diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml
index 95162aed7..0f4061ed0 100644
--- a/dependency-check-ant/pom.xml
+++ b/dependency-check-ant/pom.xml
@@ -439,6 +439,11 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
dependency-check-core${project.parent.version}
+
+ org.owasp
+ dependency-check-utils
+ ${project.parent.version}
+ org.owaspdependency-check-core
diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml
index eedd992d0..a28b61086 100644
--- a/dependency-check-cli/pom.xml
+++ b/dependency-check-cli/pom.xml
@@ -341,5 +341,10 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
dependency-check-core${project.parent.version}
+
+ org.owasp
+ dependency-check-utils
+ ${project.parent.version}
+
diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml
index ca5478bc5..a7b640d91 100644
--- a/dependency-check-core/pom.xml
+++ b/dependency-check-core/pom.xml
@@ -220,6 +220,11 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
data.directory${project.build.directory}/data
+
+ temp.directory
+ ${project.build.directory}/temp
+
+
**/*IntegrationTest.java
@@ -399,6 +404,11 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
+
+ org.owasp
+ dependency-check-utils
+ ${project.parent.version}
+ org.apache.lucenelucene-test-framework
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java
new file mode 100644
index 000000000..aae31e6f3
--- /dev/null
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java
@@ -0,0 +1,145 @@
+/*
+ * Copyright 2014 OWASP.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.owasp.dependencycheck.utils;
+
+import java.io.BufferedInputStream;
+import java.io.BufferedOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipInputStream;
+import org.owasp.dependencycheck.Engine;
+import static org.owasp.dependencycheck.utils.FileUtils.getFileExtension;
+
+/**
+ *
+ * @author Jeremy Long
+ */
+public class ExtractionUtil {
+
+ /**
+ * The logger.
+ */
+ private static final Logger LOGGER = Logger.getLogger(ExtractionUtil.class.getName());
+ /**
+ * The buffer size to use when extracting files from the archive.
+ */
+ private static final int BUFFER_SIZE = 4096;
+
+ /**
+ * Private constructor for a utility class.
+ */
+ private ExtractionUtil() {
+ }
+
+ /**
+ * Extracts the contents of an archive into the specified directory.
+ *
+ * @param archive an archive file such as a WAR or EAR
+ * @param extractTo a directory to extract the contents to
+ * @throws ExtractionException thrown if an exception occurs while extracting the files
+ */
+ public static void extractFiles(File archive, File extractTo) throws ExtractionException {
+ extractFiles(archive, extractTo, null);
+ }
+
+ /**
+ * Extracts the contents of an archive into the specified directory. The files are only extracted if they are
+ * supported by the analyzers loaded into the specified engine. If the engine is specified as null then all files
+ * are extracted.
+ *
+ * @param archive an archive file such as a WAR or EAR
+ * @param extractTo a directory to extract the contents to
+ * @param engine the scanning engine
+ * @throws ExtractionException thrown if there is an error extracting the files
+ */
+ public static void extractFiles(File archive, File extractTo, Engine engine) throws ExtractionException {
+ if (archive == null || extractTo == null) {
+ return;
+ }
+
+ FileInputStream fis = null;
+ ZipInputStream zis = null;
+
+ try {
+ fis = new FileInputStream(archive);
+ } catch (FileNotFoundException ex) {
+ LOGGER.log(Level.FINE, null, ex);
+ throw new ExtractionException("Archive file was not found.", ex);
+ }
+ zis = new ZipInputStream(new BufferedInputStream(fis));
+ ZipEntry entry;
+ try {
+ while ((entry = zis.getNextEntry()) != null) {
+ if (entry.isDirectory()) {
+ final File d = new File(extractTo, entry.getName());
+ if (!d.exists() && !d.mkdirs()) {
+ final String msg = String.format("Unable to create '%s'.", d.getAbsolutePath());
+ throw new ExtractionException(msg);
+ }
+ } else {
+ final File file = new File(extractTo, entry.getName());
+ final String ext = getFileExtension(file.getName());
+ if (engine == null || engine.supportsExtension(ext)) {
+ BufferedOutputStream bos = null;
+ FileOutputStream fos;
+ try {
+ fos = new FileOutputStream(file);
+ bos = new BufferedOutputStream(fos, BUFFER_SIZE);
+ int count;
+ final byte data[] = new byte[BUFFER_SIZE];
+ while ((count = zis.read(data, 0, BUFFER_SIZE)) != -1) {
+ bos.write(data, 0, count);
+ }
+ bos.flush();
+ } catch (FileNotFoundException ex) {
+ LOGGER.log(Level.FINE, null, ex);
+ final String msg = String.format("Unable to find file '%s'.", file.getName());
+ throw new ExtractionException(msg, ex);
+ } catch (IOException ex) {
+ LOGGER.log(Level.FINE, null, ex);
+ final String msg = String.format("IO Exception while parsing file '%s'.", file.getName());
+ throw new ExtractionException(msg, ex);
+ } finally {
+ if (bos != null) {
+ try {
+ bos.close();
+ } catch (IOException ex) {
+ LOGGER.log(Level.FINEST, null, ex);
+ }
+ }
+ }
+ }
+ }
+ }
+ } catch (IOException ex) {
