Cleanup

- shutdown() ExecutorService after task execution
- javadoc
- improve unit test coverage

dependency-check-core/src/test/java/org/owasp/dependencycheck/AnalysisTaskTest.java

@@ -0,0 +1,100 @@
+package org.owasp.dependencycheck;
+
+import mockit.Expectations;
+import mockit.Mocked;
+import mockit.Verifications;
+import org.junit.Test;
+import org.owasp.dependencycheck.analyzer.FileTypeAnalyzer;
+import org.owasp.dependencycheck.analyzer.HintAnalyzer;
+import org.owasp.dependencycheck.dependency.Dependency;
+
+import java.io.File;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+public class AnalysisTaskTest {
+
+    @Mocked
+    FileTypeAnalyzer fileTypeAnalyzer;
+
+    @Mocked
+    Dependency dependency;
+
+    @Mocked
+    Engine engine;
+
+
+    @Test
+    public void shouldAnalyzeReturnsTrueForNonFileTypeAnalyzers() {
+        AnalysisTask instance = new AnalysisTask(new HintAnalyzer(), null, null, null);
+        boolean shouldAnalyze = instance.shouldAnalyze();
+        assertTrue(shouldAnalyze);
+    }
+
+    @Test
+    public void shouldAnalyzeReturnsTrueIfTheFileTypeAnalyzersAcceptsTheDependency() {
+        final File dependencyFile = new File("");
+        new Expectations() {{
+            dependency.getActualFile();
+            result = dependencyFile;
+
+            fileTypeAnalyzer.accept(dependencyFile);
+            result = true;
+        }};
+
+        AnalysisTask analysisTask = new AnalysisTask(fileTypeAnalyzer, dependency, null, null);
+
+        boolean shouldAnalyze = analysisTask.shouldAnalyze();
+        assertTrue(shouldAnalyze);
+    }
+
+    @Test
+    public void shouldAnalyzeReturnsFalseIfTheFileTypeAnalyzerDoesNotAcceptTheDependency() {
+        final File dependencyFile = new File("");
+        new Expectations() {{
+            dependency.getActualFile();
+            result = dependencyFile;
+
+            fileTypeAnalyzer.accept(dependencyFile);
+            result = false;
+        }};
+
+        AnalysisTask analysisTask = new AnalysisTask(fileTypeAnalyzer, dependency, null, null);
+
+        boolean shouldAnalyze = analysisTask.shouldAnalyze();
+        assertFalse(shouldAnalyze);
+    }
+
+    @Test
+    public void taskAnalyzes() throws Exception {
+        final AnalysisTask analysisTask = new AnalysisTask(fileTypeAnalyzer, dependency, engine, null);
+        new Expectations(analysisTask) {{
+            analysisTask.shouldAnalyze();
+            result = true;
+        }};
+
+        analysisTask.call();
+
+        new Verifications() {{
+            fileTypeAnalyzer.analyze(dependency, engine);
+            times = 1;
+        }};
+    }
+
+    @Test
+    public void taskDoesNothingIfItShouldNotAnalyze() throws Exception {
+        final AnalysisTask analysisTask = new AnalysisTask(fileTypeAnalyzer, dependency, engine, null);
+        new Expectations(analysisTask) {{
+            analysisTask.shouldAnalyze();
+            result = false;
+        }};
+
+        analysisTask.call();
+
+        new Verifications() {{
+            fileTypeAnalyzer.analyze(dependency, engine);
+            times = 0;
+        }};
+    }
+}

dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineTest.java

@@ -17,19 +17,36 @@
  */
 package org.owasp.dependencycheck;
 
-import java.io.File;
+import mockit.Expectations;
+import mockit.Mocked;
 import org.junit.Test;
-import static org.junit.Assert.*;
+import org.owasp.dependencycheck.analyzer.Analyzer;
 import org.owasp.dependencycheck.analyzer.JarAnalyzer;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 import org.owasp.dependencycheck.dependency.Dependency;
+import org.owasp.dependencycheck.exception.ExceptionCollection;
+
+import java.io.File;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
 
 /**
- *
  * @author Jeremy Long
  */
 public class EngineTest extends BaseDBTestCase {
 
+    @Mocked
+    Analyzer analyzer;
+
+    @Mocked
+    AnalysisTask analysisTask;
+
+
     /**
      * Test of scanFile method, of class Engine.
      */
@@ -40,14 +57,40 @@ public class EngineTest extends BaseDBTestCase {
         File file = BaseTest.getResourceAsFile(this, "dwr.jar");
         Dependency dwr = instance.scanFile(file);
         file = BaseTest.getResourceAsFile(this, "org.mortbay.jmx.jar");
-        Dependency jmx = instance.scanFile(file);
+        instance.scanFile(file);
         assertEquals(2, instance.getDependencies().size());
-        
+
         file = BaseTest.getResourceAsFile(this, "dwr.jar");
         Dependency secondDwr = instance.scanFile(file);
-        
+
         assertEquals(2, instance.getDependencies().size());
         assertTrue(dwr == secondDwr);
-        
+    }
+
+    @Test(expected = ExceptionCollection.class)
+    public void exceptionDuringAnalysisTaskExecutionIsFatal() throws DatabaseException, ExceptionCollection {
+        final ExecutorService executorService = Executors.newFixedThreadPool(3);
+        final Engine instance = new Engine();
+        final List<Throwable> exceptions = new ArrayList<Throwable>();
+
+        new Expectations() {{
+            analysisTask.call();
+            result = new IllegalStateException("Analysis task execution threw an exception");
+        }};
+
+        final List<AnalysisTask> failingAnalysisTask = new ArrayList<AnalysisTask>();
+        failingAnalysisTask.add(analysisTask);
+
+        new Expectations(instance) {{
+            instance.getExecutorService(analyzer);
+            result = executorService;
+
+            instance.getAnalysisTasks(analyzer, exceptions);
+            result = failingAnalysisTask;
+        }};
+
+        instance.executeAnalysisTasks(analyzer, exceptions);
+
+        assertTrue(executorService.isShutdown());
     }
 }

