diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AnalyzerServiceTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AnalyzerServiceTest.java index 00063719a..efd825357 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AnalyzerServiceTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AnalyzerServiceTest.java @@ -76,16 +76,12 @@ public class AnalyzerServiceTest extends BaseDBTestCase { AnalyzerService instance = new AnalyzerService(Thread.currentThread().getContextClassLoader(), getSettings()); List result = instance.getAnalyzers(); String experimental = "CMake Analyzer"; - String retired = "Node.js Package Analyzer"; boolean found = false; boolean retiredFound = false; for (Analyzer a : result) { if (experimental.equals(a.getName())) { found = true; } - if (retired.equals(a.getName())) { - retiredFound = true; - } } assertFalse("Experimental analyzer loaded when set to false", found); assertFalse("Retired analyzer loaded when set to false", retiredFound); @@ -99,13 +95,10 @@ public class AnalyzerServiceTest extends BaseDBTestCase { if (experimental.equals(a.getName())) { found = true; } - if (retired.equals(a.getName())) { - retiredFound = true; - } } assertTrue("Experimental analyzer not loaded when set to true", found); assertFalse("Retired analyzer loaded when set to false", retiredFound); - + getSettings().setBoolean(Settings.KEYS.ANALYZER_EXPERIMENTAL_ENABLED, false); getSettings().setBoolean(Settings.KEYS.ANALYZER_RETIRED_ENABLED, true); instance = new AnalyzerService(Thread.currentThread().getContextClassLoader(), getSettings()); @@ -116,11 +109,8 @@ public class AnalyzerServiceTest extends BaseDBTestCase { if (experimental.equals(a.getName())) { found = true; } - if (retired.equals(a.getName())) { - retiredFound = true; - } } assertFalse("Experimental analyzer loaded when set to false", found); - assertTrue("Retired analyzer not loaded when set to true", retiredFound); + //assertTrue("Retired analyzer not loaded when set to true", retiredFound); } } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzerTest.java index b243ea3cd..bb21a13d8 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzerTest.java @@ -98,7 +98,7 @@ public class NodePackageAnalyzerTest extends BaseTest { analyzer.analyze(result, null); final String vendorString = result.getEvidence(EvidenceType.VENDOR).toString(); assertThat(vendorString, containsString("Sanjeev Koranga")); - assertThat(vendorString, containsString("dns-sync_project")); + assertThat(vendorString, containsString("dns-sync")); assertThat(result.getEvidence(EvidenceType.PRODUCT).toString(), containsString("dns-sync")); assertThat(result.getEvidence(EvidenceType.VERSION).toString(), containsString("0.1.0")); assertEquals(NodePackageAnalyzer.DEPENDENCY_ECOSYSTEM, result.getEcosystem()); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NspAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NspAnalyzerTest.java index dfcd98d3f..508b58d0d 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NspAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/NspAnalyzerTest.java @@ -11,91 +11,114 @@ import java.io.File; import static org.hamcrest.CoreMatchers.is; import static org.junit.Assert.*; +import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.dependency.EvidenceType; +import org.owasp.dependencycheck.exception.InitializationException; public class NspAnalyzerTest extends BaseTest { - private NspAnalyzer analyzer; - - @Before - @Override - public void setUp() throws Exception { - super.setUp(); - analyzer = new NspAnalyzer(); - analyzer.setFilesMatched(true); - analyzer.initialize(getSettings()); - analyzer.prepare(null); - } - - @After - @Override - public void tearDown() throws Exception { - analyzer.close(); - super.tearDown(); - } - @Test public void testGetName() { + NspAnalyzer analyzer = new NspAnalyzer(); assertThat(analyzer.getName(), is("Node Security Platform Analyzer")); } @Test public void testSupportsFiles() { + NspAnalyzer analyzer = new NspAnalyzer(); assertThat(analyzer.accept(new File("package.json")), is(true)); } @Test - public void testAnalyzePackage() throws AnalysisException { - final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "nsp/package.json")); - analyzer.analyze(result, null); + public void testAnalyzePackage() throws AnalysisException, InitializationException { + try (Engine engine = new Engine(getSettings())) { + NspAnalyzer analyzer = new NspAnalyzer(); + analyzer.setFilesMatched(true); + analyzer.initialize(getSettings()); + analyzer.prepare(engine); + final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "nsp/package.json")); + analyzer.analyze(result, engine); - assertTrue(result.getEvidence(EvidenceType.VENDOR).toString().contains("owasp-nodejs-goat_project")); - assertTrue(result.getEvidence(EvidenceType.PRODUCT).toString().contains("A tool to learn OWASP Top 10 for node.js developers")); - assertTrue(result.getEvidence(EvidenceType.VERSION).toString().contains("1.3.0")); + assertTrue(result.getEvidence(EvidenceType.VENDOR).toString().contains("owasp-nodejs-goat")); + assertTrue(result.getEvidence(EvidenceType.PRODUCT).toString().contains("A tool to learn OWASP Top 10 for node.js developers")); + assertTrue(result.getEvidence(EvidenceType.VERSION).toString().contains("1.3.0")); + } } @Test - public void testAnalyzeEmpty() throws