+ final String msg = String.format("Exception reading archive '%s'.", archive.getName());
+ LOGGER.log(Level.FINE, msg, ex);
+ throw new ExtractionException(msg, ex);
+ } finally {
+ try {
+ zis.close();
+ } catch (IOException ex) {
+ LOGGER.log(Level.FINEST, null, ex);
+ }
+ }
+ }
+}
diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml
index 91904fbc8..513dc79c2 100644
--- a/dependency-check-maven/pom.xml
+++ b/dependency-check-maven/pom.xml
@@ -277,6 +277,11 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
dependency-check-core${project.parent.version}
+
+ org.owasp
+ dependency-check-utils
+ ${project.parent.version}
+ org.apache.mavenmaven-plugin-api
diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml
new file mode 100644
index 000000000..535feaa03
--- /dev/null
+++ b/dependency-check-utils/pom.xml
@@ -0,0 +1,280 @@
+
+
+ 4.0.0
+
+ org.owasp
+ dependency-check-parent
+ 1.2.2-SNAPSHOT
+
+
+ dependency-check-utils
+ Dependency-Check Utils
+ Dependency-check-utils a collection of common utlity classs used within dependency-check.
+
+
+
+ github-pages-site
+ Deployment through GitHub's site deployment plugin
+ ${basedir}/../target/site/${project.version}/dependency-check-ant
+
+
+
+
+
+ UTF-8
+
+
+
+
+ org.codehaus.mojo
+ cobertura-maven-plugin
+ 2.6
+
+
+ true
+
+
+ 85
+ 85
+ false
+ 85
+ 85
+ 85
+ 85
+
+
+ .*\$.*
+ 0
+ 0
+
+
+
+
+
+
+
+ clean
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-surefire-plugin
+ 2.16
+
+
+
+ temp.directory
+ ${project.build.directory}/temp
+
+
+
+ **/*IntegrationTest.java
+
+
+
+
+ org.apache.maven.plugins
+ maven-failsafe-plugin
+ 2.16
+
+
+
+ temp.directory
+ ${project.build.directory}/temp
+
+
+
+ **/*IntegrationTest.java
+
+
+
+
+
+ integration-test
+ verify
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-compiler-plugin
+ 3.1
+
+ false
+ 1.6
+ 1.6
+
+
+
+ org.apache.maven.plugins
+ maven-site-plugin
+ 3.3
+
+
+ org.apache.maven.doxia
+ doxia-module-markdown
+ 1.5
+
+
+
+ true
+
+
+ org.apache.maven.plugins
+ maven-project-info-reports-plugin
+ 2.7
+
+
+
+ index
+ summary
+ license
+ help
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-javadoc-plugin
+ 2.9.1
+
+
+ default
+
+ javadoc
+
+
+
+
+
+ org.codehaus.mojo
+ versions-maven-plugin
+ 2.1
+
+
+
+ dependency-updates-report
+ plugin-updates-report
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-jxr-plugin
+ 2.4
+
+
+ org.codehaus.mojo
+ cobertura-maven-plugin
+ 2.6
+
+
+ org.apache.maven.plugins
+ maven-surefire-report-plugin
+ 2.16
+
+
+
+ report-only
+
+
+
+
+
+ org.codehaus.mojo
+ taglist-maven-plugin
+ 2.4
+
+
+
+
+ Todo Work
+
+
+ todo
+ ignoreCase
+
+
+ FIXME
+ exact
+
+
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-checkstyle-plugin
+ 2.11
+
+ false
+ ${basedir}/../src/main/config/checkstyle-checks.xml
+ ${basedir}/../src/main/config/checkstyle-header.txt
+ ${basedir}/../src/main/config/checkstyle-suppressions.xml
+ checkstyle.suppressions.file
+
+
+
+ org.apache.maven.plugins
+ maven-pmd-plugin
+ 3.0.1
+
+ 1.6
+ true
+ utf-8
+
+ ../src/main/config/dcrules.xml
+ /rulesets/java/basic.xml
+ /rulesets/java/imports.xml
+ /rulesets/java/unusedcode.xml
+
+
+
+
+ org.codehaus.mojo
+ findbugs-maven-plugin
+ 2.5.3
+
+
+
+
+
+
+
+
+ commons-io
+ commons-io
+ 2.4
+
+
+ junit
+ junit
+ 4.11
+ test
+
+
+
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DownloadFailedException.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/DownloadFailedException.java
similarity index 100%
rename from dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DownloadFailedException.java
rename to dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/DownloadFailedException.java
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Downloader.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java
similarity index 100%
rename from dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Downloader.java
rename to dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionException.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExtractionException.java
similarity index 100%
rename from dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionException.java
rename to dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExtractionException.java
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java
similarity index 55%
rename from dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java
rename to dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java
index cfa7242e9..34727e9b1 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java
+++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java
@@ -17,21 +17,13 @@
*/
package org.owasp.dependencycheck.utils;
-import java.io.BufferedInputStream;
-import java.io.BufferedOutputStream;
import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.UUID;
import java.util.logging.Level;
import java.util.logging.Logger;
-import java.util.zip.ZipEntry;
-import java.util.zip.ZipInputStream;
-import org.owasp.dependencycheck.Engine;
/**
* A collection of utilities for processing information about files.