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java

@@ -17,23 +17,31 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
+import mockit.Mock;
+import mockit.MockUp;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+import org.owasp.dependencycheck.BaseDBTestCase;
 import org.owasp.dependencycheck.BaseTest;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 import org.owasp.dependencycheck.dependency.Dependency;
+import org.owasp.dependencycheck.exception.InitializationException;
 
 import java.io.File;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 import java.util.List;
 import java.util.regex.Pattern;
 
 import static org.hamcrest.CoreMatchers.equalTo;
 import static org.hamcrest.CoreMatchers.is;
-import static org.junit.Assert.*;
-import org.owasp.dependencycheck.BaseDBTestCase;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertThat;
+import static org.junit.Assert.assertTrue;
 
 /**
  * Unit tests for CmakeAnalyzer.
@@ -150,4 +158,21 @@ public class CMakeAnalyzerTest extends BaseDBTestCase {
         assertTrue("Expected version evidence to contain \"" + version + "\".",
                 result.getVersionEvidence().toString().contains(version));
     }
+
+    @Test(expected = InitializationException.class)
+    public void analyzerIsDisabledInCaseOfMissingMessageDigest() throws InitializationException {
+        new MockUp<MessageDigest>() {
+            @Mock
+            MessageDigest getInstance(String ignore) throws NoSuchAlgorithmException {
+                throw new NoSuchAlgorithmException();
+            }
+        };
+
+        analyzer = new CMakeAnalyzer();
+        analyzer.setFilesMatched(true);
+        assertTrue(analyzer.isEnabled());
+        analyzer.initialize();
+
+        assertFalse(analyzer.isEnabled());
+    }
 }

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzerTest.java

@@ -17,19 +17,25 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
+import mockit.Mock;
+import mockit.MockUp;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+import org.owasp.dependencycheck.BaseDBTestCase;
 import org.owasp.dependencycheck.BaseTest;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.dependency.Dependency;
+import org.owasp.dependencycheck.exception.InitializationException;
 
 import java.io.File;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
-import org.owasp.dependencycheck.BaseDBTestCase;
 
 /**
  * Unit tests for NodePackageAnalyzer.
@@ -96,4 +102,22 @@ public class ComposerLockAnalyzerTest extends BaseDBTestCase {
                 "composer.lock"));
         analyzer.analyze(result, engine);
     }
+
+
+    @Test(expected = InitializationException.class)
+    public void analyzerIsDisabledInCaseOfMissingMessageDigest() throws InitializationException {
+        new MockUp<MessageDigest>() {
+            @Mock
+            MessageDigest getInstance(String ignore) throws NoSuchAlgorithmException {
+                throw new NoSuchAlgorithmException();
+            }
+        };
+
+        analyzer = new ComposerLockAnalyzer();
+        analyzer.setFilesMatched(true);
+        assertTrue(analyzer.isEnabled());
+        analyzer.initialize();
+
+        assertFalse(analyzer.isEnabled());
+    }
 }

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzerTest.java

@@ -17,17 +17,25 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
-import static org.junit.Assert.assertEquals;
+import mockit.Mocked;
+import mockit.Verifications;
 import org.junit.Test;
 import org.owasp.dependencycheck.BaseTest;
+import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.dependency.Dependency;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
 /**
- *
  * @author Jeremy Long
  */
 public class DependencyBundlingAnalyzerTest extends BaseTest {
 
+    @Mocked
+    Engine engineMock;
+
     /**
      * Test of getName method, of class DependencyBundlingAnalyzer.
      */
@@ -52,15 +60,27 @@ public class DependencyBundlingAnalyzerTest extends BaseTest {
 
     /**
      * Test of analyze method, of class DependencyBundlingAnalyzer.
+     * The actually passed dependency does not matter. The analyzer only runs once.
      */
     @Test
     public void testAnalyze() throws Exception {
-//        Dependency ignore = null;
-//        Engine engine = null;
-//        DependencyBundlingAnalyzer instance = new DependencyBundlingAnalyzer();
-//        instance.analyze(ignore, engine);
-//        // TODO review the generated test code and remove the default call to fail.
-//        fail("The test case is a prototype.");
+        DependencyBundlingAnalyzer instance = new DependencyBundlingAnalyzer();
+
+        // the actual dependency does not matter
+        assertFalse(instance.analyzed);
+        instance.analyze(null, engineMock);
+
+        // the second runs basically does nothing
+        assertTrue(instance.analyzed);
+        instance.analyze(null, engineMock);
+        instance.analyze(null, engineMock);
+        instance.analyze(null, engineMock);
+        assertTrue(instance.analyzed);
+
+        new Verifications() {{
+            engineMock.getDependencies();
+            times = 2;
+        }};
     }
 
     /**
@@ -119,7 +139,5 @@ public class DependencyBundlingAnalyzerTest extends BaseTest {
         expResult = true;
         result = instance.firstPathIsShortest(left, right);
         assertEquals(expResult, result);
-
     }
-
 }