Merge branch 'upmaster' into node-js-analyzer

Conflicts:
	dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
	dependency-check-cli/src/site/markdown/arguments.md
	dependency-check-core/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzerTest.java

@@ -39,10 +39,10 @@ public class OpenSSLAnalyzerTest extends BaseTest {
     /**
      * The package analyzer to test.
      */
-    OpenSSLAnalyzer analyzer;
+    private OpenSSLAnalyzer analyzer;
 
     /**
-     * Setup the PtyhonPackageAnalyzer.
+     * Setup the {@link OpenSSLAnalyzer}.
      *
      * @throws Exception if there is a problem
      */

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java

@@ -40,7 +40,7 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
     /**
      * The analyzer to test.
      */
-    PythonDistributionAnalyzer analyzer;
+    private PythonDistributionAnalyzer analyzer;
 
     /**
      * Correctly setup the analyzer for testing.

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzerTest.java

@@ -40,10 +40,10 @@ public class PythonPackageAnalyzerTest extends BaseTest {
     /**
      * The package analyzer to test.
      */
-    PythonPackageAnalyzer analyzer;
+    private PythonPackageAnalyzer analyzer;
 
     /**
-     * Setup the PtyhonPackageAnalyzer.
+     * Setup the {@link PythonPackageAnalyzer}.
      *
      * @throws Exception if there is a problem
      */
@@ -85,14 +85,9 @@ public class PythonPackageAnalyzerTest extends BaseTest {
 
     @Test
     public void testAnalyzeSourceMetadata() throws AnalysisException {
-        eggtestAssertions(this,
-                "python/eggtest/__init__.py");
-    }
-
-    public void eggtestAssertions(Object context, final String resource) throws AnalysisException {
         boolean found = false;
         final Dependency result = new Dependency(BaseTest.getResourceAsFile(
-                context, resource));
+                this, "python/eggtest/__init__.py"));
         analyzer.analyze(result, null);
         assertTrue("Expected vendor evidence to contain \"example\".", result
                 .getVendorEvidence().toString().contains("example"));
@@ -104,4 +99,5 @@ public class PythonPackageAnalyzerTest extends BaseTest {
         }
         assertTrue("Version 0.0.1 not found in EggTest dependency.", found);
     }
+
 }

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzerTest.java

@@ -0,0 +1,103 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2015 Institute for Defense Analyses. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.analyzer;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.owasp.dependencycheck.BaseTest;
+import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
+import org.owasp.dependencycheck.dependency.Dependency;
+
+import java.io.File;
+
+import static org.hamcrest.CoreMatchers.containsString;
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.*;
+
+/**
+ * Unit tests for {@link RubyGemspecAnalyzer}.
+ *
+ * @author Dale Visser <dvisser@ida.org>
+ */
+public class RubyGemspecAnalyzerTest extends BaseTest {
+
+    /**
+     * The analyzer to test.
+     */
+    RubyGemspecAnalyzer analyzer;
+
+    /**
+     * Correctly setup the analyzer for testing.
+     *
+     * @throws Exception thrown if there is a problem
+     */
+    @Before
+    public void setUp() throws Exception {
+        analyzer = new RubyGemspecAnalyzer();
+        analyzer.setFilesMatched(true);
+        analyzer.initialize();
+    }
+
+    /**
+     * Cleanup the analyzer's temp files, etc.
+     *
+     * @throws Exception thrown if there is a problem
+     */
+    @After
+    public void tearDown() throws Exception {
+        analyzer.close();
+        analyzer = null;
+    }
+
+    /**
+     * Test of getName method, of class PythonDistributionAnalyzer.
+     */
+    @Test
+    public void testGetName() {
+        assertThat(analyzer.getName(), is("Ruby Gemspec Analyzer"));
+    }
+
+    /**
+     * Test of supportsExtension method, of class PythonDistributionAnalyzer.
+     */
+    @Test
+    public void testSupportsFiles() {
+        assertThat(analyzer.accept(new File("test.gemspec")), is(true));
+        assertThat(analyzer.accept(new File("Rakefile")), is(true));
+    }
+
+    /**
+     * Test of inspect method, of class PythonDistributionAnalyzer.
+     *
+     * @throws AnalysisException is thrown when an exception occurs.
+     */
+    @Test
+    public void testAnalyzePackageJson() throws AnalysisException {
+        final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
+                "ruby/gems/specifications/rest-client-1.7.2.gemspec"));
+        analyzer.analyze(result, null);
+        final String vendorString = result.getVendorEvidence().toString();
+        assertThat(vendorString, containsString("REST Client Team"));
+        assertThat(vendorString, containsString("rest-client_project"));
+        assertThat(vendorString, containsString("rest.client@librelist.com"));
+        assertThat(vendorString, containsString("https://github.com/rest-client/rest-client"));
+        assertThat(result.getProductEvidence().toString(), containsString("rest-client"));
+        assertThat(result.getVersionEvidence().toString(), containsString("1.7.2"));
+    }
+}

dependency-check-core/src/test/resources/ruby/gems/specifications/mime-types-2.6.1.gemspec