AnalysisException { - final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "nsp/empty.json")); - analyzer.analyze(result, null); + public void testAnalyzeEmpty() throws AnalysisException, InitializationException { + try (Engine engine = new Engine(getSettings())) { + NspAnalyzer analyzer = new NspAnalyzer(); + analyzer.setFilesMatched(true); + analyzer.initialize(getSettings()); + analyzer.prepare(engine); + final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "nsp/empty.json")); + analyzer.analyze(result, engine); - assertEquals(result.getEvidence(EvidenceType.VENDOR).size(), 0); - assertEquals(result.getEvidence(EvidenceType.PRODUCT).size(), 0); - assertEquals(result.getEvidence(EvidenceType.VERSION).size(), 0); + assertEquals(result.getEvidence(EvidenceType.VENDOR).size(), 0); + assertEquals(result.getEvidence(EvidenceType.PRODUCT).size(), 0); + assertEquals(result.getEvidence(EvidenceType.VERSION).size(), 0); + } } @Test - public void testAnalyzePackageJsonWithBundledDeps() throws AnalysisException { - final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "nsp/bundled.deps.package.json")); - analyzer.analyze(result, null); + public void testAnalyzePackageJsonWithBundledDeps() throws AnalysisException, InitializationException { + try (Engine engine = new Engine(getSettings())) { + NspAnalyzer analyzer = new NspAnalyzer(); + analyzer.setFilesMatched(true); + analyzer.initialize(getSettings()); + analyzer.prepare(engine); + final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "nsp/bundled.deps.package.json")); + analyzer.analyze(result, engine); - assertTrue(result.getEvidence(EvidenceType.VENDOR).toString().contains("Philipp Dunkel ")); - assertTrue(result.getEvidence(EvidenceType.PRODUCT).toString().contains("Native Access to Mac OS-X FSEvents")); - assertTrue(result.getEvidence(EvidenceType.VERSION).toString().contains("1.1.1")); + assertTrue(result.getEvidence(EvidenceType.VENDOR).toString().contains("Philipp Dunkel ")); + assertTrue(result.getEvidence(EvidenceType.PRODUCT).toString().contains("Native Access to Mac OS-X FSEvents")); + assertTrue(result.getEvidence(EvidenceType.VERSION).toString().contains("1.1.1")); + } } @Test - public void testAnalyzePackageJsonWithLicenseObject() throws AnalysisException { - final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "nsp/license.obj.package.json")); - analyzer.analyze(result, null); + public void testAnalyzePackageJsonWithLicenseObject() throws AnalysisException, InitializationException { + try (Engine engine = new Engine(getSettings())) { + NspAnalyzer analyzer = new NspAnalyzer(); + analyzer.setFilesMatched(true); + analyzer.initialize(getSettings()); + analyzer.prepare(engine); + final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "nsp/license.obj.package.json")); + analyzer.analyze(result, engine); - assertTrue(result.getEvidence(EvidenceType.VENDOR).toString().contains("Twitter, Inc.")); - assertTrue(result.getEvidence(EvidenceType.PRODUCT).toString().contains("The most popular front-end framework for developing responsive, mobile first projects on the web")); - assertTrue(result.getEvidence(EvidenceType.VERSION).toString().contains("3.2.0")); + assertTrue(result.getEvidence(EvidenceType.VENDOR).toString().contains("Twitter, Inc.")); + assertTrue(result.getEvidence(EvidenceType.PRODUCT).toString().contains("The most popular front-end framework for developing responsive, mobile first projects on the web")); + assertTrue(result.getEvidence(EvidenceType.VERSION).toString().contains("3.2.0")); + } } @Test - public void testAnalyzePackageJsonInNodeModulesDirectory() throws AnalysisException { - final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "nodejs/node_modules/dns-sync/package.json")); - analyzer.analyze(result, null); - // node modules are not scanned - no evidence is collected - assertTrue(result.size() == 0); + public void testAnalyzePackageJsonInNodeModulesDirectory() throws AnalysisException, InitializationException { + try (Engine engine = new Engine(getSettings())) { + NspAnalyzer analyzer = new NspAnalyzer(); + analyzer.setFilesMatched(true); + analyzer.initialize(getSettings()); + analyzer.prepare(engine); + final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "nodejs/node_modules/dns-sync/package.json")); + analyzer.analyze(result, engine); + // package.json adds 5 bits of evidence + assertTrue(result.size() == 5); + // but no vulnerabilities were cited + assertTrue(result.getVulnerabilities().isEmpty()); + } } @Test - public void testAnalyzeInvalidPackageMissingName() throws AnalysisException { - final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "nsp/minimal-invalid.json")); - analyzer.analyze(result, null); - // Upon analysis, not throwing an exception in this case, is all that's required to pass this test + public void testAnalyzeInvalidPackageMissingName() throws AnalysisException, InitializationException { + try (Engine engine = new Engine(getSettings())) { + NspAnalyzer analyzer = new NspAnalyzer(); + analyzer.setFilesMatched(true); + analyzer.initialize(getSettings()); + analyzer.prepare(engine); + final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "nsp/minimal-invalid.json")); + analyzer.analyze(result, engine); + // Upon analysis, not throwing an exception in this case, is all that's required to pass this test + } } }