@@ -54,11 +46,6 @@ public final class FileUtils {
*/
private static final String BIT_BUCKET_WIN = "NUL";
- /**
- * The buffer size to use when extracting files from the archive.
- */
- private static final int BUFFER_SIZE = 4096;
-
/**
* Private constructor for a utility class.
*/
@@ -155,99 +142,6 @@ public final class FileUtils {
return jarPath.getParentFile();
}
- /**
- * Extracts the contents of an archive into the specified directory.
- *
- * @param archive an archive file such as a WAR or EAR
- * @param extractTo a directory to extract the contents to
- * @throws ExtractionException thrown if an exception occurs while extracting the files
- */
- public static void extractFiles(File archive, File extractTo) throws ExtractionException {
- extractFiles(archive, extractTo, null);
- }
-
- /**
- * Extracts the contents of an archive into the specified directory. The files are only extracted if they are
- * supported by the analyzers loaded into the specified engine. If the engine is specified as null then all files
- * are extracted.
- *
- * @param archive an archive file such as a WAR or EAR
- * @param extractTo a directory to extract the contents to
- * @param engine the scanning engine
- * @throws ExtractionException thrown if there is an error extracting the files
- */
- public static void extractFiles(File archive, File extractTo, Engine engine) throws ExtractionException {
- if (archive == null || extractTo == null) {
- return;
- }
-
- FileInputStream fis = null;
- ZipInputStream zis = null;
-
- try {
- fis = new FileInputStream(archive);
- } catch (FileNotFoundException ex) {
- LOGGER.log(Level.FINE, null, ex);
- throw new ExtractionException("Archive file was not found.", ex);
- }
- zis = new ZipInputStream(new BufferedInputStream(fis));
- ZipEntry entry;
- try {
- while ((entry = zis.getNextEntry()) != null) {
- if (entry.isDirectory()) {
- final File d = new File(extractTo, entry.getName());
- if (!d.exists() && !d.mkdirs()) {
- final String msg = String.format("Unable to create '%s'.", d.getAbsolutePath());
- throw new ExtractionException(msg);
- }
- } else {
- final File file = new File(extractTo, entry.getName());
- final String ext = getFileExtension(file.getName());
- if (engine == null || engine.supportsExtension(ext)) {
- BufferedOutputStream bos = null;
- FileOutputStream fos;
- try {
- fos = new FileOutputStream(file);
- bos = new BufferedOutputStream(fos, BUFFER_SIZE);
- int count;
- final byte data[] = new byte[BUFFER_SIZE];
- while ((count = zis.read(data, 0, BUFFER_SIZE)) != -1) {
- bos.write(data, 0, count);
- }
- bos.flush();
- } catch (FileNotFoundException ex) {
- LOGGER.log(Level.FINE, null, ex);
- final String msg = String.format("Unable to find file '%s'.", file.getName());
- throw new ExtractionException(msg, ex);
- } catch (IOException ex) {
- LOGGER.log(Level.FINE, null, ex);
- final String msg = String.format("IO Exception while parsing file '%s'.", file.getName());
- throw new ExtractionException(msg, ex);
- } finally {
- if (bos != null) {
- try {
- bos.close();
- } catch (IOException ex) {
- LOGGER.log(Level.FINEST, null, ex);
- }
- }
- }
- }
- }
- }
- } catch (IOException ex) {
- final String msg = String.format("Exception reading archive '%s'.", archive.getName());
- LOGGER.log(Level.FINE, msg, ex);
- throw new ExtractionException(msg, ex);
- } finally {
- try {
- zis.close();
- } catch (IOException ex) {
- LOGGER.log(Level.FINEST, null, ex);
- }
- }
- }
-
/**
* Return the bit bucket for the OS. '/dev/null' for Unix and 'NUL' for Windows
*
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/InvalidSettingException.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/InvalidSettingException.java
similarity index 100%
rename from dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/InvalidSettingException.java
rename to dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/InvalidSettingException.java
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/LogFilter.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/LogFilter.java
similarity index 100%
rename from dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/LogFilter.java
rename to dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/LogFilter.java
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/LogUtils.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/LogUtils.java
similarity index 100%
rename from dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/LogUtils.java
rename to dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/LogUtils.java
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
similarity index 99%
rename from dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java
rename to dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
index a3f1d3b29..0af35de4e 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java
+++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
@@ -30,6 +30,7 @@ import java.util.Enumeration;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
+import org.owasp.dependencycheck.utils.FileUtils;
/**
* A simple settings container that wraps the dependencycheck.properties file.
