From 7eda83a434c1f0af8deec4d333904b2f933ec196 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Thu, 31 Aug 2017 07:01:43 -0400 Subject: [PATCH] fixed test cacses --- .../analyzer/AssemblyAnalyzerTest.java | 2 + .../analyzer/RubyBundleAuditAnalyzerTest.java | 41 +++++++++++-------- 2 files changed, 26 insertions(+), 17 deletions(-) diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java index 893e80749..2ee1c51dc 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java @@ -35,6 +35,7 @@ import static org.junit.Assume.assumeNotNull; import org.junit.Before; import org.junit.Test; import org.owasp.dependencycheck.BaseTest; +import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Dependency; @@ -201,6 +202,7 @@ public class AssemblyAnalyzerTest extends BaseTest { System.setProperty(LOG_KEY, "error"); // Have to make a NEW analyzer because during setUp, it would have gotten the correct one AssemblyAnalyzer aanalyzer = new AssemblyAnalyzer(); + aanalyzer.initializeSettings(getSettings()); aanalyzer.accept(new File("test.dll")); // trick into "thinking it is active" aanalyzer.initialize(null); fail("Expected an InitializationException"); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java index b6372c9e7..e3d880e59 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java @@ -46,6 +46,7 @@ import org.owasp.dependencycheck.utils.Settings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import static org.junit.Assert.fail; +import org.owasp.dependencycheck.data.update.exception.UpdateException; import org.owasp.dependencycheck.exception.InitializationException; /** @@ -54,7 +55,7 @@ import org.owasp.dependencycheck.exception.InitializationException; * @author Dale Visser */ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase { - + private static final Logger LOGGER = LoggerFactory.getLogger(RubyBundleAuditAnalyzerTest.class); /** @@ -71,7 +72,8 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase { @Override public void setUp() throws Exception { super.setUp(); - getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, false); + //test testAddCriticalityToVulnerability requires CVE-2015-3225 so we must ensure db is updated. + //getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, false); getSettings().setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false); getSettings().setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false); analyzer = new RubyBundleAuditAnalyzer(); @@ -117,7 +119,7 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase { */ @Test public void testAnalysis() throws AnalysisException, DatabaseException { - try (Engine engine = new Engine(getSettings())){ + try (Engine engine = new Engine(getSettings())) { engine.openDatabase(); analyzer.initialize(engine); final String resource = "ruby/vulnerable/gems/rails-4.1.15/Gemfile.lock"; @@ -125,12 +127,18 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase { analyzer.analyze(result, engine); int size = engine.getDependencies().size(); assertTrue(size >= 1); - - Dependency dependency = engine.getDependencies().get(0); - assertTrue(dependency.getProductEvidence().toString().toLowerCase().contains("redcarpet")); - assertTrue(dependency.getVersionEvidence().toString().toLowerCase().contains("2.2.2")); - assertTrue(dependency.getFilePath().endsWith(resource)); - assertTrue(dependency.getFileName().equals("Gemfile.lock")); + boolean found = false; + for (Dependency dependency : engine.getDependencies()) { + found = dependency.getProductEvidence().toString().toLowerCase().contains("redcarpet"); + found &= dependency.getVersionEvidence().toString().toLowerCase().contains("2.2.2"); + found &= dependency.getFilePath().endsWith(resource); + found &= dependency.getFileName().equals("Gemfile.lock"); + if (found) { + break; + } + } + assertTrue("redcarpet was not identified", found); + } catch (InitializationException | DatabaseException | AnalysisException e) { LOGGER.warn("Exception setting up RubyBundleAuditAnalyzer. Make sure Ruby gem bundle-audit is installed. You may also need to set property \"analyzer.bundle.audit.path\"."); Assume.assumeNoException("Exception setting up RubyBundleAuditAnalyzer; bundle audit may not be installed, or property \"analyzer.bundle.audit.path\" may not be set.", e); @@ -143,18 +151,17 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase { @Test public void testAddCriticalityToVulnerability() throws AnalysisException, DatabaseException { try (Engine engine = new Engine(getSettings())) { - engine.openDatabase(); + engine.doUpdates(); analyzer.initialize(engine); - + final Dependency result = new Dependency(BaseTest.getResourceAsFile(this, "ruby/vulnerable/gems/sinatra/Gemfile.lock")); analyzer.analyze(result, engine); - Dependency dependency = engine.getDependencies().get(0); Vulnerability vulnerability = dependency.getVulnerabilities().first(); assertEquals(vulnerability.getCvssScore(), 5.0f, 0.0); - - } catch (InitializationException | DatabaseException | AnalysisException e) { + + } catch (InitializationException | DatabaseException | AnalysisException | UpdateException e) { LOGGER.warn("Exception setting up RubyBundleAuditAnalyzer. Make sure Ruby gem bundle-audit is installed. You may also need to set property \"analyzer.bundle.audit.path\"."); Assume.assumeNoException("Exception setting up RubyBundleAuditAnalyzer; bundle audit may not be installed, or property \"analyzer.bundle.audit.path\" may not be set.", e); } @@ -210,14 +217,14 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase { while (dIterator.hasNext()) { Dependency dept = dIterator.next(); LOGGER.info("dept path: {}", dept.getActualFilePath()); - + Set identifiers = dept.getIdentifiers(); Iterator idIterator = identifiers.iterator(); while (idIterator.hasNext()) { Identifier id = idIterator.next(); LOGGER.info(" Identifier: {}, type={}, url={}, conf={}", id.getValue(), id.getType(), id.getUrl(), id.getConfidence()); } - + Set prodEv = dept.getProductEvidence().getEvidence(); Iterator it = prodEv.iterator(); while (it.hasNext()) { @@ -230,7 +237,7 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase { Evidence e = vIt.next(); LOGGER.info(" version: name={}, value={}, source={}, confidence={}", e.getName(), e.getValue(), e.getSource(), e.getConfidence()); } - + Set vendorEv = dept.getVendorEvidence().getEvidence(); Iterator vendorIt = vendorEv.iterator(); while (vendorIt.hasNext()) {