@@ -0,0 +1,72 @@
+# -*- encoding: utf-8 -*-
+# stub: mime-types 2.6.1 ruby lib
+
+Gem::Specification.new do |s|
+  s.name = "mime-types"
+  s.version = "2.6.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib"]
+  s.authors = ["Austin Ziegler"]
+  s.date = "2015-05-25"
+  s.description = "The mime-types library provides a library and registry for information about\nMIME content type definitions. It can be used to determine defined filename\nextensions for MIME types, or to use filename extensions to look up the likely\nMIME type definitions.\n\nMIME content types are used in MIME-compliant communications, as in e-mail or\nHTTP traffic, to indicate the type of content which is transmitted. The\nmime-types library provides the ability for detailed information about MIME\nentities (provided as an enumerable collection of MIME::Type objects) to be\ndetermined and used. There are many types defined by RFCs and vendors, so the\nlist is long but by definition incomplete; don't hesitate to add additional\ntype definitions. MIME type definitions found in mime-types are from RFCs, W3C\nrecommendations, the {IANA Media Types\nregistry}[https://www.iana.org/assignments/media-types/media-types.xhtml], and\nuser contributions. It conforms to RFCs 2045 and 2231.\n\nThis is release 2.6 with two new experimental features. The first new feature\nis a new default registry storage format that greatly reduces the initial\nmemory use of the mime-types library. This feature is enabled by requiring\n+mime/types/columnar+ instead of +mime/types+ with a small performance cost and\nno change in *total* memory use if certain methods are called (see {Columnar\nStore}[#columnar-store] for more details). The second new feature is a logger\ninterface that conforms to the expectations of an ActiveSupport::Logger so that\nwarnings can be written to an application's log rather than the default\nlocation for +warn+. This interface may be used for other logging purposes in\nthe future.\n\nmime-types 2.6 is the last planned version of mime-types 2.x, so deprecation\nwarnings are no longer cached but provided every time the method is called.\nmime-types 2.6 supports Ruby 1.9.2 or later."
+  s.email = ["halostatue@gmail.com"]
+  s.extra_rdoc_files = ["Contributing.rdoc", "History-Types.rdoc", "History.rdoc", "Licence.rdoc", "Manifest.txt", "README.rdoc", "docs/COPYING.txt", "docs/artistic.txt"]
+  s.files = ["Contributing.rdoc", "History-Types.rdoc", "History.rdoc", "Licence.rdoc", "Manifest.txt", "README.rdoc", "docs/COPYING.txt", "docs/artistic.txt"]
+  s.homepage = "https://github.com/mime-types/ruby-mime-types/"
+  s.licenses = ["MIT", "Artistic 2.0", "GPL-2"]
+  s.rdoc_options = ["--main", "README.rdoc"]
+  s.required_ruby_version = Gem::Requirement.new(">= 1.9.2")
+  s.rubygems_version = "2.2.2"
+  s.summary = "The mime-types library provides a library and registry for information about MIME content type definitions"
+
+  s.installed_by_version = "2.2.2" if s.respond_to? :installed_by_version
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 4
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<minitest>, ["~> 5.6"])
+      s.add_development_dependency(%q<rdoc>, ["~> 4.0"])
+      s.add_development_dependency(%q<hoe-doofus>, ["~> 1.0"])
+      s.add_development_dependency(%q<hoe-gemspec2>, ["~> 1.1"])
+      s.add_development_dependency(%q<hoe-git>, ["~> 1.6"])
+      s.add_development_dependency(%q<hoe-rubygems>, ["~> 1.0"])
+      s.add_development_dependency(%q<hoe-travis>, ["~> 1.2"])
+      s.add_development_dependency(%q<minitest-autotest>, ["~> 1.0"])
+      s.add_development_dependency(%q<minitest-focus>, ["~> 1.0"])
+      s.add_development_dependency(%q<rake>, ["~> 10.0"])
+      s.add_development_dependency(%q<simplecov>, ["~> 0.7"])
+      s.add_development_dependency(%q<coveralls>, ["~> 0.8"])
+      s.add_development_dependency(%q<hoe>, ["~> 3.13"])
+    else
+      s.add_dependency(%q<minitest>, ["~> 5.6"])
+      s.add_dependency(%q<rdoc>, ["~> 4.0"])
+      s.add_dependency(%q<hoe-doofus>, ["~> 1.0"])
+      s.add_dependency(%q<hoe-gemspec2>, ["~> 1.1"])
+      s.add_dependency(%q<hoe-git>, ["~> 1.6"])
+      s.add_dependency(%q<hoe-rubygems>, ["~> 1.0"])
+      s.add_dependency(%q<hoe-travis>, ["~> 1.2"])
+      s.add_dependency(%q<minitest-autotest>, ["~> 1.0"])
+      s.add_dependency(%q<minitest-focus>, ["~> 1.0"])
+      s.add_dependency(%q<rake>, ["~> 10.0"])
+      s.add_dependency(%q<simplecov>, ["~> 0.7"])
+      s.add_dependency(%q<coveralls>, ["~> 0.8"])
+      s.add_dependency(%q<hoe>, ["~> 3.13"])
+    end
+  else
+    s.add_dependency(%q<minitest>, ["~> 5.6"])
+    s.add_dependency(%q<rdoc>, ["~> 4.0"])
+    s.add_dependency(%q<hoe-doofus>, ["~> 1.0"])
+    s.add_dependency(%q<hoe-gemspec2>, ["~> 1.1"])
+    s.add_dependency(%q<hoe-git>, ["~> 1.6"])
+    s.add_dependency(%q<hoe-rubygems>, ["~> 1.0"])
+    s.add_dependency(%q<hoe-travis>, ["~> 1.2"])
+    s.add_dependency(%q<minitest-autotest>, ["~> 1.0"])
+    s.add_dependency(%q<minitest-focus>, ["~> 1.0"])
+    s.add_dependency(%q<rake>, ["~> 10.0"])
+    s.add_dependency(%q<simplecov>, ["~> 0.7"])
+    s.add_dependency(%q<coveralls>, ["~> 0.8"])
+    s.add_dependency(%q<hoe>, ["~> 3.13"])
+  end
+end

