From ccce1eea4b759fb114f2c59b0f51876be06ccaac Mon Sep 17 00:00:00 2001 From: Mark Rekveld Date: Tue, 11 Jul 2017 09:59:28 +0200 Subject: [PATCH] tests --- ...{EngineModeTest.java => EngineModeIT.java} | 35 ++++++++++++++++--- 1 file changed, 30 insertions(+), 5 deletions(-) rename dependency-check-core/src/test/java/org/owasp/dependencycheck/{EngineModeTest.java => EngineModeIT.java} (59%) diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineModeTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineModeIT.java similarity index 59% rename from dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineModeTest.java rename to dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineModeIT.java index 3f6bb86d3..d0fc74227 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineModeTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineModeIT.java @@ -6,20 +6,25 @@ import org.junit.Test; import org.junit.rules.TemporaryFolder; import org.junit.rules.TestName; import org.owasp.dependencycheck.analyzer.AnalysisPhase; +import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.utils.Settings; +import java.io.File; import java.nio.file.Files; import java.nio.file.Path; +import java.util.List; import static org.hamcrest.CoreMatchers.notNullValue; import static org.hamcrest.CoreMatchers.nullValue; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.core.Is.is; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; /** * @author Mark Rekveld */ -public class EngineModeTest extends BaseTest { +public class EngineModeIT extends BaseTest { @Rule public TemporaryFolder tempDir = new TemporaryFolder(); @@ -32,7 +37,8 @@ public class EngineModeTest extends BaseTest { } @Test - public void testEvidenceCollectionMode() throws Exception { + public void testEvidenceCollectionAndEvidenceProcessingModes() throws Exception { + List dependencies; try (Engine engine = new Engine(Engine.Mode.EVIDENCE_COLLECTION)) { assertDatabase(false); for (AnalysisPhase phase : Engine.Mode.EVIDENCE_COLLECTION.phases) { @@ -41,11 +47,17 @@ public class EngineModeTest extends BaseTest { for (AnalysisPhase phase : Engine.Mode.EVIDENCE_PROCESSING.phases) { assertThat(engine.getAnalyzers(phase), is(nullValue())); } + File file = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar"); + engine.scan(file); + engine.analyzeDependencies(); + dependencies = engine.getDependencies(); + assertThat(dependencies.size(), is(1)); + Dependency dependency = dependencies.get(0); + assertTrue(dependency.getVendorEvidence().toString().toLowerCase().contains("apache")); + assertTrue(dependency.getVendorEvidence().getWeighting().contains("apache")); + assertTrue(dependency.getVulnerabilities().isEmpty()); } - } - @Test - public void testEvidenceProcessingMode() throws Exception { try (Engine engine = new Engine(Engine.Mode.EVIDENCE_PROCESSING)) { assertDatabase(true); for (AnalysisPhase phase : Engine.Mode.EVIDENCE_PROCESSING.phases) { @@ -54,6 +66,10 @@ public class EngineModeTest extends BaseTest { for (AnalysisPhase phase : Engine.Mode.EVIDENCE_COLLECTION.phases) { assertThat(engine.getAnalyzers(phase), is(nullValue())); } + engine.setDependencies(dependencies); + engine.analyzeDependencies(); + Dependency dependency = dependencies.get(0); + assertFalse(dependency.getVulnerabilities().isEmpty()); } } @@ -64,6 +80,15 @@ public class EngineModeTest extends BaseTest { for (AnalysisPhase phase : Engine.Mode.STANDALONE.phases) { assertThat(engine.getAnalyzers(phase), is(notNullValue())); } + File file = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar"); + engine.scan(file); + engine.analyzeDependencies(); + List dependencies = engine.getDependencies(); + assertThat(dependencies.size(), is(1)); + Dependency dependency = dependencies.get(0); + assertTrue(dependency.getVendorEvidence().toString().toLowerCase().contains("apache")); + assertTrue(dependency.getVendorEvidence().getWeighting().contains("apache")); + assertFalse(dependency.getVulnerabilities().isEmpty()); } }