From 9998cd0ccc871b7e02f889ec4a8151acc67fcea5 Mon Sep 17 00:00:00 2001
From: brianf <brianf@apache.org>
Date: Thu, 21 Sep 2017 16:35:14 -0400
Subject: [PATCH] Normailze Cmake names

---
 .../analyzer/CMakeAnalyzer.java               | 14 ++++++++---
 .../analyzer/CMakeAnalyzerTest.java           | 25 ++++++++++++++++++-
 2 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java
index f24a468c4..606dc6394 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java
@@ -57,6 +57,11 @@ import org.owasp.dependencycheck.exception.InitializationException;
 @Experimental
 public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
 
+    /**
+     * The dependency Ecosystem
+     */
+     static final String DEPENDENCY_ECOSYSTEM = "CMAKE";
+     
     /**
      * The logger.
      */
@@ -149,10 +154,10 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
     @Override
     protected void analyzeDependency(Dependency dependency, Engine engine)
             throws AnalysisException {
+    	    dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
         final File file = dependency.getActualFile();
         final String parentName = file.getParentFile().getName();
         final String name = file.getName();
-        dependency.setDisplayFileName(String.format("%s%c%s", parentName, File.separatorChar, name));
         String contents;
         try {
             contents = FileUtils.readFileToString(file, Charset.defaultCharset()).trim();
@@ -173,6 +178,7 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
                 LOGGER.debug("Group 1: {}", group);
                 dependency.getProductEvidence().addEvidence(name, "Project",
                         group, Confidence.HIGH);
+                dependency.setName(group);
             }
             LOGGER.debug("Found {} matches.", count);
             analyzeSetVersionCommand(dependency, engine, contents);
@@ -211,7 +217,7 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
             if (count > 1) {
                 //TODO - refactor so we do not assign to the parameter (checkstyle)
                 currentDep = new Dependency(dependency.getActualFile());
-                currentDep.setDisplayFileName(String.format("%s:%s", dependency.getDisplayFileName(), product));
+                currentDep.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
                 final String filePath = String.format("%s:%s", dependency.getFilePath(), product);
                 currentDep.setFilePath(filePath);
 
@@ -225,11 +231,13 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
                 currentDep.setSha1sum(Checksum.getHex(sha1.digest(path)));
                 engine.getDependencies().add(currentDep);
             }
-            final String source = currentDep.getDisplayFileName();
+            final String source = currentDep.getFileName();
             currentDep.getProductEvidence().addEvidence(source, "Product",
                     product, Confidence.MEDIUM);
             currentDep.getVersionEvidence().addEvidence(source, "Version",
                     version, Confidence.MEDIUM);
+            currentDep.setName(product);
+            currentDep.setVersion(version);
         }
         LOGGER.debug("Found {} matches.", count);
     }
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java
index 6408d4a86..fac741221 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java
@@ -123,11 +123,32 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
         analyzer.analyze(result, null);
         final String product = "zlib";
         assertProductEvidence(result, product);
+        
+        
     }
 
+    /**
+     * Test whether expected evidence is gathered from OpenCV's CVDetectPython.
+     *
+     * @throws AnalysisException is thrown when an exception occurs.
+     */
+    @Test
+    public void testAnalyzeCMakeListsPython() throws AnalysisException {
+        final Dependency result = new Dependency(BaseTest.getResourceAsFile(
+                this, "cmake/opencv/cmake/OpenCVDetectPython.cmake"));
+        analyzer.analyze(result, null);
+        
+        //this one finds nothing so it falls through to the filename. Can we do better?
+        assertEquals("OpenCVDetectPython.cmake",result.getDisplayFileName());
+        
+        
+    }
+    
     private void assertProductEvidence(Dependency result, String product) {
-        assertTrue("Expected product evidence to contain \"" + product + "\".",
+    		assertEquals(product,result.getName());
+    	    assertTrue("Expected product evidence to contain \"" + product + "\".",
                 result.getProductEvidence().toString().contains(product));
+        assertEquals(CMakeAnalyzer.DEPENDENCY_ECOSYSTEM,result.getDependencyEcosystem());
     }
 
     /**
@@ -150,11 +171,13 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
         final Dependency last = dependencies.get(3);
         assertProductEvidence(last, "libavresample");
         assertVersionEvidence(last, "1.0.1");
+        
     }
 
     private void assertVersionEvidence(Dependency result, String version) {
         assertTrue("Expected version evidence to contain \"" + version + "\".",
                 result.getVersionEvidence().toString().contains(version));
+        assertEquals(version,result.getVersion());
     }
 
     @Test(expected = InitializationException.class)