dependency-check-core/src/test/resources/ruby/gems/specifications/netrc-0.10.3.gemspec

@@ -0,0 +1,32 @@
+# -*- encoding: utf-8 -*-
+# stub: netrc 0.10.3 ruby lib
+
+Gem::Specification.new do |s|
+  s.name = "netrc"
+  s.version = "0.10.3"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib"]
+  s.authors = ["Keith Rarick", "geemus (Wesley Beary)"]
+  s.date = "2015-02-24"
+  s.description = "This library can read and update netrc files, preserving formatting including comments and whitespace."
+  s.email = "geemus@gmail.com"
+  s.homepage = "https://github.com/geemus/netrc"
+  s.licenses = ["MIT"]
+  s.rubygems_version = "2.2.2"
+  s.summary = "Library to read and write netrc files."
+
+  s.installed_by_version = "2.2.2" if s.respond_to? :installed_by_version
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 4
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<turn>, [">= 0"])
+    else
+      s.add_dependency(%q<turn>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<turn>, [">= 0"])
+  end
+end

dependency-check-core/src/test/resources/ruby/gems/specifications/rest-client-1.7.2.gemspec

@@ -0,0 +1,54 @@
+# -*- encoding: utf-8 -*-
+# stub: rest-client 1.7.2 ruby lib
+
+Gem::Specification.new do |s|
+  s.name = "rest-client"
+  s.version = "1.7.2"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib"]
+  s.authors = ["REST Client Team"]
+  s.date = "2014-07-14"
+  s.description = "A simple HTTP and REST client for Ruby, inspired by the Sinatra microframework style of specifying actions: get, put, post, delete."
+  s.email = "rest.client@librelist.com"
+  s.executables = ["restclient"]
+  s.extra_rdoc_files = ["README.rdoc", "history.md"]
+  s.files = ["README.rdoc", "bin/restclient", "history.md"]
+  s.homepage = "https://github.com/rest-client/rest-client"
+  s.licenses = ["MIT"]
+  s.required_ruby_version = Gem::Requirement.new(">= 1.9.2")
+  s.rubygems_version = "2.2.2"
+  s.summary = "Simple HTTP and REST client for Ruby, inspired by microframework syntax for specifying actions."
+
+  s.installed_by_version = "2.2.2" if s.respond_to? :installed_by_version
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<webmock>, ["~> 1.4"])
+      s.add_development_dependency(%q<rspec>, ["~> 2.4"])
+      s.add_development_dependency(%q<pry>, [">= 0"])
+      s.add_development_dependency(%q<pry-doc>, [">= 0"])
+      s.add_development_dependency(%q<rdoc>, ["< 5.0", ">= 2.4.2"])
+      s.add_runtime_dependency(%q<mime-types>, ["< 3.0", ">= 1.16"])
+      s.add_runtime_dependency(%q<netrc>, ["~> 0.7"])
+    else
+      s.add_dependency(%q<webmock>, ["~> 1.4"])
+      s.add_dependency(%q<rspec>, ["~> 2.4"])
+      s.add_dependency(%q<pry>, [">= 0"])
+      s.add_dependency(%q<pry-doc>, [">= 0"])
+      s.add_dependency(%q<rdoc>, ["< 5.0", ">= 2.4.2"])
+      s.add_dependency(%q<mime-types>, ["< 3.0", ">= 1.16"])
+      s.add_dependency(%q<netrc>, ["~> 0.7"])
+    end
+  else
+    s.add_dependency(%q<webmock>, ["~> 1.4"])
+    s.add_dependency(%q<rspec>, ["~> 2.4"])
+    s.add_dependency(%q<pry>, [">= 0"])
+    s.add_dependency(%q<pry-doc>, [">= 0"])
+    s.add_dependency(%q<rdoc>, ["< 5.0", ">= 2.4.2"])
+    s.add_dependency(%q<mime-types>, ["< 3.0", ">= 1.16"])
+    s.add_dependency(%q<netrc>, ["~> 0.7"])
+  end
+end