows that the speed of logging (or rather not logging) is crucial. 
+
+At the same time, log output can be so voluminous that it quickly becomes overwhelming. One of the distinctive features of log4net is the notion of hierarchical loggers. Using these loggers it is possible to selectively control which log statements are output at arbitrary granularity. 
+
+log4net is designed with two distinct goals in mind: speed and flexibility</description>
+    <summary>The Apache log4net library is a tool to help the programmer output log statements to a variety of output targets.</summary>
+    <tags>logging log tracing logfiles</tags>
+  </metadata>
+</package>