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java
similarity index 100%
rename from dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java
rename to dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFailureException.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFailureException.java
similarity index 100%
rename from dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFailureException.java
rename to dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFailureException.java
diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/package-info.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/package-info.java
new file mode 100644
index 000000000..0c92c24b5
--- /dev/null
+++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/package-info.java
@@ -0,0 +1,11 @@
+/**
+ *
+ *
+ * org.owasp.dependencycheck.utils
+ *
+ *
+ * Includes various utility classes such as a Settings wrapper, utilities to make URL Connections, etc.
+ *
+ *
+ */
+package org.owasp.dependencycheck.utils;
diff --git a/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/BaseTest.java b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/BaseTest.java
new file mode 100644
index 000000000..a5b990c41
--- /dev/null
+++ b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/BaseTest.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2014 OWASP.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.owasp.dependencycheck.utils;
+
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+
+/**
+ *
+ * @author Jeremy Long
+ */
+public class BaseTest {
+
+ @BeforeClass
+ public static void setUpClass() throws Exception {
+ Settings.initialize();
+ }
+
+ @AfterClass
+ public static void tearDownClass() throws Exception {
+ Settings.cleanup(true);
+ }
+}
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java
similarity index 97%
rename from dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java
rename to dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java
index 20ab85e00..7feeaeb6a 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java
+++ b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java
@@ -21,7 +21,6 @@ import java.io.File;
import java.net.URL;
import static org.junit.Assert.assertTrue;
import org.junit.Test;
-import org.owasp.dependencycheck.BaseTest;
/**
*
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DownloaderTest.java b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/DownloaderTest.java
similarity index 73%
rename from dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DownloaderTest.java
rename to dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/DownloaderTest.java
index b04fee4c0..b539befcf 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DownloaderTest.java
+++ b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/DownloaderTest.java
@@ -19,12 +19,9 @@ package org.owasp.dependencycheck.utils;
import java.io.File;
import java.net.URL;
-import org.junit.After;
-import org.junit.AfterClass;
import static org.junit.Assert.assertTrue;
-import org.junit.Before;
-import org.junit.BeforeClass;
import org.junit.Test;
+import org.owasp.dependencycheck.utils.Downloader;
/**
*
@@ -32,25 +29,9 @@ import org.junit.Test;
*/
public class DownloaderTest {
- @BeforeClass
- public static void setUpClass() throws Exception {
- }
-
- @AfterClass
- public static void tearDownClass() throws Exception {
- }
-
- @Before
- public void setUp() {
- }
-
- @After
- public void tearDown() {
- }
-
@Test
public void testGetLastModified_file() throws Exception {
- File f = new File("target/test-classes/nvdcve-2.0-2012.xml");
+ File f = new File("target/test-classes/dependencycheck.properties");
URL url = new URL("file:///" + f.getCanonicalPath());
long timestamp = Downloader.getLastModified(url);
assertTrue("timestamp equal to zero?", timestamp > 0);
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/FileUtilsTest.java b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/FileUtilsTest.java
similarity index 97%
rename from dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/FileUtilsTest.java
rename to dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/FileUtilsTest.java
index b94c8273a..d5c68b0c2 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/FileUtilsTest.java
+++ b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/FileUtilsTest.java
@@ -23,7 +23,6 @@ import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import org.junit.Test;
-import org.owasp.dependencycheck.BaseTest;
/**
*
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java
similarity index 99%
rename from dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java
rename to dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java
index 4c8b99216..fec2b026e 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java
+++ b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java
@@ -22,7 +22,6 @@ import java.io.IOException;
import java.net.URISyntaxException;
import org.junit.Assert;
import org.junit.Test;
-import org.owasp.dependencycheck.BaseTest;
/**
*
diff --git a/dependency-check-utils/src/test/resources/dependencycheck.properties b/dependency-check-utils/src/test/resources/dependencycheck.properties
new file mode 100644
index 000000000..70e0d45ab
--- /dev/null
+++ b/dependency-check-utils/src/test/resources/dependencycheck.properties
@@ -0,0 +1,57 @@
+application.name=${pom.name}
+application.version=${pom.version}
+autoupdate=true
+max.download.threads=3
+
+#temp.directory defaults to System.getProperty("java.io.tmpdir")
+#temp.directory=[path to temp directory]
+
+# the path to the data directory; the [JAR] signifies to use the relative path
+# to the dependency-check-core JAR file. This path is only used to construct
+# the connection string for the H2 driver (or other drivers that require a file path
+# to be supplied. If you are using another database (MySQL, Oracle, etc.) this property
+# will not be used. The data.directory will be resolved and if the connection string
+# below contains a %s then the data.directory will replace the %s.
