fixed test cacses

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java

@@ -35,6 +35,7 @@ import static org.junit.Assume.assumeNotNull;
 import org.junit.Before;
 import org.junit.Test;
 import org.owasp.dependencycheck.BaseTest;
+import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.dependency.Confidence;
 import org.owasp.dependencycheck.dependency.Dependency;
@@ -201,6 +202,7 @@ public class AssemblyAnalyzerTest extends BaseTest {
             System.setProperty(LOG_KEY, "error");
             // Have to make a NEW analyzer because during setUp, it would have gotten the correct one
             AssemblyAnalyzer aanalyzer = new AssemblyAnalyzer();
+            aanalyzer.initializeSettings(getSettings());
             aanalyzer.accept(new File("test.dll")); // trick into "thinking it is active"
             aanalyzer.initialize(null);
             fail("Expected an InitializationException");

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.java

@@ -46,6 +46,7 @@ import org.owasp.dependencycheck.utils.Settings;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import static org.junit.Assert.fail;
+import org.owasp.dependencycheck.data.update.exception.UpdateException;
 import org.owasp.dependencycheck.exception.InitializationException;
 
 /**
@@ -71,7 +72,8 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
     @Override
     public void setUp() throws Exception {
         super.setUp();
-        getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, false);
+        //test testAddCriticalityToVulnerability requires CVE-2015-3225 so we must ensure db is updated.
+        //getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, false);
         getSettings().setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
         getSettings().setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
         analyzer = new RubyBundleAuditAnalyzer();
@@ -117,7 +119,7 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
      */
     @Test
     public void testAnalysis() throws AnalysisException, DatabaseException {
-        try (Engine engine = new Engine(getSettings())){
+        try (Engine engine = new Engine(getSettings())) {
             engine.openDatabase();
             analyzer.initialize(engine);
             final String resource = "ruby/vulnerable/gems/rails-4.1.15/Gemfile.lock";
@@ -125,12 +127,18 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
             analyzer.analyze(result, engine);
             int size = engine.getDependencies().size();
             assertTrue(size >= 1);
+            boolean found = false;
+            for (Dependency dependency : engine.getDependencies()) {
+                found = dependency.getProductEvidence().toString().toLowerCase().contains("redcarpet");
+                found &= dependency.getVersionEvidence().toString().toLowerCase().contains("2.2.2");
+                found &= dependency.getFilePath().endsWith(resource);
+                found &= dependency.getFileName().equals("Gemfile.lock");
+                if (found) {
+                    break;
+                }
+            }
+            assertTrue("redcarpet was not identified", found);
 
-            Dependency dependency = engine.getDependencies().get(0);
-            assertTrue(dependency.getProductEvidence().toString().toLowerCase().contains("redcarpet"));
-            assertTrue(dependency.getVersionEvidence().toString().toLowerCase().contains("2.2.2"));
-            assertTrue(dependency.getFilePath().endsWith(resource));
-            assertTrue(dependency.getFileName().equals("Gemfile.lock"));
         } catch (InitializationException | DatabaseException | AnalysisException e) {
             LOGGER.warn("Exception setting up RubyBundleAuditAnalyzer. Make sure Ruby gem bundle-audit is installed. You may also need to set property \"analyzer.bundle.audit.path\".");
             Assume.assumeNoException("Exception setting up RubyBundleAuditAnalyzer; bundle audit may not be installed, or property \"analyzer.bundle.audit.path\" may not be set.", e);
@@ -143,18 +151,17 @@ public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
     @Test
     public void testAddCriticalityToVulnerability() throws AnalysisException, DatabaseException {
         try (Engine engine = new Engine(getSettings())) {
-            engine.openDatabase();
+            engine.doUpdates();
             analyzer.initialize(engine);
 
             final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
                     "ruby/vulnerable/gems/sinatra/Gemfile.lock"));
             analyzer.analyze(result, engine);
-            
             Dependency dependency = engine.getDependencies().get(0);
             Vulnerability vulnerability = dependency.getVulnerabilities().first();
             assertEquals(vulnerability.getCvssScore(), 5.0f, 0.0);
 
-        } catch (InitializationException | DatabaseException | AnalysisException e) {
+        } catch (InitializationException | DatabaseException | AnalysisException | UpdateException e) {
             LOGGER.warn("Exception setting up RubyBundleAuditAnalyzer. Make sure Ruby gem bundle-audit is installed. You may also need to set property \"analyzer.bundle.audit.path\".");
             Assume.assumeNoException("Exception setting up RubyBundleAuditAnalyzer; bundle audit may not be installed, or property \"analyzer.bundle.audit.path\" may not be set.", e);
         }