+data.directory=[JAR]/data
+data.connection_string=jdbc:h2:file:%s;FILE_LOCK=SERIALIZED;AUTOCOMMIT=ON;
+#data.connection_string=jdbc:h2:file:%s;AUTO_SERVER=TRUE;AUTOCOMMIT=ON;
+#data.connection_string=jdbc:mysql://localhost:3306/dependencycheck
+
+# user name and password for the database connection. The inherent case is to use H2.
+# As such, this unsecure username/password exist.
+data.user=dcuser
+data.password=DC-Pass1337!
+# The following are only used if the DB Driver is not JDBC4 compliant and/or the driver
+# is not in the current classpath. Setting these properties will add the give path(s) to
+# the class loader and then register the driver with the DriverManager. If the class is
+# not in the path you must specify both the driver name (aka the fully qualified driver name)
+# and the driver path. The driver path can be a semi-colon separated list of files/directories
+# to ensure any and all needed files can be added to the classpath to load the driver.
+# For non-JDBC4 drivers in the classpath only the driver_name needs to be set.
+# For MOST situations these properties likely do not need to be set.
+data.driver_name=org.h2.Driver
+data.driver_path=
+
+# the path to the cpe xml file
+cpe.url=http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.2.xml.gz
+# the path to the cpe meta data file.
+cpe.meta.url=http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.2.meta
+
+# the number of days that the modified nvd cve data holds data for. We don't need
+# to update the other files if we are within this timespan. Per NIST this file
+# holds 8 days of updates, we are using 7 just to be safe.
+cve.url.modified.validfordays=7
+
+# the path to the modified nvd cve xml file.
+cve.url-1.2.modified=http://nvd.nist.gov/download/nvdcve-modified.xml
+cve.url-2.0.modified=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml
+cve.startyear=2014
+cve.url-2.0.base=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml
+cve.url-1.2.base=http://nvd.nist.gov/download/nvdcve-%d.xml
+
+# the URL for searching Nexus for SHA-1 hashes and whether it's enabled
+analyzer.nexus.enabled=true
+analyzer.nexus.url=https://repository.sonatype.org/service/local/
+# If set to true, the proxy will still ONLY be used if the proxy properties (proxy.url, proxy.port)
+# are configured
+analyzer.nexus.proxy=true
diff --git a/dependency-check-utils/src/test/resources/test.properties b/dependency-check-utils/src/test/resources/test.properties
new file mode 100644
index 000000000..dec474f6f
--- /dev/null
+++ b/dependency-check-utils/src/test/resources/test.properties
@@ -0,0 +1 @@
+proxy.port=80
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index be2e9cf3b..515c8ca17 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,3 +1,4 @@
+
-
+-->4.0.0org.owasp
@@ -29,7 +29,8 @@ Copyright (c) 2012 - Jeremy Long
dependency-check-antdependency-check-mavendependency-check-jenkins
-
+ dependency-check-utils
+
Dependency-Checkhttps://github.com/jeremylong/DependencyCheck.gitdependency-check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. This tool can be part of the solution to the OWASP Top 10 2013: A9 - Using Components with Known Vulnerabilities.
@@ -244,4 +245,4 @@ Copyright (c) 2012 - Jeremy Long
jar
-
+
\ No newline at end of file